Manager, Cyber Resilience & Offensive Security

Purpose of the Job:This role is responsible for the Designing, planning and executing the bank’s Cyber Resilience Testing and offensive security program, commonly referred to as “red team exercises”. This role develops and manages processes that identify continuous red team and infrastructure penetration test objectives through the course of the year while also planning execution of threat simulation activities. This role facilitates the communication and presentation of technical cyber control effectiveness to key stakeholders

Main Activities:

• Design and execute the bank’s Cyber Resilience Testing program e.g. Red team exercises, cyber threat simulations.
• Provides input to the effectiveness testing of EQBank’s Enterprise Cyber Security Controls and cyber roadmap prioritization activities.
• Drive cross-functional collaboration to achieve objectives of the programs in purview.
• Responsible for maintaining the standards, procedures and guidelines for domains under purview.
• Develop and manage measures to ensure effective monitoring control adequacy and compliance for areas under purview
• Developing and Managing means of measured performance of control processes and technologies for areas under purview.
• Provide technical guidance for team and subject matter advise to stakeholders.

Knowledge/Skill Requirements:

• A college diploma or university degree in computer science (or related course) or Industry recognized certifications (e.g. CISSP)
• Minimum of 7 years of technical IT experience with at least 3-5 years specifically focused on offensive security roles.
• Strong knowledge of cyber controls testing frameworks such as MITRE Framework
• One or more of the following certifications are highly preferred: OSCP (Offensive Security Certified Professional), OSCE (Offensive Security Certified Expert), GPEN (GIAC Penetration Tester), GXPN (GIAC Exploit Researcher and Advanced Penetration Tester), CEH (Certified Ethical
• Hacker), CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager)
• Strong engineering and automation experience, prior hands-on Security automation experience is desired.

Non-Technical Skills
• Ability to build and maintain strong working relationships with cross-functional teams and stakeholders. Collaboration is key to integrating offensive security insights across the organization.
• Strong analytical and problem-solving skills with the ability to think critically and strategically; this role needs to analyze reports to identify patterns and assess weaknesses.
• People and team management abilities.
• Technical roadmap development and execution.
• Ownership & Accountability