Manager - Cyber Security Advisory

Job Purpose:

Management

• Manage the Cybersecurity (Advisory & Review) vertical within the Information Security function, ensuring risk‑based, business‑aligned guidance and independent reviews across architecture, solution design, and change lifecycles working collaboratively with the group or independently as needed.

  
  

• Establishment, maintenance, and alignment of the security advisory framework, policies, standards, reference architectures, and application security control assessment processes. Apply a data‑driven approach to evaluate adherence, effectiveness, and continuous improvement, either jointly with the group or independently where required.

  
  

Execution

• Delivery of timely, high‑quality advisory engagements and security reviews with clear outcomes, supported by traceable decisions and remediation tracked through closure.

  
  

• Represent Information Security across pre‑implementation advisory forums, security architecture and design reviews, application security control assessments, and security gatekeeping for change management. 

  
  

The Manager Cybersecurity (Advisory & Reviewer) supports the Head of Information Security in achieving the bank’s objectives for security advisory services, architecture governance, application security assurance, and secure change management. The role requires a T‑shaped expert with broad security domain exposure and deep capability in advisory, architecture, security controls, cloud security, and secure change governance. Performance is assessed based on improvements in risk posture and control maturity.

Key Result Areas:

1) Security Advisory Services

• Provide proactive, risk based advisory to security, product, engineering, IT, and business teams on security architecture and controls aligned with group and regulatory requirements
• Participate in change and architecture forums and issue advisory notes and sign offs with conditions, compensating controls, and defined residual risk.

• Review RFPs and SOWs and define security requirements for vendors, suppliers, partners, and critical services. 

  
  

  2) Security Architecture Review

  
  
• Review high level and detailed enterprise and solution architectures, data flows, and trust boundaries and recommend security controls aligned with bank standards and industry best practices.
• Document architecture risks, control gaps, and remediation recommendations.
• Review security controls and solutions against the bank’s policies, standards and industry best practices.
• Validate the effectiveness of security controls and solutions.
• Operate a structured exception and risk acceptance process with periodic revalidation and documented compensating controls.
• Establish and maintain the application security controls assessment framework either in collaboration with the group or independently as required.
• Conduct application security control assessments, identify gaps, and recommend improvements.

• Manage an annual assessment cycle and ensure timely completion by application owners.

  
  

  3) Security Controls Review

  
  
• Review security controls and solutions against the bank’s policies, standards and industry best practices.
• Validate the effectiveness of security controls and solutions.

• Operate a structured exception and risk acceptance process with periodic revalidation and documented compensating controls.

  
  

  4) Application Security Control Assessment

  
  
• Establish and maintain the application security controls assessment framework either in collaboration with the group or independently as required.
• Conduct application security control assessments, identify gaps, and recommend improvements.

• Manage an annual assessment cycle and ensure timely completion by application owners.

  
  

  5) Cloud Security Review

  
  
• Review cloud architecture and deployed environments for secure design, clear responsibility boundaries, and compliance with bank standards.
• Guide teams on cloud governance practices to prevent configuration weaknesses and excessive access.
• Assess the security of development and deployment processes for cloud workloads.
• Validate data location and protection and cross border transfer controls to meet regulatory expectations.

6) Security Gatekeeping

• Review and approve changes for alignment with security policies and controls.
• Oversee security’s role in change governance and participate in formal change review forums.
• Monitor and report on high-risk security changes and the effectiveness of related controls.

7) Continuous Security Learning and Improvement

• Share lessons learned from architecture reviews, incidents, assessments, audits, and testing with relevant teams for improving practices, standards, and guidance.
• Monitor emerging risks and technologies and share relevant security advisory.

Knowledge, Skills & Experience:

Essential Knowledge

• Graduate or Post Graduate degree in Computer Science, Engineering, or IT or equivalent experience.
• Professional certifications such as CISSP, TOGAF/SABSA or ITIL 
• At least six years of information security experience in financial institutions or digital banks with at least four years in security advisory, architecture review, and application security control assessment with understanding of cloud security and modern architecture.
• Strong understanding of key security controls and technologies, including Zero Trust, IAM, PAM, FIM, DLP, firewalls, IDS/IPS, API management/gateways, cryptography, security logging and monitoring, application security controls, and ITSM/change management processes

Skills and Application

• Proven ability to coordinate cross functional stakeholders and deliver advisory outcomes on time with measurable risk reduction.
• Excellent written and verbal communication that produces clear advisory notes, assessments, decision records, risk statements, and executive summaries.
• Strong analytical skills supporting architecture reviews, application security control assessments and the evaluation of security controls.