Cyber Security Operations Manager

**Job Description**:

- ** Financial Services - Award Winning Super Fund**:

- ** Critical Leadership Role, Building and Maturing of the Security Operations Centre (SOC)**:

- **Permanent, Full-time Opportunity**:

- ** Hybrid Working from Sydney Location**

Awarded as an ESG and Responsible Investment Leader, Rest is one of Australia’s largest profit-to-member superannuation funds; supporting more than 280,000 employers and around 1.95 million members, we have nearly $71 billion of funds under management.

Our ambition is to create super our members love. This is our purpose; it is why Rest exists. To achieve this ambition our mission is clear: make super simple

At the heart of everything we do at Rest are our values and behaviours, they represent how we’ll be successful in this pursuit. We want to Be Daring, Keep it Simple, Take Action and Have Grit To put it simply we want our people to thrive and love the work they do.

**About the Role**

The Cyber Security Operations Manager is a leader in the Rest Information Security team, responsible for protecting the business and its information assets from cyber threats and attacks and ensuring Rest can meet its information security strategic objectives. The Cyber Security Operations Manager is accountable for building and maturing the security operations centre (SOC) and its staff, incident management, incident response, threat intelligence, threat hunting, vulnerability management, security logging, security monitoring and penetration testing.

**Key Accountabilities and Responsibilities**
- Design and implement with the GM Information Security, a SOC strategy, resourcing and operating model
- Participate in security programs and projects, ensuring prior to any technologies or services being transitioned into the SOC, that the SOC has a defined list of deliverables that must be met. This will cover items such as training, resourcing, skills gap and capacity assessments, and the provision of artefacts such as architecture diagrams, contracts and standard operating procedures
- Continuously update, review & test incident response plans, play books and processes
- Investigate, triage and monitor security alerts and incidents
- Lead and manage incidents - including detection and analysis; communications; containment, eradication and recovery activities; and post incident reviews
- Continuously update, review & test SOC standard operating procedures and related security policies, standards and processes
- Ensure cyber operation services are continuously improved from a people, process and technology perspective
- Lead and manage the relationships, contracts and services delivered by third-party security vendors
- Lead and manage the SIEM operating model including continuous improvement on data sources, use case development, policies and reporting
- Lead and manage the scheduling, execution and remediation penetration testing
- Lead and manage the vulnerability management program, coordinating the timely remediation and patching activities with internal technology teams and vendors
- Lead and manage the corporate Data Loss Prevention (DLP) solution by investigating alerts, tuning and reporting of events
- Develop and own a malware sandbox solution
- Build and maintain a cyber threat intelligence capability to identify and analyse threats, and translate intelligence reports and notifications into actionable mitigation outcomes
- Collate security reports as required for operational, executive and board reporting
- Participate in internal, external and third-party security and risk audits, assurance activities and reviews
- Train, develop and provide direction of cyber operational team members

**Qualifications**:

- Relevant tertiary and/or industry certifications in Risk and/or Security
- Minimum of 5 years’ experience in a Security Operations or CSIRT management role in a medium to large organisation
- Solid experience implementing security controls to meet internal, legal & regulatory requirements
- Proven experience implementing and managing security technologies such as firewalls, intrusion detection systems, SIEMs, anti-virus software, authentication systems, log management, DLP and content filtering
- Demonstrated knowledge of and experience with incident response, threat intelligence, threat hunting, malware analysis, vulnerability management & BCP/DR testing
- Knowledge of Cloud Security (AWS and Azure)
- Demonstrated ability in successfully managing third-party security providers
- Excellent oral and written communication skills with the proven ability to liaise and negotiate effectively with people internal and external to the organisation
- Able to work independently, with good planning, time management and organisational skills
- Demonstrated experience building a SOC function and developing high-performing staff

**Required experience, understanding or credentials including**:

- Bachelor of Information Security, Information Technology or equiva