Cyber Security Manager

The Manager Cybersecurity (Advisory & Reviewer) is responsible for leading the Cybersecurity Advisory & Review vertical within the Information Security function, supporting the Head of Information Security in delivering risk-based advisory services, architecture governance, application security assurance, and secure change management. The role ensures business-aligned security guidance and independent reviews across architecture, solution design, and change lifecycles, working collaboratively across teams or independently as required.

This position requires a T-shaped cybersecurity expert with broad domain exposure and deep expertise in security advisory, architecture, application security controls, cloud security, and secure change governance. Success is measured through improvements in risk posture, control effectiveness, and overall security maturity. The role operates across business and technology functions, cloud environments, and third-party ecosystems, aligning with internal policies, industry standards, and regulatory requirements while fostering strong stakeholder relationships.

Responsibilities

• Manage the Cybersecurity (Advisory & Review) vertical, ensuring risk-based, business-aligned guidance and independent security reviews across architecture, solution design, and change lifecycles.
• Establish, maintain, and enhance security advisory frameworks, policies, standards, reference architectures, and application security control assessment processes using a data-driven approach for continuous improvement.
• Deliver timely, high-quality advisory engagements and security reviews with clear outcomes, documented decisions, and tracked remediation to closure.
• Provide proactive advisory to security, IT, engineering, product, and business teams on security architecture and controls aligned with organizational and regulatory requirements.
• Participate in architecture and change forums, issuing advisory notes, approvals, and conditional sign-offs with defined residual risks and compensating controls.
• Review RFPs, SOWs, and vendor engagements to define and enforce security requirements, including advising on risk-aligned and enforceable security SLAs.
• Review enterprise and solution architectures, including data flows and trust boundaries, and recommend appropriate security controls aligned with best practices.
• Identify, document, and track architecture risks, control gaps, and remediation actions.
• Assess and validate the effectiveness of security controls and solutions against internal policies, standards, and industry benchmarks.
• Manage structured exception handling and risk acceptance processes, ensuring periodic revalidation and proper documentation of compensating controls.
• Establish and maintain application security control assessment frameworks, conduct assessments, and ensure timely completion of annual assessment cycles.
• Review cloud architectures and environments to ensure secure design, proper governance, and compliance with standards, including validation of data protection and cross-border regulatory requirements.
• Guide teams on secure cloud configurations, access management, and DevSecOps practices.
• Act as a security gatekeeper by reviewing and approving changes for compliance with security policies and participating in formal change management forums.
• Monitor and report on high-risk changes and control effectiveness within the change governance process.
• Share insights and lessons learned from assessments, incidents, and audits to enhance security practices and standards.
• Monitor emerging threats, technologies, and regulatory changes, providing relevant advisory guidance.
• Perform root cause analysis and recommend risk-proportionate solutions for complex security challenges.
• Develop dashboards, metrics, and reporting mechanisms to measure advisory effectiveness, control maturity, and governance outcomes.
• Maintain and enhance security reference architectures and control libraries in line with evolving technologies and threats.
• Build and maintain strong relationships with internal stakeholders, including architecture, engineering, cloud, risk, compliance, legal, and operations teams, as well as external partners and vendors.

Requirements

• Bachelor’s or Master’s degree in Computer Science, Engineering, IT, or a related field, or equivalent practical experience.
• Professional certifications such as CISSP, TOGAF, SABSA, or ITIL are preferred.
• Minimum 8+ years of experience in information security, preferably within financial institutions or digital banking environments.
• At least 4+ years of experience in security advisory, architecture review, and application security control assessment.
• Strong knowledge of cloud security and modern architecture principles.
• In-depth understanding of security frameworks, controls, and technologies including Zero Trust, IAM, PAM, FIM, DLP, firewalls, IDS/IPS, API gateways, cryptography, security monitoring, application security controls, and ITSM/change management processes.
• Proven ability to manage cross-functional stakeholders and deliver advisory outcomes with measurable risk reduction.
• Strong analytical and problem-solving skills, particularly in architecture reviews and control assessments.
• Excellent written and verbal communication skills, with the ability to produce clear advisory notes, risk assessments, decision records, and executive summaries.
• Ability to make risk-based decisions, enforce governance processes, and manage competing priorities effectively.