Manager: Security and Monitoring at ATNS

Job description

• Cyber Security Management – Develop and implement risk-based cybersecurity strategy, governance and protocols able to protect the organisation’s data and information at all times.
• Manage cybersecurity threats and incidences through the understanding, detection and analysis of potential emerging and actual information security threats and vulnerabilities, and the implementation of control measures to minimize or avoid the impact thereof on systems availability and business operations.
• Lead and direct the selection, utilisation and adoption of cybersecurity products and associated licensing models for the organization.
• Guide the development of monitoring and tracking systems for potential and emerging cybersecurity threats and control measures and manage cyber incidents efficiently to minimize its impact on the availability of systems and disruption of business operations. Manage the operations and controls of the Information Security Management System (ISMS) in line with KING3 and ISO 27000.
• Manage the implementation of key information security projects. Obtain internal and external security intelligence for investigation of security incidents.
• Manage investigations, responses and actions of information security incidents. Write incident reports and submit to the Head for decision-making purposes. Identify, apply and ensure adherence to good information security practices. Source and implement security measures to required business standards and requirements.
• Ensure that identified Business Continuity risks are mitigated and addressed. Investigate calls related to the recovery of deleted files by analysing and interpreting data linked to crime, and uncovering links between events, groups and individuals through the pursuit of data trails. Maintain detailed records of investigations for audit purposes and to be used as evidence in court.
• Monitoring – Manage the continuous scanning and monitoring of all IT cyber security domains, i.e. networks, firewalls, anti-virus, mobile devices, patch management.
• Ensure regular updating of network anti-virus spyware, malware and greyware software. Ensure continuous management and monitoring of threats and vulnerabilities. Analyze and assess potential security risks, develop plans and put measures in place such as firewalls and encryption, and monitor and audit systems for abnormal activity to deal with security incidents.
• Make recommendations based on various monitoring outputs to improve the security status of the organization. Scan and monitor all IT cyber security domains on a continuous basis.
• Monitor the governance aspects related to ICT security within ATNS to ensure the security of data and information and that required standards are maintained.
• Monitor adherence to policies and processes related to ICT Security. Ensure that routine standard operating procedures are documented, kept up to date and followed. Prepare ICT security reports for the Integrated Security Forum. 
• Ensure continuous vulnerability management on CNS systems by performing regular cybersecurity obligations, threat context and exposure and risk to establish maturity. Support the use of secure private cloud-based SaaS, PaaS and IaaS solutions, leveraging enterprise agreements where possible to advance the ATNS cloud strategy. 
• Monitor and ensure that security is an intrinsic element in ATNS software development processes. Keep abreast of technology trends, local and global regulatory requirements, and best practices in solution delivery and application management.
• Security Investigation Management – Manage the investigation of security incidents/events to ensure that the IT security posture remains intact. Ensure that forensic investigations receive the support required. Operate and control the Information Security Management System (ISMS) in line with KING III and ISO 27000 governance requirements.
• Manage the implementation of key information security projects. Conduct information gathering on internal and external security intelligence for investigation into security incidents. Write incident reports and submit to the Head for decision-making purposes. Identify and implement suitable tool sets to manage the security environment. Ensure effective management of security events.
• Stakeholder Relations Management – Maintain constructive and productive stakeholder relations across the business, and with vendors and relevant external parties to support collaboration and alignment. Manage outputs by third-party suppliers to ensure optimum value.
• Governance, Compliance, Risk Management & Reporting – Develop, implement and manage organisation-wide ICT security processes, programmes and controls to ensure the availability, integrity and confidentiality of information resources. Ensure compliance with all IT policies, procedures and standards relating to IT Security Systems with applicable security governance and standards.
• Manage configuration and change control records with regards to IT Security Systems activities. Ensure and report on IT DRP exercises that are conducted with business on all IT Security Systems as well as make recommendations for continues improvement in order to ensure business continuity (all managers governance section).
• Assist with the development and review of current disaster recovery management plan (all managers governance section). Identify key risks, develop and implement effective mitigating plans and actions in order to avoid or minimise relevant risks, and report and raise these risks in the appropriate forums.
• Conduct high level security audits. Manager IT risk audits to provide an integrated view of IT-related risks. Develop and maintain a clear national governance and accountability framework for civil aviation cybersecurity. Ensure compliance with relevant regulation and legislative requirements including POPIA, GDPR, ECT, etc. 
• Ensure that effective data recovery plans are in place to ensure business continuity in case of a disaster or potential threats. Ensure adherence and compliance with the relevant regulatory framework. 
• Select, apply and ensure adherence to good information security practices. Identify the key IT security risks across the business and raise in applicable forums. Ensure that the Business Continuity risks related to cyber security are mitigated and addressed. 
• Ensure that security architecture meets the minimum performance and availability requirements and that it is in line with the overall ICT strategy and cyber security requirements of the organization. 
• Manage the dependencies between the various areas of the business and ensure that all security components are aligned. Ensure training of all users on the applicable compliance and governance requirements. Ensure timely compilation and submission of all required reports (internal and external) to ensure compliance with all governance requirements.
• Financial Management – Participate in the planning and development of the security management budget. Manage delegated expenditure in line with business objectives and priorities, and within approved financial parameters. Report on all costs incurred against the approved budget, including possible variances. Ensure compliance with Finance policies, processes and guidelines.
• People Management – Manage employees in accordance with HC policies and processes. Ensure that new employees have been properly on-boarded and trained prior to commencing work.
• Monitor the time and attendance of subordinates, take appropriate action in the case of absenteeism, and report to the Head and Human Capital. Participate in the conclusion of performance management contract(s) and monitor performance. Manage the performance of direct reports in line with the performance management process.
• Conduct talent reviews of staff as required by the HC Talent Management process. Mentor and coach staff as required to ensure continuous development and availability of the required at all times. Ensure the transfer of knowledge and skills to enable sustainability within Capacity Planning from a succession management perspective.
• Develop a robust cybersecurity culture through structured training and awareness programs to capacitate the ATSEPs from end to end i.e. Cybersecurity Education, Training and Skills.
• Ensure that staff is managed in accordance with HC policies, processes and practices. Ensure continuous development of staff. Ensure that staff remain suitably trained to achieve expected performance outcomes in a dynamic technology environment.
• Create and maintain a harmonious and effective work environment to support a motivated, high- performance culture. Educate and upskill development teams and managers on secure coding practices, OWASP standards, and other IT security-related subjects.

Minimum requirements

Minimum Qualifications:

• Bachelor’s degree in Information Technology, Information Systems or Engineering
• CISSP Certification is required.
• Knowledge of cloud technologies (Infrastructure or DevOps or Solution Architecture)

Minimum Years of Experience:

• Minimum 7-10 years’ experience in an IT environment of which 3 years in the management of enterprise security and at least 3 years in a security specialist and monitoring role.

Apply by: 5 November 2025