Lead SecOps Engineer (SP8) - Chief Technology Office

Listing reference: capgh_000402
Listing status: Online
Apply by: 16 July 2026
Position summary
Industry: Banking
Job category: Other: Banking, Finance, Insurance, Stockbroking
Location: Windhoek
Contract: Permanent
Remuneration: To be discussed
EE position: No
Introduction
The role serves as the technical lead for the Group’s security operations function, driving the implementation, optimisation, and continuous improvement of security monitoring, threat detection, vulnerability management, and incident response capabilities. The role is accountable for the operational delivery of the SecOps roadmap, secure configuration of enterprise systems, and the quality of detection, response, and reporting outcomes — including those delivered jointly with the Group’s Managed Security Service Provider (MSSP). The role provides technical mentorship to SecOps Engineers, drives automation and AI-enabled improvements across the cybersecurity stack, and acts as a senior technical escalation point for security incidents. The incumbent advises Cybersecurity, ERM, and IT Infrastructure leadership on emerging threats, control gaps, and risk-reduction opportunities relevant to a regulated financial services environment. People Management responsibilities for the SecOps team sit with the Product Owner: Cybersecurity.
Job description

KEY PERFORMANCE AREAS (KPAs):
 
1.    Security Posture of the Group
  • Execute the enterprise cybersecurity initiatives and operational controls assigned to SecOps, ensuring alignment with the Group’s risk appetite and cybersecurity roadmap.
  • Drive operational delivery of vulnerability management, including triage, prioritisation, and closure of vulnerabilities across the estate.
  • Lead and coordinate incident detection, containment, eradication, and recovery activities, including escalations to and from the MSSP.
  • Maintain stakeholder alignment with ERM, Group Cyber, and the MSSP through accurate, timely dashboards and SLA reporting.
  • Champion secure configuration and hardening (CIS Benchmarks, secure-score equivalents) across adopted technologies, and drive measurable year-on-year improvements in posture metrics.
  • Investigate security incidents and control failures, design remediations, and report findings to relevant governance forums.
2.    Security Engineering                                                                                    
  • Review, analyse, and improve the design of security controls to deliver a robust, scalable, and operable security platform.
  • Design, build, and maintain detection content, automation playbooks, and security tooling integrations across the SIEM, SOAR, EDR/XDR, identity, and cloud security stack.
  • Contribute to the architecture and integration of security controls into application and infrastructure pipelines (DevSecOps). 
  • Continuously evaluate emerging technologies, threat trends, and industry best practice, and recommend changes accordingly.
  • Assist in drafting and maintaining relevant security policies, standards, and operating procedures.
3.    Technical Leadership & Team Development
  • Provide technical leadership and day-to-day mentoring of SecOps Engineers; people management responsibilities sit with the Product Owner: Cybersecurity.
  • Support the Product Owner in the development of engineers through structured technical coaching, knowledge-sharing, and contribution to Personal Development Plans.
  • Foster cross-team collaboration with IT Infrastructure, ERM, and the wider Cybersecurity function to improve joint delivery and reduce cross-functional delays.
  • Encourage continuous learning and certification within the team, particularly across the Group’s strategic security ecosystem.
4.    Risk, Compliance & Conduct
  • Strengthen compliance posture through proactive control validation, audit readiness, and timely closure of audit and assurance findings.
  • Identify, log, and mitigate operational and technology risks within SecOps’ remit; ensure structured quarterly reviews of departmental risks.
  • Maintain a culture of accountability and risk-aware decision-making, ensuring decisions and escalations are documented and defensible.
  • Uphold ethical conduct and adherence to the Group’s values and behavioural standards, including completion of mandatory ethics, privacy, and security awareness training.reports and make propositions for further system security enhancements.
5.    Operational Excellence, Automation & Innovation                                                                       
  • Enhance operational efficiency through automation and process optimisation, including SOAR playbooks, scripted workflows, and workflow automation.
  • Deliver accurate, data-driven operational reporting for management, audit, and regulatory purposes.
  • Contribute to Group strategic projects with measurable delivery outcomes and stakeholder satisfaction.
  • Drive responsible AI adoption within the cybersecurity stack to improve detection, response, and operational efficiency, with appropriate consideration of risk, privacy, and regulatory implications.

Minimum requirements

QUALIFICATIONS
  • Bachelor’s degree in Information Technology / Computer Science / Software Engineering / Cyber Security.
  • Security operations / incident response Network Certifications
  • Cloud security
  • Information security management
  • Network or platform security certifications relevant to deployed technologies
KNOWLEDGE/ EXPERIENCE
  • Ten (10) years’ experience in security operations, security engineering, or related cybersecurity disciplines, with demonstrated progression into senior technical roles.
  • Hands-on experience with SIEM, SOAR, EDR/XDR, vulnerability management, and identity protection platforms.
  • Practical experience with public, private, and hybrid cloud security.
  • Experience operating within regulated environments and applying standards relevant to financial services (e.g. PCI DSS, ISO 27001, NIST CSF, CIS Benchmarks, local banking regulator requirements).
  • Demonstrated experience leading complex security investigations and coordinating multi-party incident response.
  • Working knowledge of scripting and automation languages (e.g. Python, PowerShell, KQL).
CORE COMPETENCIES & SKILLS
  • Technical leadership and mentoring.
  • Advanced troubleshooting and root-cause analysis.
  • Analytical mindset with meticulous attention to detail.
  • Strategic thinking balanced with operational pragmatism.
  • Resilience and composure under operational pressure.
  • Persuasion, influence, and stakeholder management across technical and business audiences.
  • Excellent verbal and written communication; ability to translate technical risk into business language.
  • Collaboration across IT, Risk, Compliance, and external partners.
  • “Security as enabler” mindset.
  • Reporting and data-driven decision-making.
  • Curiosity and continuous learning, including emerging tools and AI capabilities.
  • Achievement orientation, initiative, and appetite for challenges.

Our website uses cookies so that we can provide you with the best user experience. By continuing to use our website, you agree to our use of cookies.