OM Bank - OM Bank - Cyber Threat and Incident Operations Coordinator

Let's Write Africa's Story Together!

Old Mutual is a firm believer in the African opportunity and our diverse talent reflects this.

Job Description

At OM Bank, we strive to attract great people who are passionate about coming together for a higher purpose- building something unique and aspirational, always aiming to be the best they can be. We are rooted in our purpose of inspiring and enabling our customers to grow and sustain their prosperity.

The Cyber Threat, Incident & Operations Coordinator is responsible for coordinating and managing the operational response to cybersecurity alerts and incidents across the organisation.

Reporting to the Cyber Defence Lead, this role ensures that incidents are effectively triaged, escalated, and remediated by collaborating across the Cyber Security chapters and broader business units.

The role supports and enables effective incident and operational management processes, ensuring consistent execution, communication, and reporting to maintain the bank’s cyber resilience and regulatory compliance posture.

KEY RESULT AREAS

This position is pivotal in ensuring the operational continuity of the Cyber Defence function, focusing on the orchestration of operations, threat detection, incident response, and post-incident review processes.

The coordinator works closely with cloud, endpoint, and DevSecOps teams to drive timeous remediation, reduce operational friction, and maintain situational awareness across all environments whilst providing support and guidance to the Endpoint and Identity and Access management spheres.

The role blends technical coordination, procedural rigour, and stakeholder communication, ensuring that cyber incidents are handled efficiently, lessons are captured, and controls are strengthened.

Incident Coordination:

Manage the lifecycle of cybersecurity incidents - from detection to closure - ensuring SLA compliance and documentation accuracy.

Alert Management:

Monitor and coordinate the triage of alerts from SIEM and Log sources, and related tools to ensure rapid investigation and escalation.

Operational Bridge:

Facilitate collaboration between Cloud Security, DevSecOps, GRC, and IT Operations to enable fast and effective threat remediation.

Communication & Escalation:

Maintain structured communication channels during incidents; ensure timely escalation to the Cyber Defence Lead and CISO where appropriate. As well as the management of communication with the business units across the organisation.

Incident Reporting:

Maintain incident records, coordinate post-incident reviews, and generate trend and performance reports for leadership and audit.

Threat Intelligence Coordination:

Assist in operationalising internal and external threat intelligence, ensuring relevant indicators are fed into monitoring and response tooling.

Automation & Playbooks:

Support the implementation and continuous improvement of Sentinel SOAR playbooks and incident workflow automation.

Operational Readiness:

Track open actions from incidents and testing exercises, ensuring timely closure and validation with relevant teams.

Process Improvement:

Identify procedural gaps and recommend improvements to strengthen the organisation’s detection, response, and recovery posture.

Metrics & Reporting:

Produce weekly and monthly operational summaries for the Cyber Defence Lead, highlighting incident volumes, response performance, and trends.

ROLE REQUIREMENTS

Diploma or Bachelor’s degree in Information Security, Computer Science, or related discipline (or equivalent experience)

Certifications (Preferred):

Microsoft Certified: Security Operations Analyst Associate

CompTIA Security+ or CySA+

ITIL Foundation (for incident management processes)

AWS Cloud Practitioner or equivalent (advantageous)

GIAC Certified Incident Handler (GCIH) or similar (advantageous)

Experience:

5 + years experience in a security operations, incident response, or threat coordination role.

Familiarity with SIEM and EDR tools.

Working understanding of incident response frameworks (NIST 800-61, ISO 27035).

Proven coordination and communication skills across technical and business teams.

Experience within cloud-first or hybrid environments (AWS, Microsoft 365).

Strong analytical, documentation, and problem-solving capabilities.

Why Join Us

Join a collaborative Cyber Defence team within a cloud-native digital bank, where your operational precision ensures that incidents are handled swiftly and effectively.

You’ll coordinate activity across the full cybersecurity ecosystem - from detection to remediation - while working with advanced Microsoft and AWS security tooling and automation frameworks.

As a key enabler of the bank’s threat response capability, you’ll gain visibility across all security functions and contribute directly to improving resilience, regulatory readiness, and customer trust.

Skills

Action Planning, Adaptive Thinking, Business Requirements Analysis, Cultural Awareness, Database Administration, Data Compilation, Data Controls, Data Management, Evaluating Information, Executing Plans, Expertise Management System, Graphical User Interface (GUI) Development, IT Architecture, Readiness Assessments, User Requirements Documentation

Competencies

Business Insight

Cultivates Innovation

Ensures Accountability

Manages Complexity

Nimble Learning

Optimizes Work Processes

Strategic Mindset

Tech Savvy

Education

Diploma (Dip)

Closing Date

03 November 2025, 23:59

The appointment will be made from the designated group in line with the Employment Equity Plan of Old Mutual South Africa and the specific business unit in question.

The Old Mutual Story!

JR-72803