Job Description

Manager: Information Security IT - Manager
Cape Town - Western Cape ENVIRONMENT: PLAY a critical role as your expertise and specialist skills is sought to fill the role of a Manager heading up the Information Security division of a renowned and innovative Tertiary Institution. Your core role will be to mature the institution's InfoSec functional domain and capabilities in the areas of InfoSec Governance; InfoSec Risk; InfoSec Program Development & Management; and InfoSec Incident Management & Response. The ideal candidate must possess a Bachelor's Degree in Computer Science/Information Systems, or an equivalent NQF-7 accredited qualification, an accredited, internationally recognised Information Systems Security Certification, demonstrable IT Service Management experience, 3-5 years' relevant Information Security (InfoSec) Management experience in an enterprise environment, proficient in legal, regulatory and other compliance requirements related to InfoSec (e.g., POPIA) & experience in Security Incident Management, Security Investigations, Root Cause Analysis and a successful track record in developing and managing InfoSec projects / programs. This is a demanding but very stimulating role, which requires an experienced individual with the appropriate breadth and depth of business and technical skills and competencies. DUTIES: Information Security Governance

• Establish, communicate, and maintain information security policies, standards, procedures, and other documentation that support information security,
• Facilitate the development of an information security strategy aligned with the University's IT governance model and its strategic goals and objectives.
• Identify current and potential legal and regulatory requirements affecting information security.
• Establish reporting and communication channels that support information security.

Information Security Risk Management

• Establish a process for information asset classification and ownership.
• Implement a structured information risk assessment mitigation and reporting process.
• Ensure that threat and vulnerability evaluations are performed on an ongoing basis.
• Identify and periodically evaluate information security controls and countermeasures to mitigate risk to acceptable levels.
• Integrate risk, threat and vulnerability identification and management into operational management and program delivery processes.

Information Security Program Development

• Ensure the development of information security architectures (considering people, information, processes and technology).
• Develop and maintain plans to implement the information security strategy ensuring alignment with other assurance functions.
• Specify the activities to be performed within the information security program / projects.
• Develop a program for information security awareness, training, and education.
• Recommend and advise information security requirements into the organization's processes and life cycle activities (e.g., change control, software development, employment, procurement etc.).
• Advise on the integration of information security controls into contracts.
• Establish metrics to evaluate the effectiveness of the information security program.

Information Security Program Management.

• Oversee the execution of information security programs.
• Oversee the performance of contractually agreed information security controls (e.g., with joint ventures outsourced providers, business partners, third parties).
• Provide information security advice and guidance (e.g., risk analysis, control selection) across the institution.
• Provide information security awareness, training, and education to stakeholders (e.g., business process owners).
• Monitor, measure and report on the effectiveness and efficiency of information security controls and compliance with information security policies.

Information Security Incident Management and Response

• Develop and maintain plans to respond to and document information security incidents.
• Develop and implement processes for preventing, detecting, identifying, analysing, and responding to information security incidents.
• Establish escalation and communication processes and lines of authority.
• Track and facilitate the investigation of information security incidents (e.g., forensics, evidence collection and preservation, log analysis, interviewing).
• Develop a process to communicate with internal and external stakeholders (e.g., media, law enforcement, staff, and students).
• Integrate information security incident response plans with the institution's disaster recovery and business continuity plan.
• Formulate training and awareness programs for information security incident response.
• Provide guidance on the resolution of major information security incidents.
• Facilitate reviews to identify root causes of information security incidents, facilitate corrective actions and re-assess risk.

REQUIREMENTS:

• Bachelor's degree in Computer Science or Information Systems, or an equivalent NQF-7 accredited qualification.
• An accredited, internationally recognised Information Systems Security certification.
• Demonstrable IT Service Management experience.
• A minimum of 3 - 5 years' relevant Information Security (InfoSec) Management experience in an enterprise environment.
• Proficiency in legal, regulatory, and other compliance requirements related to InfoSec (e.g., POPIA).
• Successful track record in developing and managing InfoSec projects / programs.
• Experience in Security incident management, Security Investigations, and root cause analysis.
• Advanced proficiency in MS Office (MS Word, Excel, Power Point).
• Excellent English Communication skills (verbal and written).
• Strong facilitation and inter-personal skills.
• Strong business acumen.

Preferred Qualifications, Skills, and Experience:

• CISSP certification (Certified Information Systems Security Professional).
• CISM certification (Certified Information Security Manager),
• Experience in developing InfoSec policies, plans and procedures aligned to ISO/IEC 27001 & 27002 standards.
• An accredited certification in Problem Management (e.g., Kepner Tregoe or related ITIL intermediate course).
• An accredited IT Risk Management certification (e.g., M_o_R) at intermediate / practitioner level.
• Accredited certification in Project Management (e.g., PMP, Prince2).
• COBIT-5 certification in IT Governance.
• Experience in the use of Microsoft Project.
• Experience working in the Higher Education sector would be advantageous.

ATTRIBUTES:

• Diagnostic information gathering, analytical thinking and problem-solving skills.
• Demonstrated ability to work unsupervised to meet deadlines and to deliver results.
• Excellent planning, co-ordination, and time management skills.
• Effective teamwork and the ability to collaborate and build strong relationships with diverse stakeholder groups.
• Good business acumen and understanding of business requirements on ICT.
• Thoroughness and attention to quality and detail.
• Ability to influence, establish focus, and to lead and motivate teams to achieve common goals.
• Excellent customer & service orientation.
• Good listening skills and inter-personal awareness.

Strong personal credibility.

Send Application