Manager: Information Security - (2197)

Key Performance Areas:
Information Security Governance

• Establish, communicate and maintain information security policies, standards, procedures and other documentation that support information security,
• Lead the design and implementation of an information security strategy to proactively address evolving cybersecurity threats and ensuring the confidentiality, integrity and availability of the University's information assets
• Identify current and potential legal and regulatory requirements affecting information security,
• Establish reporting and communication channels that support information security.

Information Security Risk Management

• Establish a process for information asset classification and ownership,
• Implement a structured information risk assessment mitigation and reporting process, and oversee findings to closure,
• Ensure that threat and vulnerability evaluations are performed on an ongoing basis,
• Identify and periodically evaluate information security controls and counter-measures to mitigate risk to acceptable levels,
• Integrate risk, threat and vulnerability identification and management into operational management and program delivery processes.

Information Security Program Development

• Ensure the development of information security architectures (considering people, information, processes and technology),
• Develop and maintain plans to implement the information security strategy ensuring alignment with other assurance functions,
• Specify the activities to be performed within the information security program / projects,
• Develop a program for information security awareness, training and education,
• Recommend and advise information security requirements into the organization’s processes and life cycle activities (e.g. change control, software development, employment, procurement etc.),
• Advise on the integration of information security controls into contracts,
• Establish metrics to evaluate the effectiveness of the information security program.

Information Security Program Management

• Oversee the execution of information security programs,
• Oversee the performance of contractually agreed information security controls (e.g., with joint ventures, outsourced providers, business partners, third parties),
• Provide information security advice and guidance (e.g., risk analysis, control selection) across the institution,
• Provide information security awareness, training and education to stakeholders (e.g. business process owners),
• Monitor, measure and report on the effectiveness and efficiency of information security controls and compliance with information security policies,
• Collaborate with Operational Teams to ensure effective management of controls and the successful implementation of strategies. This includes working closely with managers across different domains and engaging with campus stakeholders to align security and compliance objectives with operational needs.

Information Security Incident Management and Response

• Develop and maintain plans to respond to and document information security incidents,
• Develop and implement processes for preventing, detecting, identifying, analysing, and responding to information security incidents,
• Establish escalation and communication processes and lines of authority,
• Track and Facilitate the investigation of information security incidents (e.g. forensics, evidence collection and preservation, log analysis, interviewing),
• Develop a process to communicate with internal and external stakeholders (e.g. media, law enforcement, staff and students),
• Integrate information security incident response plans with the institution’s disaster recovery and business continuity plan,
• Formulate training and awareness programs for information security incident response,
• Provide guidance on the resolution of major information security incidents,
• Facilitate reviews to identify root causes of information security incidents, facilitate corrective actions and re-assess risk.

Minimum Requirements

Qualification, Skills and Experience:

• Bachelor’s degree in Computer Science or Information Systems, or an equivalent NQF-7 accredited qualification with 5 years' experience in a similar role and at a similar level or
• Diploma at NQF 6 level and an accredited, internationally recognised Information Systems Security certification with 8 years' experience in a similar role and at a similar level
• An accredited, internationally recognised Information Systems Security certification (CISSP, CISM, etc.),
• Demonstrable IT Service Management experience,
• Relevant Information Security (InfoSec) Management experience in an enterprise environment,
• Knowledge of the legal, regulatory and compliance requirements related to InfoSec (e.g. POPIA),
• Proficient in information security frameworks (e.g. NIST, ISO27001),
• Good experiential knowledge and understanding of an enterprise business system architecture (including data centre; server environment; storage network; databases; operating systems; applications; WAN & LAN networks)
• Successful track record in developing and managing InfoSec projects / programs,
• Experience in Security incident management, Security Investigations and root cause analysis,
• Advanced proficiency in MS Office (MS Word, Excel, Power Point),

Preferred/Advantageous Qualifications, Skills and Experience:
Below are the preferred requirements that would be advantageous to candidates, but are not essential:

• Experience in developing InfoSec policies, plans and procedures aligned to ISO/IEC 27001 & 27002 standards,
• Strong knowledge of IT Governance and cyber security practices
• An accredited IT Risk Management certification (e.g. M_o_R) at intermediate / practitioner level,
• Accredited certification in Project Management (e.g. PMP, Prince2),
• COBIT-5 certification in IT Governance,
• Experience in the use of Microsoft Project,
• Experience working in the Higher Education sector would be advantageous,

Required Competencies:

• Diagnostic information gathering, analytical thinking and problem-solving skills,
• Demonstrated ability to work unsupervised to meet deadlines and to deliver results,
• Excellent planning, co-ordination and time management skills,
• Effective teamwork and the ability to collaborate and build strong relationships with diverse stakeholder groups,
• Good business acumen and understanding of business requirements on ICT,
• Thoroughness and attention to quality and detail,
• Ability to influence, establish focus, and to lead and motivate teams to achieve common goals,
• Excellent customer & service orientation,
• Good listening skills and inter-personal awareness,
• Strong personal credibility
• Excellent English Communication skills (verbal and written),
• Strong facilitation and inter-personal skills,
• Strong business acumen.

Closing Date

9/3/2026