ENVIRONMENT:PLAY a critical role as your expertise and specialist skills is sought to fill the role of a Manager heading up the Information Security division of a renowned and innovative Tertiary Institution. Your core role will be to mature the institutions InfoSec functional domain and capabilities in the areas of InfoSec Governance; InfoSec Risk; InfoSec Program Development & Management; and InfoSec Incident Management & Response. The ideal candidate must possess a Bachelors Degree in Computer Science/Information Systems, or an equivalent NQF-7 accredited qualification, an accredited, internationally recognised Information Systems Security Certification, demonstrable IT Service Management experience, 3-5 years’ relevant Information Security (InfoSec) Management experience in an enterprise environment, proficient in legal, regulatory and other compliance requirements related to InfoSec (e.g., POPIA) & experience in Security Incident Management, Security Investigations, and Root Cause [URL Removed] Security Governance
- Establish, communicate and maintain Information Security policies, standards, procedures and other documentation that support Information Security.
- Facilitate the development of an Information Security strategy aligned with the Universitys IT governance model and its strategic goals and objectives.
- Identify current and potential legal and regulatory requirements affecting Information Security.
- Establish reporting and communication channels that support Information Security.
Information Security Risk Management
- Establish a process for information asset classification and ownership.
- Implement a structured information risk assessment mitigation and reporting process.
- Ensure that threat and vulnerability evaluations are performed on an ongoing basis.
- Identify and periodically evaluate Information Security controls and countermeasures to mitigate risk to acceptable levels.
- Integrate risk, threat and vulnerability identification and management into operational management and program delivery processes.
Information Security Program Development
- Ensure the development of Information Security architectures (considering people, information, processes and technology).
- Develop and maintain plans to implement the Information Security strategy ensuring alignment with other assurance functions.
- Specify the activities to be performed within the Information Security program / projects.
- Develop a program for Information Security awareness, training and education.
- Recommend and advise Information Security requirements into the organisations processes and lifecycle activities (e.g., change control, software development, employment, procurement etc.).
- Advise on the integration of Information Security controls into contracts.
- Establish metrics to evaluate the effectiveness of the Information Security program.
Information Security Program Management
- Oversee the execution of Information Security programs.
- Oversee the performance of contractually agreed information security controls (e.g., with joint ventures, outsourced providers, business partners, third parties).
- Provide Information Security advice and guidance (e.g., risk analysis, control selection) across the institution.
- Provide Information Security awareness, training and education to stakeholders (e.g., business process owners).
- Monitor, measure and report on the effectiveness and efficiency of Information Security controls and compliance with Information Security policies.
Information Security Incident Management and Response
- Develop and maintain plans to respond to and document Information Security incidents.
- Develop and implement processes for preventing, detecting, identifying, analysing and responding to Information Security incidents.
- Establish escalation and communication processes and lines of authority.
- Track and facilitate the investigation of Information Security incidents (e.g., forensics, evidence collection and preservation, log analysis, interviewing).
- Develop a process to communicate with internal and external stakeholders (e.g., media, law enforcement, staff and students).
- Integrate Information Security incident response plans with the institutions disaster recovery and business continuity plan.
- Formulate training and awareness programs for Information Security incident response.
- Provide guidance on the resolution of major Information Security incidents.
- Facilitate reviews to identify root causes of Information Security incidents, facilitate corrective actions and re-assess risk.
- Bachelors Degree in Computer Science or Information Systems, or an equivalent NQF-7 accredited qualification.
- An accredited, internationally recognised Information Systems Security Certification.
- Demonstrable IT Service Management experience.
- A minimum of 3 – 5 years’ relevant Information Security (InfoSec) Management experience in an enterprise environment.
- Proficiency in legal, regulatory and other compliance requirements related to InfoSec (e.g., POPIA).
- Successful track record in developing and managing InfoSec projects / programs.
- Experience in Security Incident Management, Security Investigations, and Root Cause Analysis.
- Advanced proficiency in MS Office (MS Word, Excel, PowerPoint).
- Good business acumen and understanding of business requirements on ICT.
Preferred Qualifications, Skills and Experience –
- CISSP certification (Certified Information Systems Security Professional).
- CISM certification (Certified Information Security Manager).
- Experience developing InfoSec policies, plans and procedures aligned to ISO/IEC 27001 & 27002 standards.
- An accredited certification in Problem Management (e.g., Kepner Tregoe or related ITIL intermediate course).
- An accredited IT Risk Management Certification (e.g., M_o_R) at intermediate / practitioner level.
- Accredited certification in Project Management (e.g., PMP, Prince2).
- COBIT-5 Certification in IT Governance.
- Experience in the use of Microsoft Project.
- Experience working in the Higher Education sector would be advantageous.
- Excellent English Communication skills (verbal and written).
- Strong facilitation and inter-personal skills.
- Diagnostic information gathering, analytical thinking and problem-solving skills.
- Demonstrated ability to work unsupervised to meet deadlines and to deliver results.
- Excellent planning, co-ordination, and time management skills.
- Effective teamwork and the ability to collaborate and build strong relationships with diverse stakeholder groups.
- Thoroughness and attention to quality and detail,
- Ability to influence, establish focus, and to lead and motivate teams to achieve common goals.
- Excellent customer & service orientation.
- Strong personal credibility.
While we would really like to respond to every application, should you not be contacted for this position within 10 working days please consider your application unsuccessful.COMMENTS:When applying for jobs, ensure that you have the minimum job requirements. OnlySA Citizens will be considered for this role. If you are not in the mentioned location of any of the jobs, please note your relocation plans in all applications for jobs and correspondence. Please e-mail a word copy of your CV to [Email Address Removed] and mention the reference numbers of the jobs. We have a list of jobs on [URL Removed] Datafin IT Recruitment – Cape Town Jobs.