Manager: Information Security at Datafin Recruitment

May 20, 2021

ENVIRONMENT:Play a critical role as your expertise and specialist skills is sought to fill the role of a Manager heading up the Information Security division of a renowned and innovative Tertiary Institution. Your core role will be to mature the institution’s InfoSec functional domain and capabilities in the areas of InfoSec Governance; InfoSec Risk; InfoSec Program Development & Management; and InfoSec Incident Management & Response. The ideal candidate must possess a Bachelor’s Degree in Computer Science/Information Systems, or an equivalent NQF-7 accredited qualification, an accredited, internationally recognised Information Systems Security Certification, demonstrable IT Service Management experience, 3-5 years’ relevant Information Security (InfoSec) Management experience in an enterprise environment, proficient in legal, regulatory and other compliance requirements related to InfoSec (e.g., POPIA) & experience in Security Incident Management, Security Investigations, and Root Cause [URL Removed] Security Governance –

  • Establish, communicate and maintain Information Security policies, standards, procedures and other documentation that support Information Security.
  • Facilitate the development of an Information Security strategy aligned with the University’s IT governance model and its strategic goals and objectives.
  • Identify current and potential legal and regulatory requirements affecting Information Security.
  • Establish reporting and communication channels that support Information Security.

Information Security Risk Management –

  • Establish a process for information asset classification and ownership.
  • Implement a structured information risk assessment mitigation and reporting process.
  • Ensure that threat and vulnerability evaluations are performed on an ongoing basis.
  • Identify and periodically evaluate Information Security controls and countermeasures to mitigate risk to acceptable levels.
  • Integrate risk, threat and vulnerability identification and management into operational management and program delivery processes.

Information Security Program Development –

  • Ensure the development of Information Security architectures (considering people, information, processes and technology).
  • Develop and maintain plans to implement the Information Security strategy ensuring alignment with other assurance functions.
  • Specify the activities to be performed within the Information Security program / projects.
  • Develop a program for Information Security awareness, training and education.
  • Recommend and advise Information Security requirements into the organisation’s processes and lifecycle activities (e.g., change control, software development, employment, procurement etc.).
  • Advise on the integration of Information Security controls into contracts.
  • Establish metrics to evaluate the effectiveness of the Information Security program.

Information Security Program Management –

  • Oversee the execution of Information Security programs.
  • Oversee the performance of contractually agreed information security controls (e.g., with joint ventures, outsourced providers, business partners, third parties).
  • Provide Information Security advice and guidance (e.g., risk analysis, control selection) across the institution.
  • Provide Information Security awareness, training and education to stakeholders (e.g., business process owners).
  • Monitor, measure and report on the effectiveness and efficiency of Information Security controls and compliance with Information Security policies.

Information Security Incident Management and Response –

  • Develop and maintain plans to respond to and document Information Security incidents.
  • Develop and implement processes for preventing, detecting, identifying, analysing and responding to Information Security incidents.
  • Establish escalation and communication processes and lines of authority.
  • Track and facilitate the investigation of Information Security incidents (e.g., forensics, evidence collection and preservation, log analysis, interviewing).
  • Develop a process to communicate with internal and external stakeholders (e.g., media, law enforcement, staff and students).
  • Integrate Information Security incident response plans with the institution’s disaster recovery and business continuity plan.
  • Formulate training and awareness programs for Information Security incident response.
  • Provide guidance on the resolution of major Information Security incidents.
  • Facilitate reviews to identify root causes of Information Security incidents, facilitate corrective actions and re-assess risk.

REQUIREMENTS:Qualifications –

  • Bachelor’s Degree in Computer Science or Information Systems, or an equivalent NQF-7 accredited qualification.
  • An accredited, internationally recognised Information Systems Security Certification.

Experience/Skills –

  • Demonstrable IT Service Management experience.
  • A minimum of 3 – 5 years’ relevant Information Security (InfoSec) Management experience in an enterprise environment.
  • Proficiency in legal, regulatory and other compliance requirements related to InfoSec (e.g., POPIA).
  • Successful track record in developing and managing InfoSec projects / programs.
  • Experience in Security Incident Management, Security Investigations, and Root Cause Analysis.
  • Advanced proficiency in MS Office (MS Word, Excel, PowerPoint).
  • Good business acumen and understanding of business requirements on ICT.

Preferred Qualifications, Skills and Experience –

  • CISSP certification (Certified Information Systems Security Professional).
  • CISM certification (Certified Information Security Manager).
  • Experience developing InfoSec policies, plans and procedures aligned to ISO/IEC 27001 & 27002 standards.
  • An accredited certification in Problem Management (e.g., Kepner Tregoe or related ITIL intermediate course).
  • An accredited IT Risk Management Certification (e.g., M_o_R) at intermediate / practitioner level.
  • Accredited certification in Project Management (e.g., PMP, Prince2).
  • COBIT-5 Certification in IT Governance.
  • Experience in the use of Microsoft Project.
  • Experience working in the Higher Education sector would be advantageous.

ATTRIBUTES:

  • Excellent English Communication skills (verbal and written).
  • Strong facilitation and inter-personal skills.
  • Diagnostic information gathering, analytical thinking and problem-solving skills.
  • Demonstrated ability to work unsupervised to meet deadlines and to deliver results.
  • Excellent planning, co-ordination, and time management skills.
  • Effective te

Learn more/Apply for this position