Manager - Information Security
|Location:||Cape Town, Bellville|
Play a critical role as your expertise and specialist skills is sought to fill the role of a Manager heading up the Information Security division of a renowned and innovative Tertiary Institution. Your core role will be to mature the institution's InfoSec functional domain and capabilities in the areas of InfoSec Governance; InfoSec Risk; InfoSec Program Development & Management; and InfoSec Incident Management & Response. The ideal candidate must possess a Bachelor's Degree in Computer Science/Information Systems, or an equivalent NQF-7 accredited qualification, an accredited, internationally recognised Information Systems Security Certification, demonstrable IT Service Management experience, 3-5 years' relevant Information Security (InfoSec) Management experience in an enterprise environment, proficient in legal, regulatory and other compliance requirements related to InfoSec (e.g., POPIA) & experience in Security Incident Management, Security Investigations, and Root Cause Analysis.
Information Security Governance -
- Establish, communicate and maintain Information Security policies, standards, procedures and other documentation that support Information Security.
- Facilitate the development of an Information Security strategy aligned with the University's IT governance model and its strategic goals and objectives.
- Identify current and potential legal and regulatory requirements affecting Information Security.
- Establish reporting and communication channels that support Information Security.
Information Security Risk Management -
- Establish a process for information asset classification and ownership.
- Implement a structured information risk assessment mitigation and reporting process.
- Ensure that threat and vulnerability evaluations are performed on an ongoing basis.
- Identify and periodically evaluate Information Security controls and countermeasures to mitigate risk to acceptable levels
- Integrate risk, threat and vulnerability identification and management into operational management and program delivery processes.
Information Security Program Development -
- Ensure the development of Information Security architectures (considering people, information, processes and technology).
- Develop and maintain plans to implement the Information Security strategy ensuring alignment with other assurance functions.
- Specify the activities to be performed within the Information Security program / projects.
- Develop a program for Information Security awareness, training and education.
- Recommend and advise Information Security requirements into the organisation's processes and lifecycle activities (e.g., change control, software development, employment, procurement etc.).
- Advise on the integration of Information Security controls into contracts.
- Establish metrics to evaluate the effectiveness of the Information Security program.
Information Security Program Management -
- Oversee the execution of Information Security programs.
- Oversee the performance of contractually agreed information security controls (e.g., with joint ventures, outsourced providers, business partners, third parties).
- Provide Information Security advice and guidance (e.g., risk analysis, control selection) across the institution.
- Provide Information Security awareness, training and education to stakeholders (e.g., business process owners).
- Monitor, measure and report on the effectiveness and efficiency of Information Security controls and compliance with Information Security policies.
Information Security Incident Management and Response -
- Develop and maintain plans to respond to and document Information Security incidents.
- Develop and implement processes for preventing, detecting, identifying, analysing and responding to Information Security incidents.
- Establish escalation and communication processes and lines of authority.
- Track and facilitate the investigation of Information Security incidents (e.g., forensics, evidence collection and preservation, log analysis, interviewing).
- Develop a process to communicate with internal and external stakeholders (e.
Posted on 17 Aug 14:01
087 351 0743