Overview The University of the Western Cape (UWC) seeks to appoint an experienced Manager: Information Security in its Information and Communication Services (ICS) department. The University has set itself exciting and challenging goals in its Institutional Operating Plan (IOP), which rely heavily on ICTs to deliver integrated solutions that enable and support its Academic and Research programs, and its Administrative and Professional Services departments. This permanent position based at the Bellville main campus will report to the Deputy Director: ICT Governance Risk and Compliance and will play a pivotal role in maturing the University’s Information Security (InfoSec) functional domain and capabilities in the areas of InfoSec Governance; InfoSec Risk; InfoSec Program Development & Management; and InfoSec Incident Management & Response. This is a demanding but very stimulating role, which requires an experienced individual with the appropriate breadth and depth of business and technical skills and competencies. We invite you to join our team at a very exciting time in the University’s history. Key Performance Areas A. Information Security Governance Establish, communicate and maintain information security policies, standards, procedures and other documentation that support information security Lead the design and implementation of an information security strategy to proactively address evolving cybersecurity threats and ensuring the confidentiality, integrity and availability of the University\'s information assets Identify current and potential legal and regulatory requirements affecting information security Establish reporting and communication channels that support information security B. Information Security Risk Management Establish a process for information asset classification and ownership Implement a structured information risk assessment mitigation and reporting process, and oversee findings to closure Ensure that threat and vulnerability evaluations are performed on an ongoing basis Identify and periodically evaluate information security controls and counter-measures to mitigate risk to acceptable levels Integrate risk, threat and vulnerability identification and management into operational management and program delivery processes C. Information Security Program Development Ensure the development of information security architectures (considering people, information, processes and technology) Develop and maintain plans to implement the information security strategy ensuring alignment with other assurance functions Specify the activities to be performed within the information security program / projects Develop a program for information security awareness, training and education Recommend and advise information security requirements into the organization’s processes and life cycle activities (e.g. change control, software development, employment, procurement etc.) Advise on the integration of information security controls into contracts Establish metrics to evaluate the effectiveness of the information security program D. Information Security Program Management Oversee the execution of information security programs Oversee the performance of contractually agreed information security controls (e.g., with joint ventures, outsourced providers, business partners, third parties) Provide information security advice and guidance (e.g., risk analysis, control selection) across the institution Provide information security awareness, training and education to stakeholders (e.g. business process owners) Monitor, measure and report on the effectiveness and efficiency of information security controls and compliance with information security policies Collaborate with Operational Teams to ensure effective management of controls and the successful implementation of strategies. This includes working closely with managers across different domains and engaging with campus stakeholders to align security and compliance objectives with operational needs E. Information Security Incident Management and Response Develop and maintain plans to respond to and document information security incidents Develop and implement processes for preventing, detecting, identifying, analysing, and responding to information security incidents Establish escalation and communication processes and lines of authority Track and facilitate the investigation of information security incidents (e.g. forensics, evidence collection and preservation, log analysis, interviewing) Develop a process to communicate with internal and external stakeholders (e.g. media, law enforcement, staff and students) Integrate information security incident response plans with the institution’s disaster recovery and business continuity plan Formulate training and awareness programs for information security incident response Provide guidance on the resolution of major information security incidents Facilitate reviews to identify root causes of information security incidents, facilitate corrective actions and re-assess risk Qualification, Skills and Experience Bachelor’s degree in Computer Science or Information Systems, or an equivalent NQF-7 accredited qualification with 5 years\' experience in a similar role and at a similar level Diploma at NQF 6 level and an accredited, internationally recognised Information Systems Security certification with 8 years\' experience in a similar role and at a similar level An accredited, internationally recognised Information Systems Security certification (CISSP, CISM, etc.) Relevant Information Security (InfoSec) Management experience in an enterprise environment Knowledge of the legal, regulatory and compliance requirements related to InfoSec (e.g. POPIA) Proficient in information security frameworks (e.g. NIST, ISO27001) Good experiential knowledge and understanding of an enterprise business system architecture (including data centre; server environment; storage network; databases; operating systems; applications; WAN & LAN networks) Successful track record in developing and managing InfoSec projects / programs Experience in Security incident management, Security Investigations and root cause analysis Advanced proficiency in MS Office (MS Word, Excel, Power Point) Preferred/Advantageous Qualifications, Skills and Experience Experience in developing InfoSec policies, plans and procedures aligned to ISO/IEC 27001 & 27002 standards Strong knowledge of IT Governance and cyber security practices Accredited certification in Project Management (e.g. PMP, Prince2) COBIT-5 certification in IT Governance Experience in the use of Microsoft Project Experience working in the Higher Education sector would be advantageous Diagnostic information gathering, analytical thinking and problem-solving skills Demonstrated ability to work unsupervised to meet deadlines and to deliver results Excellent planning, co-ordination and time management skills Effective teamwork and the ability to collaborate and build strong relationships with diverse stakeholder groups Good business acumen and understanding of business requirements on ICT Thoroughness and attention to quality and detail Ability to influence, establish focus, and to lead and motivate teams to achieve common goals Good listening skills and inter-personal awareness Strong personal credibility Excellent English Communication skills (verbal and written) Strong facilitation and inter-personal skills Strong business acumen In your application, you are encouraged to highlight your strengths and include anything else you deem exceptional and outstanding to be considered by the selection panel. In addition, please attach a cover letter motivating your suitability, a detailed curriculum vitae including contact details of three referees, and your highest qualification to your online profile. To be considered for this vacancy, you must click on the Apply for this Job link below or apply directly via UWC Careers at For any queries, please contact the Human Resources Department at +27 21 959 4063/3642/9362/9708/3160/3756 or email: e-recruitment@uwc.ac.za. DISCLAIMER: By applying for the position, you consent to the University sharing your application, including curriculum vitae, with University stakeholders to process the application. In line with the University’s commitment to diversifying its workforce, preference will be given to suitably qualified applicants in line with our Employment Equity Targets. The official retirement age at UWC is 65 years. The University reserves the right to not make an appointment, make an appointment at a different level, seek additional candidates and may conduct competency assessments. #J-18808-Ljbffr