Chief Information Security Officer (CISO)

The University seeks to appoint a highly experienced leader in Information Security to drive its cybersecurity strategy, governance, and operational excellence. The incumbent will be responsible for establishing and maintaining an institution-wide security program that ensures the confidentiality, integrity, availability, and resilience of information assets across all environments. This strategic role requires exceptional leadership, broad cybersecurity expertise, and the ability to communicate cyber risk and value to executive stakeholders while ensuring compliance with evolving regulatory landscapes.

• Implement and manage a robust information security governance structure, including an IS steering committee or advisory board.
• Provide regular reporting to senior leadership structures on cybersecurity status and risks.
• Develop, socialize, and coordinate approval of security policies.
• Integrate information security requirements into vendor and procurement processes.
• Lead targeted information security awareness and training programs.
• Drive consistent application of security controls across IT, privacy, compliance, and business continuity areas.
• Lead security champion programs and embed cyber judgement across decentralized decision-making environments.

• Lead and manage the University’s information security function in alignment with business goals.
• Define information security operating models and approaches in consultation with stakeholders.
• Manage the security budget and ensure cost-efficient operations.
• Direct hiring, capability development, performance management, and certification of security, audit, risk and compliance team members.
• Implement and oversee the Information Security Management System (ISMS).

• Develop and communicate a security vision aligned with institutional priorities.
• Implement a comprehensive, multi-year information security strategy.
• Identify unmanaged technology and drive secure onboarding into formal IT environments.
• Facilitate risk assessment processes and empower departments to manage risks aligned to the University’s risk appetite.

• Develop and maintain security frameworks aligned to ISO 27001, NIST, COBIT, and other global standards.
• Create and manage a risk-based control framework incorporating legal and regulatory requirements.
• Maintain up-to-date security policies, standards, and guidelines.
• Create frameworks defining information ownership, classification, and protection.
• Develop metrics and reporting frameworks for University-wide cybersecurity maturity.

• Build strong internal networks with executives, compliance, audit, legal, HR, and operational teams.
• Maintain external networks with security peers, vendors, and agencies, including law enforcement.
• Represent the University in cybersecurity forums and maintain awareness of emerging threats.

• Oversee the performance of all cybersecurity, audit, risk and compliance operations against best practice and industry benchmarks.
• Establish risk-based processes for third-party, vendor, and ecosystem security assessments.
• Oversee independent audits and act as the primary contact for security issues.
• Embed a security by design culture within technology teams.
• Work with compliance and privacy offices to ensure adherence to data protection laws.
• Manage incident response, threat monitoring, business continuity, and disaster recovery processes.
• Oversee contract reviews, cloud security, forensic investigations, and information asset management.

• Relevant Bachelor’s degree (NQF level 7 Information Systems or Similar).
• Advanced certifications such as CISM, CISSP, CISA, or CASP which are current.

• Minimum 5 years of relevant managerial experience
• Minimum 10 years of work-related experience