Director : Information Security (P5) (Information & Communication Systems : Management Informat[...]

Director : Information Security (P5) (Information & Communication Systems : Management Information Systems)

Advert reference : uj_

Advert status : Online

Apply by : 21 February

Position Summary

Job category : Education and Training

Campus : Auckland Park Kingsway Campus

Contract : Permanent

Remuneration : Market Related

EE position : EE

The University of Johannesburg (UJ) is a vibrant and cosmopolitan university, anchored in Africa and driven by a powerful strategy focused on attaining global excellence and stature (GES). With an emphasis on independent thinking, sustainable development, and strategic partnerships, UJ is an international university of choice.

The University is guided by the Vice-Chancellor's vision of "Positioning UJ in the Fourth Industrial Revolution (4IR) for societal impact in the context of the changing social, political, and economic fortunes of Africa".

Reporting to the Chief Information Officer within the Information and Communications Systems (ICS) Department, the Director of Information Security Management will be responsible for developing and implementing security strategies, policies and procedures to protect the organisation's data, systems and technology infrastructure from cyber threats and vulnerabilities.

Upon joining the Department, you will :

1. Be situated at the Auckland Park Kingsway Campus, but not excluded from supporting all campuses.
2. Fulfil management, leadership, technical and administrative roles in the Department.

Responsibilities :

1. Establish an Information Security Management and Protection Framework for developing and implementing an effective enterprise-wide Information Security Governance and Strategy Programme.
2. Define a Cybersecurity strategy and operating model aligned with UJ business objectives with a clear, tracked and measurable cybersecurity plan.
3. Assume responsibility for UJ's information security and compliance programme, building and leading a high-performing cybersecurity and compliance team and advisory consultancy to business and IT domain leaders.
4. Manage the day-to-day activities, including policies, procedures, training and communication regarding the Information Governance Programme.
5. Perform regular IT Security Maturity Assessments for the respective UJ IT areas, including people, processes and technologies.
6. Lead the security documentation process to ensure progress and auditability.
7. Lead the implementation of a secure system development life cycle.
8. Develop, implement and maintain IT security policies, procedures, standards and practices to ensure conformance with generally accepted practices and mandatory legislation / regulations.
9. Conduct information assets security risk assessment.
10. Lead the implementation and monitoring of information and data quality standards, policies and procedures.
11. Oversee the selection, deployment and validation of IT Information security controls to ensure that security and compliance requirements are met.
12. Ensure that information security threats are identified, detected, responded to, recovered from and followed up on.
13. Ensure security programmes compliancy with relevant laws, regulations and policies to minimise or eliminate risk and audit findings.
14. Integrate an Information and Cyber Security Risk Management Framework.
15. Present regular reports to UJ executives and auditors on the cybersecurity status of the organisation.
16. Collaborate with key stakeholders to proactively identify local issues and areas of risk that impact data quality, availability, and confidentiality.
17. Implement preventive measures and remedial action when required.
18. Conduct security audits to identify gaps and implement controls to mitigate risks.

Minimum Qualifications :

1. Degree or any relevant qualification (NQF 8).
2. 5 to 8 years' of management experience in an Information Security Management.
3. Information security, project management and IT service management experience.
4. Outsourced services and management of commercial partners.
5. Managing strategic change in a dynamic operating environment.
6. Translating broad business needs and understanding the key drivers of enterprise applications.
7. Risk assessment and mitigation risk-related industry-standard qualifications such as CISA, CISM or CISSP.

Competencies and Behavioural Attributes :

1. Good interpersonal and communication skills (verbal and written).
2. Ability to maintain sound human relations and transfer skills and knowledge.
3. Strong decision making and budget control skills.
4. Strong Risk management and Cyber security awareness.
5. IT Policies and Procedures.
6. Collaborating with business managers to determine and deliver value adding IT solutions.
7. Ability to manage a multi technology technical support team.
8. Knowledge of the latest Information security technologies.
9. Firewall standards and protocols.
10. Project Management.

Enquiries : Enquiries regarding the job content : Ms Maletsema Phofu on Tel : [insert contact number]

Your application, comprising of a detailed Curriculum Vitae as well as the names and full contact details (including telephone numbers and e-mail addresses) of at least three traceable and credible referees must be uploaded before or on the closing date of the advertised post.

Please also attach the following : a copy of your highest academic qualification, proof of registration with professional bodies you might belong to and if applying for an academic position, a list of accredited research output and / or a portfolio of your creative output.

Please note that the University is obligated, in terms of recent amendments to the Criminal Law (Sexual Offences and Related Matters) Amendment Act (Act 13 of [insert year]), to assess all prospective employees (including applicants) against the National Register for Sex Offenders (NRSO).

The outcome of such an assessment may have an impact upon possible employment with the University.

For more information, please review the following link : Justice / Criminal / NRSO.

Candidates may be subjected to appropriate psychometric testing and other selection instruments.

In conjunction to merit on the basis of qualifications, experience and proven achievements the University of Johannesburg is committed to providing equal employment opportunities for persons with disabilities and those individuals from the historically disadvantaged groups.

As necessitated by operational requirements the University reserves the right not to make an appointment to positions advertised.

If you have not received a response from the University within 8 weeks of the closing date, you should assume that your application has been unsuccessful.