Manager: Information Security

The University of the Western Cape (UWC) seeks to appoint an experienced Manager: Information Security in its Information and Communication Services (ICS) department.

This permanent position based at the Bellville main campus reports to the Deputy Director: ICT Governance Risk and Compliance. The role is pivotal in maturing the University’s Information Security (InfoSec) capabilities across governance, risk management, program development, and incident response.

This demanding yet stimulating role requires an individual with extensive business and technical skills. Join us at an exciting time in the University’s history.

1. Information Security Governance: Establish, communicate, and maintain security policies; lead security strategy development; identify legal and regulatory requirements; establish reporting channels.
2. Information Security Risk Management: Classify information assets; implement risk assessment and mitigation processes; evaluate threats and vulnerabilities; integrate risk management into operations.
3. Information Security Program Development: Develop security architectures; create and maintain security plans; specify activities; develop awareness and training programs; advise on security requirements and controls; establish metrics.
4. Information Security Program Management: Oversee program execution; monitor controls and compliance; provide guidance; collaborate with operational teams to ensure effective control management and strategy implementation.
5. Information Security Incident Management and Response: Develop incident response plans; implement detection and response processes; establish escalation procedures; investigate incidents; communicate with stakeholders; integrate with disaster recovery; train staff; lead incident resolution and root cause analysis.

• Bachelor’s degree in Computer Science or Information Systems with 5 years' relevant experience, or an NQF 6 diploma with an internationally recognized InfoSec certification and 8 years' experience.
• Certifications such as CISSP or CISM.
• IT Service Management experience; enterprise InfoSec management experience; knowledge of legal and compliance frameworks including POPIA.
• Proficiency in security frameworks (NIST, ISO27001), enterprise architecture, and security incident management.
• Advanced MS Office skills.

• Experience developing policies aligned with ISO standards.
• Knowledge of IT Governance and cybersecurity practices.
• Certifications in Risk Management, Project Management, COBIT-5.
• Experience in higher education sector is advantageous.

• Analytical skills, problem-solving, ability to work independently, excellent planning and coordination, stakeholder relationship management, business acumen, attention to detail, leadership, communication, facilitation, and interpersonal skills.