Manager: Information Security

The University of the Western Cape (UWC) seeks to appoint an experienced Manager: Information Security in its Information and Communication Services (ICS) department.

The University has set itself exciting and challenging goals in its Institutional Operating Plan (IOP), which rely heavily on ICT to deliver integrated solutions that enable and support its Academic and Research programs, and its Administrative and Professional Services departments.

This permanent position based at the Bellville main campus reports to the Deputy Director: ICT Governance Risk and Compliance and plays a pivotal role in maturing the University’s Information Security (InfoSec) capabilities in areas such as Governance, Risk, Program Development & Management, and Incident Response.

This demanding yet stimulating role requires an individual with broad business and technical skills. Join us at an exciting time in the University’s history.

1. Information Security Governance:
   • Establish, communicate, and maintain security policies, standards, procedures, and documentation.
   • Design and implement an information security strategy to address cybersecurity threats, ensuring the confidentiality, integrity, and availability of information assets.
   • Identify legal and regulatory requirements affecting information security.
   • Establish reporting and communication channels to support security.
2. Information Security Risk Management:
   • Establish processes for asset classification and ownership.
   • Implement risk assessment, mitigation, and reporting processes; oversee findings.
   • Perform ongoing threat and vulnerability evaluations.
   • Evaluate and implement security controls to mitigate risks.
   • Integrate risk management into operational processes.
3. Information Security Program Development:
   • Develop security architectures considering people, processes, and technology.
   • Create and maintain security plans aligned with organizational goals.
   • Define activities for security programs/projects.
   • Develop security awareness, training, and education programs.
   • Integrate security requirements into organizational processes and contracts.
   • Establish metrics to evaluate program effectiveness.
4. Information Security Program Management:
   • Oversee execution of security programs.
   • Manage performance of security controls, including third-party controls.
   • Provide security advice across the institution.
   • Conduct training and awareness for stakeholders.
   • Monitor and report on control effectiveness and compliance.
   • Collaborate with operational teams to align security with operational needs.
5. Information Security Incident Management and Response:
   • Develop and maintain incident response plans.
   • Implement processes for incident detection, analysis, and response.
   • Establish escalation and communication protocols.
   • Facilitate incident investigations and evidence handling.
   • Communicate with stakeholders during incidents.
   • Align incident response with disaster recovery and business continuity plans.
   • Develop training programs for incident response.
   • Guide resolution of major incidents and conduct root cause analysis.

• Bachelor’s degree in Computer Science or Information Systems, with 5 years' experience, or an NQF 6 diploma and an internationally recognized security certification with 8 years' experience.
• Security certifications such as CISSP, CISM, etc.
• IT Service Management experience.
• Experience in enterprise InfoSec management and legal/regulatory compliance (e.g., POPIA).
• Knowledge of security frameworks (NIST, ISO27001).
• Understanding of enterprise system architecture.
• Proven track record in managing InfoSec projects/programs.
• Experience in incident management, investigations, and root cause analysis.
• Proficiency in MS Office suite.

• Experience developing policies aligned with ISO standards.
• Knowledge of IT Governance and cybersecurity practices.
• Additional certifications like M_o_R, PMP, Prince2, COBIT-5, or experience in higher education sector.

• Analytical skills, problem-solving, and information gathering.
• Ability to work independently and meet deadlines.
• Excellent planning, coordination, and time management.
• Strong collaboration and relationship-building skills.
• Business acumen and understanding of ICT requirements.
• Attention to detail and quality.
• Leadership and motivational skills.
• Customer service orientation and interpersonal skills.
• Effective communication skills in English.
• Facilitation skills and personal credibility.