Datafin are currently seeking candidates for their open Manager: Information Security position in Cape Town, Western Cape through Go Job Search. Are you an experienced candidate looking to take up a Manager: Information Security role such as with an industry leading company like Datafin?
ENVIRONMENT: PLAY a critical role as your expertise and specialist skills is sought to fill the role of a Manager heading up the Information Security division of a renowned and innovative Tertiary Institution. Your core role will be to mature the institution’s InfoSec functional domain and capabilities in the areas of InfoSec Governance; InfoSec Risk; InfoSec Program Development & Management; and InfoSec Incident Management & Response. The ideal candidate must possess a Bachelor’s Degree in Computer Science/Information Systems, or an equivalent NQF-7 accredited qualification, an accredited, internationally recognised Information Systems Security Certification, demonstrable IT Service Management experience, 3-5 years’ relevant Information Security (InfoSec) Management experience in an enterprise environment, proficient in legal, regulatory and other compliance requirements related to InfoSec (e.g., POPIA) & experience in Security Incident Management, Security Investigations, Root Cause Analysis and a successful track record in developing and managing InfoSec projects / programs. This is a demanding but very stimulating role, which requires an experienced individual with the appropriate breadth and depth of business and technical skills and competencies.DUTIES:Information Security GovernanceEstablish, communicate, and maintain information security policies, standards, procedures, and other documentation that support information security,Facilitate the development of an information security strategy aligned with the University’s IT governance model and its strategic goals and objectives.Identify current and potential legal and regulatory requirements affecting information security.Establish reporting and communication channels that support information security.Information Security Risk ManagementEstablish a process for information asset classification and ownership.Implement a structured information risk assessment mitigation and reporting process.Ensure that threat and vulnerability evaluations are performed on an ongoing basis.Identify and periodically evaluate information security controls and countermeasures to mitigate risk to acceptable levels.Integrate risk, threat and vulnerability identification and management into operational management and program delivery processes.Information Security Program DevelopmentEnsure the development of information security architectures (considering people, information, processes and technology).Develop and maintain plans to implement the information security strategy ensuring alignment with other assurance functions.Specify the activities to be performed within the information security program / projects.Develop a program for information security awareness, training, and education.Recommend and advise information security requirements into the organization’s processes and life cycle activities (e.g., change control, software development, employment, procurement etc.).Advise on the integration of information security controls into contracts.Establish metrics to evaluate the effectiveness of the information security program. Information Security Program Management.Oversee the execution of information security programs.Oversee the performance of contractually agreed information security controls (e.g., with joint ventures outsourced providers, business partners, third parties).Provide information security advice and guidance (e.g., risk analysis, control selection) across the institution. Provide information security awareness, training, and education to stakeholders (e.g., business process owners).Monitor, measure and report on the effectiveness and efficiency of information security controls and compliance with information security policies.Information Security Incident Management and ResponseDevelop and maintain plans to respond to and document information security incidents.Develop and implement processes for preventing, detecting, identifying, analysing, and responding to information security incidents.Establish escalation and communication processes and lines of authority.Track and facilitate the investigation of information security incidents (e.g., forensics, evidence collection and preservation, log analysis, interviewing).Develop a process to communicate with internal and external stakeholders (e.g., media, law enforcement, staff, and students).Integrate information security incident response plans with the institution’s disaster recovery and business continuity plan.Formulate training and awareness programs for information security incident response.Provide guidance on the resolution of major information security incidents.Facilitate reviews to identify root causes of information security incidents, facilitate corrective actions and re-assess risk.REQUIREMENTS: Bachelor’s degree in Computer Science or Information Systems, or an equivalent NQF-7 accredited qualification.An accredited, internationally recognised Information Systems Security certification.Demonstrable IT Service Management experience.A minimum of 3 – 5 years’ relevant Information Security (InfoSec) Management experience in an enterprise environment.Proficiency in legal, regulatory, and other compliance requirements related to InfoSec (e.g., POPIA).Successful track record in developing and managing InfoSec projects / programs.Experience in Security incident management, Security Investigations, and root cause analysis.Advanced proficiency in MS Office (MS Word, Excel, Power Point).Excellent English Communication skills (verbal and written).Strong facilitation and inter-personal skills.Strong business acumen.Preferred Qualifications, Skills, and Experience:CISSP certification (Certified Information Systems Security Professional).CISM certification (Certified Information Security Manager),Experience in developing InfoSec policies, plans and procedures aligned to ISO/IEC 27001 & 27002 standards.An accredited certification in Problem Management (e.g., Kepner Tregoe or related ITIL intermediate course).An accredited IT Risk Management certification (e.g., M_o_R) at intermediate / practitioner level.Accredited certification in Project Management (e.g., PMP, Prince2).COBIT-5 certification in IT Governance.Experience in the use of Microsoft Project.Experience working in the Higher Education sector would be advantageous.ATTRIBUTES:Diagnostic information gathering, analytical thinking and problem-solving skills.Demonstrated ability to work unsupervised to meet deadlines and to deliver results.Excellent planning, co-ordination, and time management skills.Effective teamwork and the ability to collaborate and build strong relationships with diverse stakeholder groups.Good business acumen and understanding of business requirements on ICT.Thoroughness and attention to quality and detail.Ability to influence, establish focus, and to lead and motivate teams to achieve common goals.Excellent customer & service orientation.Good listening skills and inter-personal awareness.Strong personal credibility.
Apply now and a member of the team at Datafin will get in touch with you to discuss your career options further.