Director: Information Security

Director: Information Security (P5) (Information & Communication Systems: Management Information Systems) Advert reference: uj_ Advert status: Online Apply by: 21 February 2025 Position Summary Job category: Education and Training Campus: Auckland Park Kingsway Campus Contract: Permanent Remuneration: Market Related EE position: EE Introduction The University of Johannesburg (UJ) is a vibrant and cosmopolitan university, anchored in Africa and driven by a powerful strategy focused on attaining global excellence and stature (GES). With an emphasis on independent thinking, sustainable development, and strategic partnerships, UJ is an international university of choice. The University is guided by the Vice-Chancellor’s vision of “Positioning UJ in the Fourth Industrial Revolution (4IR) for societal impact in the context of the changing social, political, and economic fortunes of Africa”. Reporting to the Chief Information Officer within the Information and Communications Systems (ICS) Department, the Director of Information Security Management will be responsible for developing and implementing security strategies, policies and procedures to protect the organisation's data, systems and technology infrastructure from cyber threats and vulnerabilities. Upon joining the Department, you will: Be situated at the Auckland Park Kingsway Campus, but not excluded from supporting all campuses. Fulfil management, leadership, technical and administrative roles in the Department. Responsibilities: If you join the Department, you will: Establish an Information Security Management and Protection Framework for developing and implementing an effective enterprise-wide Information Security Governance and Strategy Programme. Define a Cybersecurity strategy and operating model aligned with UJ business objectives with a clear, tracked and measurable cybersecurity plan. Assume responsibility for UJ's information security and compliance programme, building and leading a high-performing cybersecurity and compliance team and advisory consultancy to business and IT domain leaders. Manage the day-to-day activities, including policies, procedures, training and communication regarding the Information Governance Programme. Perform regular IT Security Maturity Assessments for the respective UJ IT areas, including people, processes and technologies. Lead the security documentation process to ensure progress and auditability. Lead the implementation of a secure system development life cycle. Develop, implement and maintain IT security policies, procedures, standards and practices to ensure conformance with generally accepted practices and mandatory legislation / regulations. Conduct information assets security risk assessment. Lead the implementation and monitoring of information and data quality standards, policies and procedures. Oversee the selection, deployment and validation of IT Information security controls to ensure that security and compliance requirements are met. Ensure that information security threats are identified, detected, responded to, recovered from and followed up on. Ensure security programmes compliancy with relevant laws, regulations and policies to minimise or eliminate risk and audit findings. Integrate an Information and Cyber Security Risk Management Framework. Present regular reports to UJ executives and auditors on the cybersecurity status of the organisation. Collaborate with key stakeholders to proactively identify local issues and areas of risk that impact data quality, availability, and confidentiality. Implement preventive measures and remedial action when required. Conduct security audits to identify gaps and implement controls to mitigate risks. Minimum Qualifications: Degree or any relevant qualification (NQF 8). 5 to 8 years' of management experience in an Information Security Management. Information security, project management and IT service management experience. Outsourced services and management of commercial partners. Managing strategic change in a dynamic operating environment. Translating broad business needs and understanding the key drivers of enterprise applications. Risk assessment and mitigation risk-related industry-standard qualifications such as CISA, CISM or CISSP. Competencies and Behavioural Attributes: Skills: Good interpersonal and communication skills (verbal and written). Ability to maintain sound human relations and