22 Oct
University of Pretoria
Krugersdorp
DEPARTMENT OF INFORMATION TECHNOLOGY SERVICES
ITS SECURITY MANAGER
PEROMNES POST LEVEL 7
The successful candidate’s responsibilities will include, but are not limited to:
Security architecture and strategy:
Develop an information security architecture;
Plan, develop, implement, maintain and test security strategy;
Ensure infrastructure architecture and security solutions are implemented in line with industry best practices;
Provide support to IT projects that require security solutions;
Advise on information security opportunities that can be adapted to meet strategic objectives;
Be responsible for developing and supporting cyber security strategies and initiatives;
Plan and co-ordinate implementation of defences against security breaches and vulnerabilities;
Evaluate systems based on security requirements;
Co-ordinate a strategy to prevent, detect and monitor possible unauthorized intrusion/access;
Co-ordination of IT security activities, security policies and standards:
Liaise with the IT Risk and Compliance Manager;
Study and stay current with industry standard best practices for IT security, and emerging security trends and tools;
Develop and maintain relevant operational security policies, practices and procedures consistent with legislation and best practices on diverse environments;
Provide guidance to operational teams by defining access privileges, control structures and resources;
Audits and security incidents:
Function as team leader of the ITS CSIRT;
Co-ordinate investigations of suspected and actual security breaches, issues and incidents, with their resolutions by the CSIRT, in accordance with the security incident management process;
Produce reports of investigations into suspected and actual security breaches with recommendations, and ensure that remedial action is taken;
Participate in audits and compliance reviews, and co-ordinate the required actions to ensure that identified operational security gaps are addressed;
Establish relationships with law enforcement, internet service providers, the SANReN/TENET, CSIRT, etc., to facilitate the gathering of evidence and potential prosecution of attackers;
Threats and risk analysis:
Proactively assess and identify risks and mitigating strategies within the ITS Operations Division;
Co-ordinate and ensure regular external and internal vulnerability scans and penetration testing;
Co-ordinate research into and assessment of the impact of new threats by the ITS CSIRT;
Analyse malware behaviour, network infection patterns, and security incidents;
Subscribe to, and consider, threat reports and advisories from relevant CSIRTs and vendors, and co- ordinate pro-active ITS responses as required.
CLOSING DATE: 31 October 2024
No application will be considered after the closing date, or if it does not comply with at least the minimum requirements
B Degree in an applicable field such as Computer Science, Informatics, Information Technology, or Engineering, with:
A total of four years’ experience in/with:
An ITS security environment;
Endpoint, Network, Information or Application Security.;
OR
Three-year National Diploma in an applicable field such as Computer Science, Informatics,
information Technology, or Engineering, with:
A total of six years’ experience in/with:
An ITS security environment;
Endpoint, Network, Information or Application Security.
REQUIRED COMPETENCIES (SKILLS, KNOWLEDGE AND BEHAVIOURAL ATTRIBUTES):
Knowledge of:
Life-cycle management of IT systems and data;
Relevant legislation;
An understanding of best practices for security management;
Security frameworks such as Secure Access Service Edge (SASE), Zero Trust Network Access (ZTNA), and Defence in Depth;
End point security (EDR and XRD), SIEM, MFA, PIM/PAM, NAC;
Unified Threat Management (UTM);
Policy and compliance tools;
Technical competencies:
Vendor-specific products and training;
Computer literacy;
Behavioural competencies:
Communication skills;
Interpersonal skills;
Independent worker with initiative.
ADDED ADVANTAGES AND PREFERENCES:
Honour's degree in an applicable field such as Computer Science, Informatics, Information Technology or Engineering;
A total of three years’ experience in:
Penetration testing;
Project management in IT environment;
Security Attack pathologies (network threat analysis);
Systems analysis and synthesis;
Certificates: CompTIA Security + / GSEC / CISM / CEH / CISSP.
The annual remuneration package will be commensurate with the incumbent’s level of appointment, as determined by UP policy guidelines.
UP subscribes to the BESTMED and UMVUZO medical aid schemes and contributes 50% of the applicable monthly premium.
No application will be considered after the closing date, or if it does not comply with at least the minimum requirements.
ENQUIRIES: Ms V Makhubele, Tel: (012) 420 6920 for application-related enquiries and Mr Z Adam, Tel: (012) 420 4234 for enquiries relating to the post content.
Should you not hear from the University of Pretoria by 31 January 2025, please accept that your application has been unsuccessful.
The University of Pretoria is committed to equality, employment equity and diversity.
In accordance with the Employment Equity Plan of the University and its Employment Equity goals and targets, preference may be given, but is not limited to candidates from under-represented designated groups.
All candidates who comply with the requirements for appointment are invited to apply.
By applying for this vacancy, the candidates consent to undergo verification of personal credentials and related information including, but not limited to, qualifications, criminal record, credit record, current and historic disciplinary proceedings as part of the selection process.
The University of Pretoria reserves the right to not fill the advertised positions.
▶️ ITS Security Manager - Department of Information Technology Services
🖊️ University of Pretoria
📍 Krugersdorp