The Information Security Manager is responsible for protecting the university’s computers, servers, network, applications, and data against information security threats, such as security breaches, computer viruses, cyber-attacks, etc. Suggests strategies, approaches, and tools necessary to ensure the confidentiality, integrity, and availability of university electronic data.
Main roles & responsibilities
- Develop and direct the implementation of information security standards and best practices.
- Continuously review, implement and maintain effective security policies, procedures, and practices.
- Develop and assure the implementation of different types of internal technology division audits and assessment activities to ensure continuous improvement within TD (Technology Development).
- Regularly review TD’s compliance with relevant information security policies, procedures, laws, and regulations, and alert VCTD to any non-compliance findings together with the recommended action plans.
- Analyze information security logs for security violations and anomalies, collect incident responses, and carry out forensic investigations when required.
- Conduct penetration testing activities including network penetration testing, web application penetration testing, wireless penetration testing, and communicate the findings with the mitigation procedures to Vice Chancellor.
- Ensure proper protective and/or corrective measures are taken when an information security incident or vulnerability is discovered within a system or application.
- Implement controls for the execution of risk treatment plans and updates the risk register.
- Ensure the TD’s continued compliance and certification for ISO 27001. Be the focal point for TD for internal and external audits.
- Perform information security-related awareness sessions for university stakeholders, as necessary.
Required qualification & skills
- Minimum of 3 years professional experience in a similar position.
- Education and certifications:
- Bachelor degree in Computer Science or Computer Engineering from an accredited University
- 3 of the following certificates (CISSP, CISM, CISA, OSCP, AWS Solutions Architect Associate, AWS Security Specialty)
- Master degree is an advantage
- Strong background in information technology with a clear understanding of the challenges of information security
- Experience with ISO 27001 and ISO 22301 implementation
- Extensive knowledge of networks technologies (protocols, design concepts, access control)
- Experience with AWS cloud infrastructure technologies and AWS security.
- Extensive knowledge of security technologies (encryption, data protection, design, privilege access)
- Experience in developing and directing the implementation of information security standards and best practices.
- Experience in identifying operational risks and managing them.
- Experience with vulnerability assessment systems
- Excellent analytical and problem-solving abilities to identify and fix security risks.