Administrative Positions
Full time
The Information Security Manager is responsible for protecting the university’s computers, servers, network, applications, and data against information security threats, such as security breaches, computer viruses, cyber-attacks, etc. Suggests strategies, approaches, and tools necessary to ensure the confidentiality, integrity, and availability of university electronic data.
Main roles & responsibilities
  1. Develop and direct the implementation of information security standards and best practices.
  2. Continuously review, implement and maintain effective security policies, procedures, and practices.
  3. Develop and assure the implementation of different types of internal technology division audits and assessment activities to ensure continuous improvement within TD (Technology Development).
  4. Regularly review TD’s compliance with relevant information security policies, procedures, laws, and regulations, and alert VCTD to any non-compliance findings together with the recommended action plans.
  5. Analyze information security logs for security violations and anomalies, collect incident responses, and carry out forensic investigations when required.
  6. Conduct penetration testing activities including network penetration testing, web application penetration testing, wireless penetration testing, and communicate the findings with the mitigation procedures to Vice Chancellor.
  7. Ensure proper protective and/or corrective measures are taken when an information security incident or vulnerability is discovered within a system or application.
  8. Implement controls for the execution of risk treatment plans and updates the risk register.
  9. Ensure the TD’s continued compliance and certification for ISO 27001. Be the focal point for TD for internal and external audits.
  10. Perform information security-related awareness sessions for university stakeholders, as necessary.
Required qualification & skills
  • Minimum of 3 years professional experience in a similar position.
  • Education and certifications:
    • Bachelor degree in Computer Science or Computer Engineering from an accredited University
    • 3 of the following certificates (CISSP, CISM, CISA, OSCP, AWS Solutions Architect Associate, AWS Security Specialty)
    • Master degree is an advantage
  • Strong background in information technology with a clear understanding of the challenges of information security
  • Experience with ISO 27001 and ISO 22301 implementation
  • Extensive knowledge of networks technologies (protocols, design concepts, access control)
  • Experience with AWS cloud infrastructure technologies and AWS security.
  • Extensive knowledge of security technologies (encryption, data protection, design, privilege access)
  • Experience in developing and directing the implementation of information security standards and best practices.
  • Experience in identifying operational risks and managing them.
  • Experience with vulnerability assessment systems
  • Excellent analytical and problem-solving abilities to identify and fix security risks.