Chief Information Security Officer (CISO) (AD05) at University of the Witwatersrand

Responsibilities:

Establish Governance and Build Knowledge

• Implement and manage a robust information security governance structure, including an IS steering committee or advisory board.
• Provide regular reporting to senior leadership structures on cybersecurity status and risks.
• Develop, socialize, and coordinate approval of security policies.
• Integrate information security requirements into vendor and procurement processes.
• Lead targeted information security awareness and training programs.
• Drive consistent application of security controls across IT, privacy, compliance, and business continuity areas.
• Lead security champion programs and embed cyber judgement across decentralized decision-making environments. 

Lead the Organisation

• Lead and manage the University’s information security function in alignment with business goals.
• Define information security operating models and approaches in consultation with stakeholders.
• Manage the security budget and ensure cost-efficient operations.
• Direct hiring, capability development, performance management, and certification of security, audit, risk and compliance team members.
• Implement and oversee the Information Security Management System (ISMS).

Develop the Security Strategy

• Develop and communicate a security vision aligned with institutional priorities.
• Implement a comprehensive, multi-year information security strategy.
• Identify unmanaged technology and drive secure onboarding into formal IT environments.
• Facilitate risk assessment processes and empower departments to manage risks aligned to the University’s risk appetite. 

  
Develop and Maintain Relevant Policies, Standards, Frameworks

• Develop and maintain security frameworks aligned to ISO 27001, NIST, COBIT, and other global standards.
• Create and manage a risk-based control framework incorporating legal and regulatory requirements.
• Maintain up-to-date security policies, standards, and guidelines.
• Create frameworks defining information ownership, classification, and protection.
• Develop metrics and reporting frameworks for University-wide cybersecurity maturity.

 
Stakeholder Management

• Build strong internal networks with executives, compliance, audit, legal, HR, and operational teams.
• Maintain external networks with security peers, vendors, and agencies, including law enforcement.
• Represent the University in cybersecurity forums and maintain awareness of emerging threats.

Operations Management

• Oversee the performance of all cybersecurity, audit, risk and compliance operations against best practice and industry benchmarks.
• Establish risk-based processes for third-party, vendor, and ecosystem security assessments.
• Oversee independent audits and act as the primary contact for security issues.
• Embed a security by design culture within technology teams.
• Work with compliance and privacy offices to ensure adherence to data protection laws.
• Manage incident response, threat monitoring, business continuity, and disaster recovery processes.
• Oversee contract reviews, cloud security, forensic investigations, and information asset management.

Academic Qualification/s:

• Relevant Bachelor’s degree (NQF level 7 Information Systems or Similar).
• Advanced certifications such as CISM, CISSP, CISA, or CASP which are current.

Years of Work-Related Experience:

• Minimum 5 years of relevant managerial experience
• Minimum 10 years of work-related experience

Closing Date: 20 February 2026