The Council for Scientific and Industrial Research (CSIR) is a leading scientific and technology research organisation that researches, develops, localises and diffuses technologies to accelerate socio-economic prosperity in South Africa. The organisations work contributes to industrial development and supports a capable state.
Chief Information Security Officer (CISO)
About The Job
The CSIR has a vacancy for a Chief Information Security Officer who will be responsible for leading the Information Security Office and maintaining a comprehensive CSIR-wide information security programme to ensure that all CSIR information assets are adequately protected against current/future and internal/external threats. Tasked with developing and implementing policies, standards, procedures, and oversight of information security in the CSIR, ensuring the organisation can identify various security concerns, gaps and remedial actions to guarantee security of operations. Works with executive management to determine acceptable levels of IT risk for the organisation. This position is based in Pretoria
Key Responsibilities
Leadership
- Develop, review and drive implementation of information security policy, strategy and short (annual)- and long-range operational plans in order to ensure secure operations across the CSIR;
- Maintain a comprehensive, CSIR-wide information security programme;
- Oversee ISO Cybersecurity Centre of Innovation managers and teams, allocating resources to ensure that staff deliver secure and robust IT solutions to the CSIRs requirements;
- Manage and develop staff to ensure high calibre personnel who achieve performance objectives in support of the CSIR mission and vision as they pertain to information security;
- Conduct performance management contracting and reviews for all staff at the recommended periods, for the purpose of managing improving service delivery.
- Provide leadership and vision for information security at the CSIR;
- Provide managerial oversight in the development and implementation of an information security programme, ensuring the programme is continuously updated in alignment with the changing threat landscape;
- Determine projects and priorities for all CSIR information security issues;
- Direct the dissemination of CSIR information security policies;
- Oversee development of an effective information security incident response plan and determine metrics measure effectiveness;
- Lead the response to information security incidents and act as the primary control point in the case of any significant information security incidents;
- Define vulnerability management programme and oversee the planning and execution of vulnerability audits, penetration testing, or forensic IT audits and investigations, ensuring the results improve CSIRs information security through developing metrics to prove its effectiveness;
- Oversee development of CSIR wide information security training and awareness programme
- Oversee the development and implementation of all necessary information security controls;
- Understand and interact with RDI divisions and support functions across the CSIR (through risk management or other committees) to ensure the consistent application of policies and standards across all technology projects, systems, and services;
- Advise the CSIR regarding internal or external information security threats to allow CSIR to focus efforts and allocate budget for their mitigation;
- Provide technical guidance on information security products and technical controls to the CSIR business as a whole;
- Manage the information security team to proactively analyse, and directly respond to internal and external threats to information infrastructure and minimise / mitigate risk;
- Conduct risk assessments in alignment with the CSIR Risk Management Process;
- Ensure security controls in place support the compliance to national data and protection of information regulations;
- Build formal relationship with thirdparties, vendors and industry as well as threat intelligence feed providers and establish forum for information exchange;
- Stay abreast of changing technologies, developing threats, including cybersecurity risks, and regulatory changes affecting the CSIRs information security, and respond accordingly;
- Understand and examine the impact of new technologies on the CSIRs information security, establishing processes to review the implementation of new technologies to ensure security compliance.
- Develop and manage the Information Security Office budget;
- Manage information security assets;
- Ensure cost effective service delivery;
- Ensure compliance with financial legislative requirements.
- A Bachelors degree in information technology (IT) Computer Science, Information Systems, Computer Engineering, or related field with at least eight yearsexperience in ICT services, of which five years should be in a management role;
- Must also have five years relevant experience managing Information Security and risk, particularly in large organisations or projects;
- A proven track record in:
- Business continuity, disaster recovery, risk management, vulnerability assessments and incident management
- Defining information security architecture
- Negotiating with vendors and service providers
- People management, including performance management
- Project management
- Budgeting and cost models and management
- Strategic planning
- Operational planning andimplementation
- Resource planning and optimisation
- Understanding industry standards and regulations
- Communication and engagement with senior executives
- Influencing stakeholder acceptance of appropriate Information Security improvements and corrective actions
- Knowledge of and competence in the provision of Information Security services including:
- Knowledge of national and international information security standards and regulations
- Working knowledge of protocols that deal with intrusion detection, intrusion prevention, and firewalls
- Knowledge of techniques for ethical hacking and threat modelling
- Knowledge of relevant IT security related hardware, software, and vendor solutions
- Overall understanding of the operating systems used within CSIR and the scripting and programming languages used by the ICT and ISO teams
- Knowledge of common information security management frameworks
- Supervisory and incident management skills
- Ability to balance the long-term and short-term implications of individual decisions
- Ability to remain neutral towards technology, vendor and product choices, as well as to be more interested in results than in personal preferences
- Knowledge of continuous improvement processes, process control and enhancement
- Financial, planning and strategic management skills
- Policy development and administration skills
PLEASE NOTE THAT FEEDBACK WILL BE GIVEN TO SHORTLISTED CANDIDATES ONLY.
Closing date: 17 June 2024
For more info, please email us at Recruitmentinfo@csir.co.za. Please do-not send your application to this mailbox, it is only for inquiries.
The CSIR is an equal opportunity employer. As such, it is committed to the employment Equity Act and will through the filling of this vacancy, give preference to candidates from designated groups in terms of the Employment Equity Act. By applying for this position at the CSIR, the applicant understands, and agrees that the CSIR may solicit a credit and criminal report from registered credit bureau and/or South African Police Services (in relation to positions that requires trust and honesty and/or entail the handling of cash or finances), and may also verify the applicants educational qualification and employment history. The CSIR reserves the right to remove the advertisement at any time before the stated closing date and it further reserves the right not to appoint if a suitable candidate is not identified.
