"Chief Information Security Officer (CISO) (AD05)"

Job: IRC105553

Add to Basket Refer Apply Now

Description

Job Title Chief Information Security Officer (CISO) (AD05)

Location Johannesburg, ZA

Organization Name Wits ICT

Department Description

Brief Description

The University seeks to appoint a highly experienced leader in information security to drive its cybersecurity strategy, governance, and operational excellence. The incumbent will be responsible for establishing and maintaining an institution-wide security program that ensures the confidentiality, integrity, availability, and resilience of information assets across all environments. This strategic role requires exceptional leadership, broad cybersecurity expertise, and the ability to communicate cyber risk and value to executive stakeholders while ensuring compliance with evolving regulatory landscapes.

Responsibilities:

1. Establish governance and build knowledge

• Implement and manage a robust information security governance structure, including an IS steering committee or advisory board.
• Provide regular reporting to senior leadership structures on cybersecurity status and risks.
• Develop, socialize, and coordinate approval of security policies.
• Integrate information security requirements into vendor and procurement processes.
• Lead targeted information security awareness and training programs.
• Drive consistent application of security controls across IT, privacy, compliance, and business continuity areas.
• Lead security champion programs and embed cyber judgement across decentralized decision-making environments.

2. Lead the organisation

• Lead and manage the University’s information security function in alignment with business goals.
• Define information security operating models and approaches in consultation with stakeholders.
• Manage the security budget and ensure cost-efficient operations.
• Direct hiring, capability development, performance management, and certification of security, audit, risk and compliance team members.
• Implement and oversee the Information Security Management System (ISMS).

3. Develop the security strategy

• Develop and communicate a security vision aligned with institutional priorities.
• Implement a comprehensive, multi-year information security strategy.
• Identify unmanaged technology and drive secure onboarding into formal IT environments.
• Facilitate risk assessment processes and empower departments to manage risks aligned to the University’s risk appetite.

4. Develop and maintain relevant policies, standards, frameworks

• Develop and maintain security frameworks aligned to ISO 27001, NIST, COBIT, and other global standards.
• Create and manage a risk-based control framework incorporating legal and regulatory requirements.
• Maintain up-to-date security policies, standards, and guidelines.
• Create frameworks defining information ownership, classification, and protection.
• Develop metrics and reporting frameworks for University-wide cybersecurity maturity.

5. Stakeholder management

• Build strong internal networks with executives, compliance, audit, legal, HR, and operational teams.
• Maintain external networks with security peers, vendors, and agencies, including law enforcement.
• Represent the University in cybersecurity forums and maintain awareness of emerging threats.

6. Operations management

• Oversee the performance of all cybersecurity, audit, risk and compliance operations against best practice and industry benchmarks.
• Establish risk-based processes for third-party, vendor, and ecosystem security assessments.
• Oversee independent audits and act as the primary contact for security issues.
• Embed a security by design culture within technology teams.
• Work with compliance and privacy offices to ensure adherence to data protection laws.
• Manage incident response, threat monitoring, business continuity, and disaster recovery processes.
• Oversee contract reviews, cloud security, forensic investigations, and information asset management.

Academic qualification/s:

• Relevant bachelor’s degree (NQF level 7 Information Systems or similar).
• Advanced certifications such as CISM, CISSP, CISA, or CASP which are current.

Years of work-related experience:

• Minimum 5 years of relevant managerial experience
• Minimum 10 years of work-related experience

Detailed description

Job requirements

Additional details

How to apply

Please submit a covering letter for the post, and a detailed CV with names, addresses, contact numbers and e-mail addresses of 3 referees.

By submitting an application for this post the applicant acknowledges that their personal information will be processed by the University. The applicant, by their conduct in proceeding with an application for this position, gives their consent to the processing of their personal information as required by the University’s Recruitment, Selection and Appointment Policy. Such processing includes logging their information on the University’s recruitment systems and disclosing their personal information to University employees identified to take part in the selection and recruitment process. The applicant consents to any further processing of their personal information as may be required for relevant verification and reference check purposes. The confidentiality of the applicant's personal information will be maintained.

Closing date: 20 February 2026

The University is committed to employment equity. Preference may be given to appointable applicants from the underrepresented designated groups in terms of the relevant employment equity plans and policies of the University. The University retains the right not to make an appointment and to verify all information provided by candidates.

Please note that correspondence will only be entered into with shortlisted candidates. The University reserves the right not to make an appointment or to re-advertise.