10 Oct
Gijima Holdings
Pretoria
Gijima Staffing Solutions is responding to a tender: We are seeking an IT Risks and Compliance Manager who will be responsible for identifying, managing, and mitigating risks associated with the university's IT infrastructure and processes. The role involves ensuring that IT systems and operations comply with relevant laws, regulations, and internal policies. This position requires a candidate with strong knowledge of risk management, cybersecurity, compliance frameworks, and governance practices.
Key Responsibilities:
- Risk Identification & Assessment:Identify, assess, and prioritize risks associated with IT systems, infrastructure, and processes.
Develop strategies for mitigating risks and ensure appropriate risk management practices are in place.
- Compliance Management:Ensure that the university's IT operations comply with local and international regulations, including POPIA, GDPR, and other data protection laws. Monitor changes in legislation and ensure that the IT environment adheres to compliance requirements.
- Governance Framework Implementation:Implement and maintain IT governance frameworks (e.g., COBIT, ITIL, ISO 27001). Develop and update policies and procedures to ensure proper governance and management of IT resources.
- Audit & Control:Coordinate and manage internal and external audits related to IT risks and compliance. Ensure proper documentation, reporting, and resolution of audit findings. Conduct regular IT control assessments to identify gaps and recommend improvements.
- Security Management:Collaborate with the cybersecurity team to ensure that the university's IT security strategies are robust and aligned with risk management principles. Develop policies to address emerging threats and vulnerabilities.
- Incident Management & Response:Develop and maintain an IT incident management framework. Lead efforts to respond to IT security incidents, breaches, or compliance violations, including investigation and reporting.
- Training & Awareness:Develop and deliver IT risk and compliance training programs for staff, promoting awareness of best practices, regulatory requirements, and risk mitigation techniques.
- Vendor & Third-Party Risk Management:Evaluate and manage risks associated with third-party vendors, ensuring compliance with the university's risk management policies and security standards.
Required Qualifications and Skills:
- Education:
- Bachelor's Degree in Information Technology, Computer Science, Cybersecurity, Business Management,
or a related field.
- Professional certifications in IT risk management, governance, and compliance (e.g., CRISC, CISM, CISSP, ISO 27001 Lead Auditor/Implementer).
Experience:
- Minimum of 4 years of experience in IT risk management, compliance, or IT governance roles.
Technical Skills:
- Strong understanding of risk management frameworks (e.g., COSO, NIST, ISO 31000).
- Knowledge of IT governance frameworks such as COBIT, ITIL, and ISO 27001.
- Familiarity with data protection regulations such as POPIA, GDPR, and international compliance standards.
- Experience with IT audit, control assessments, and incident response.
- Understanding of cybersecurity best practices and risk mitigation techniques.
Soft Skills:
- Strong communication and interpersonal skills, with the ability to engage with stakeholders at all levels.
- Excellent analytical and problem-solving skills.
- Ability to work independently and manage multiple priorities.
- Leadership skills and the ability to influence change.
Tools & Technologies:
- Risk Management Tools: RSA Archer, MetricStream, RiskWatch
- Compliance & Audit Tools: SAP GRC, OneTrust, LogicGate, ZenGRC
- Cybersecurity Tools: SIEM tools (Splunk, IBM QRadar), Endpoint Protection, Firewalls, Vulnerability Management (Qualys, Nessus)
- Governance Tools: COBIT, ITIL,
ISO 27001 platforms
Additional Considerations:
- Experience in educational institutions or public sector compliance will be an advantage.
- Strong understanding of the university's operational and strategic IT needs.
Desired Skills:
- COBIT
- ITIL
- Governance