IT Risk and Compliance Manager

IT Risk and Compliance Manager

RESPONSIBILITIES:- ITS security strategy:- Ensure sufficient organisational structures exist to properly manage and coordinate ITS security functions;- Ensure roles and responsibilities regarding security management and coordination are defined;- Manage and coordinate IT policies addressing security, business continuity, risk management and legal compliance requirements;- Collaborate with the Registrar’s office on ensuring the proper governance and privacy protection of the University’s information assets;- Information governance and privacy protection:- Liaison with the Institutional Manager: Information Governance on information governance policies and procedures,





to ensure the proper governance and privacy protection of the University’s electronic information assets;- Partaking as an active member of the Institutional Information Governance Team who is responsible to:- Record, rate, and manage institution-wide information security risks;- Provide advice on information security to the institution;- Support the University’s information custodians on matters of cybersecurity; management of information risks in their domains, and implementation of security controls; and- Assist with the assessment of information security incidents and coordination of the incident response;- Risk management:- Create and maintain a detailed register of IT risks;- Liaise with the deputy directors of ITS and the technical personnel in their divisions with identification of risks and appropriate control measures to address these;- Coordinate regular re-assessment of risks and updates of current/proposed strategies to mitigate risks,





and coordinate regular reporting of progress with risk response plans for critical and high risks;- Coordinate feedback on risks to institutional Risk Management structures, and update of IT risks in the UP strategic risk register;- Monitor IT threats and risks as identified in reports published by organisations specialising in IT security;- Coordinate the risk management function and risk register within ITS;- Conduct research on the status of threats to IT service delivery;- Business continuity and disaster recovery:- Manage and coordinate business continuity plans and disaster management plans in ITS;- Liaise with professional services and faculties with respect to business continuity and disaster management;- Security audits:- Liaise with the internal and external auditors,





and coordination of ITS participation in such;- Coordinate and monitor action plans to address the findings of audit reports;- Legal compliance requirements:- Monitor risks and liabilities due to legislation, and the initiation and coordination of action plans to address these;- Keep informed of applicable legislation e.g. laws on information security and access to electronic information;- Compliance with best/standard practices:- Ensure that ITS policies, standards and procedures address reasonable standard practices and are implemented;- Oversee the process to review all ITS policies, standards and procedures within agreed time periods, as well as the approval, ratification, publishing and announcement of such documents;- Facilitate annual assessments of identified critical processes in ITS against standard practices,





and monitoring of improvement plans to ensure continued growth in the maturity of these processes to meet their desired maturity/capability levels;- Manage and coordinate ITS compliance with legal requirements, international standards, and UP policy, as well as compliance of users with ITS policy;- Security awareness programmes:- Manage and coordinate user security awareness programmes to increase UP’s user community’s awareness of security risks and of their role and responsibilities in ensuring cybersecurity;- Stay informed on current cyber-attacks targeting UP’s user community and informing them of these, and respond to user requests for security advice.MINIMUM REQUIREMENTS:- An applicable B-degree, e.g. B.Sc. (Computer Science) or B.Eng.





(NQF 7);- Five years’ governance, risk and compliance experience;- Two years’ technical experience in aspects of IT, with responsibility for operational security;- Two years’ experience in:- IT project management;- IT support or client services.REQUIRED COMPETENCIES (SKILLS, KNOWLEDGE AND BEHAVIOURAL ATTRIBUTES):- Knowledge:- Security frameworks, standards and best practices;- Governance frameworks and principles;- Risk management frameworks and principles;- IT and privacy legislation;- Technical Competencies:- Computer literacy;- Behavioural Competencies:- Ability to:- Work independently and in a team;- Consistently deliver excellent work under stress;- Do independent research on matters related to the duties of the job;- Coordinate the activities related to governance, security, compliance, risk and business continuity of the technical personnel in all the divisions of ITS;- F

▶️ IT Risk and Compliance Manager
🖊️ University of Pretoria
📍 Pretoria