IT Risk and Compliance Manager

**UP Professional and Support**:
DEPARTMENT OF INFORMATION TECHNOLOGY SERVICES

IT RISK AND COMPLIANCE MANAGER

PEROMNES POST LEVEL 6- The University of Pretoria's commitment to quality makes us one of the top research Universities in the country and gives us a competitive advantage in international science and technology development._

JOB PURPOSE:
The Risk and Compliance Manager provides a coordinating and management function to holistically coordinate the security, risk and legal compliance requirements for Information Technology Services. An increasingly complex internal environment, expansion of systems and technologies into the cloud, and sophisticated cyber-attacks expose the University to risks. In addition, legislation related to the protection of personal information, has increased requirements for information security and the impact of potential security breaches.

RESPONSIBILITIES:

- ITS security strategy:

- Define principles for security management and ensure implementation;
- Create, review and coordinate UP IT policies, addressing security, business continuity, risk management, and legal compliance requirements, and their continuous updating;
- Manage and coordinate the ITS security strategy;
- Information governance and privacy protection:

- Liaise with the Institutional Manager: Information Governance on information governance policies and procedures, to ensure the proper governance and privacy protection of the University’s electronic information assets;
- Risk management:

- Monitor IT threats and risks as identified in reports published by organisations specialising in IT security;
- Coordinate the risk management function and risk register within ITS;
- Business continuity and disaster recovery:

- Manage and coordinate business continuity and disaster management plans in ITS;
- Liaise with Professional Services and Faculties with respect to business continuity and disaster management;
- Security audits:

- Liaise with the internal and external auditors, and coordinate ITS participation in such;
- Coordinate and monitor action plans to address the findings of audit reports;
- Legal compliance requirements:

- Monitor risks and liabilities due to legislation, and the initiation and coordination of action plans to address these;
- Compliance with best / standard practices:

- Manage and coordinate ITS compliance with legal requirements, international standards, and UP policy, as well as compliance of users with ITS policy:

- Ensuring IT policy, standards and procedures align with legal requirements;
- Ensuring IT policy, standards and procedures follow international standards as far as possible and reasonable;
- Ensuring the continued improvement of critical ITS processes in line with best practices and maturity guidelines;
- Security awareness programmes:

- Manage and coordinate user security awareness programmes to increase UP’s user community’s awareness of security risks and of their role and responsibilities in ensuring cybersecurity.

MINIMUM REQUIREMENTS:

- Relevant Bachelors / BTech degree or NQF level 7 qualification;
- COBIT or ITIL certified;
- A total of five years’ experience in:

- Governance, risk and compliance;
- Technical experience in aspects of IT, with responsibility for operational security;
- IT project management;
- IT support or client services.

REQUIRED COMPETENCIES (SKILLS, KNOWLEDGE AND BEHAVIOURAL ATTRIBUTES):

- Knowledge:

- Security frameworks, standards and best practices;
- Governance frameworks and principles;
- Risk management frameworks and principles;
- IT and privacy legislation;
- Technical competencies:

- Computer literate;
- Behavioural competencies:

- Ability to:

- Work independently, and in a team;
- Consistently deliver excellent work under stress;
- Liaise professionally and successfully with role players and stakeholders in Information Technology both within and outside ITS;
- Do independent research on matters related to the duties of the position;
- Coordinate the activities related to governance, security, compliance, risk and business continuity of the technical personnel in all the divisions of ITS;
- Assist the Deputy Director by correctly delegating applicable issues within the IT organisation on behalf of the Deputy Director, and only escalating exceptions for the attention of the Deputy Director;
- Follow up and manage the due dates of delegated tasks;
- Build and administrate web sites with a web content management system;
- Gain insight into technical management systems and interaction between organisational units;
- Conflict handling and organising skills;
- Good communication skills;
- Language proficiency in English.

ADDED ADVANTAGES AND PREFERENCES:

- A relevant Honours degree;
- A total of two years’ relevant experience:

- In IT security management;
- Exposure to all aspects of the academic environment, including student interaction, research, lecturing and administration;
- Outside a university environment.

The