IT Risk and Compliance Manager - Department of Information Technology Services - 24301

UP Professional and Support

DEPARTMENT OF INFORMATION TECHNOLOGY SERVICES

IT RISK AND COMPLIANCE MANAGER

PEROMNES POST LEVEL 6

In pursuit of the ideals of excellence and diversity, the University of Pretoria wishes to invite applications for the following vacancy.

The University of Pretoria's commitment to quality makes us one of the top research Universities in the country and gives us a competitive advantage in international science and technology development.

JOB PURPOSE:

The Risk and Compliance Manager provides a coordinating and management function to holistically coordinate the security, risk and legal compliance requirements for IT Services. An increasingly complex internal environment, expansion of systems and technologies into the cloud, and sophisticated cyber-attacks expose the University to risks. In addition, legislation related to the protection of personal information, has increased requirements for information security and the impact of potential security breaches.

RESPONSIBILITIES:

The successful candidate's responsibilities will include, but are not limited to:

• ITS security strategy:
  • Ensure sufficient organisational structures exist to properly manage and coordinate ITS security functions;
  • Ensure roles and responsibilities regarding security management and coordination are defined;
  • Manage and coordinate IT policies addressing security, business continuity, risk management and legal compliance requirements;
  • Collaborate with the Registrar's office on ensuring the proper governance and privacy protection of the University's information assets;

• Information governance and privacy protection:
  • Liaison with the Institutional Manager: Information Governance on information governance policies and procedures, to ensure the proper governance and privacy protection of the University's electronic information assets;
  • Partaking as an active member of the Institutional Information Governance Team who is responsible to:
    • Record, rate, and manage institution-wide information security risks;
    • Provide advice on information security to the institution;
    • Support the University's information custodians on matters of cybersecurity; management of information risks in their domains, and implementation of security controls; and
    • Assist with the assessment of information security incidents and coordination of the incident response;

• Risk management:
  • Create and maintain a detailed register of IT risks;
  • Liaise with the deputy directors of ITS and the technical personnel in their divisions with identification of risks and appropriate control measures to address these;
  • Coordinate regular re-assessment of risks and updates of current/proposed strategies to mitigate risks, and coordinate regular reporting of progress with risk response plans for critical and high risks;
  • Coordinate feedback on risks to institutional Risk Management structures, and update of IT risks in the UP strategic risk register;
  • Monitor IT threats and risks as identified in reports published by organisations specialising in IT security;
  • Coordinate the risk management function and risk register within ITS;
  • Conduct research on the status of threats to IT service delivery;

• Business continuity and disaster recovery:
  • Manage and coordinate business continuity plans and disaster management plans in ITS;
  • Liaise with professional services and faculties with respect to business continuity and disaster management;

• Security audits:
  • Liaise with the internal and external auditors, and coordination of ITS participation in such;
  • Coordinate and monitor action plans to address the findings of audit reports;

• Legal compliance requirements:
  • Monitor risks and liabilities due to legislation, and the initiation and coordination of action plans to address these;
  • Keep informed of applicable legislation e.g. laws on information security and access to electronic information;

• Compliance with best/standard practices:
  • Ensure that ITS policies, standards and procedures address reasonable standard practices and are implemented;
  • Oversee the process to review all ITS policies, standards and procedures within agreed time periods, as well as the approval, ratification, publishing and announcement of such documents;
  • Facilitate annual assessments of identified critical processes in ITS against standard practices, and monitoring of improvement plans to ensure continued growth in the maturity of these processes to meet their desired maturity/capability levels;
  • Manage and coordinate ITS compliance with legal requirements, international standards, and UP policy, as well as compliance of users with ITS policy;

• Security awareness programmes:
  • Manage and coordinate user security awareness programmes to increase UP's user community's awareness of security risks and of their role and responsibilities in ensuring cybersecurity;
  • Stay informed on current cyber-attacks targeting UP's user community and informing them of these, and respond to user requests for security advice.

MINIMUM REQUIREMENTS:

• An applicable B-degree, e.g. B.Sc. (Computer Science) or B.Eng. (NQF 7);
• Five years' governance, risk and compliance experience;
• Two years' technical experience in aspects of IT, with responsibility for operational security;
• Two years' experience in:
  • IT project management;
  • IT support or client services.

REQUIRED COMPETENCIES (SKILLS, KNOWLEDGE AND BEHAVIOURAL ATTRIBUTES):

• Knowledge:
  • Security frameworks, standards and best practices;
  • Governance frameworks and principles;
  • Risk management frameworks and principles;
  • IT and privacy legislation;

• Technical Competencies:
  • Computer literacy;

• Behavioural Competencies:
  • Ability to:
    • Work independently and in a team;
    • Consistently deliver excellent work under stress;
    • Do independent research on matters related to the duties of the job;
    • Coordinate the activities related to governance, security, compliance, risk and business continuity of the technical personnel in all the divisions of ITS;
    • Apply sound judgement in coordinating activities related to security, compliance, risk and business continuity;
    • Follow up and manage the due dates of delegated tasks;
    • Build and administrate web sites with a web content management system;
    • Gain insight into technical management systems and interaction between organisational units;
  • Ability and sufficient insight to assist the Deputy Director by correctly delegating applicable issues within the IT organisation on behalf of the Deputy Director, and only escalating exceptions for the attention of the Deputy Director;
  • Conflict handling and organising skills;
  • Good communication skills;
  • Language proficiency in English.

ADDED ADVANTAGES AND PREFERENCES:

• An applicable Honours degree;
• Experience in IT security management;
• Exposure to all aspects of the academic environment, including student interaction, research, lecturing and administration;
• Applicable experience outside a University environment;
• COBIT or ITIL certified.

PLEASE NOTE: All shortlisted candidates may be required to participate in relevant skills assessments as part of the selection process.

The annual remuneration package will be commensurate with the incumbent's level of appointment, as determined by UP policy guidelines. UP subscribes to the BESTMED and UMVUZO medical aid schemes and contributes 50% of the applicable monthly premium.

Applicants are requested to apply online at www.up.ac.za, and follow the link: Careers@UP.

In applying for this post, please attach:

• A comprehensive CV;
• Certified copies of qualifications;
• Names, e-mail addresses and telephone details of three referees whom we have permission to contact.

CLOSING DATE: 29 September 2021

No application will be considered after the closing date, or if it does not comply with at least the minimum requirements.

ENQUIRIES: Ms V Makhubele, Email: violet.makhubele@up.ac.za , Tel: (012) 420 6920 for application-related enquiries and Dr Y Roets, Email: yzelle.roets@up.ac.za , Tel: (012) 420 4071 for enquiries relating to the post content.

Should you not hear from the University of Pretoria by 30 November 2021, please accept that your application has been unsuccessful.

The University of Pretoria is committed to equality, employment equity and diversity.

In accordance with the Employment Equity Plan of the University and its Employment Equity goals and targets, preference may be given, but is not limited to candidates from under-represented designated groups.

All candidates who comply with the requirements for appointment are invited to apply. All candidates agree to undergo verification of personal credentials.

The University of Pretoria reserves the right to not fill the advertised positions.