ResponsibilitiesDevelop and implement a comprehensive IT GRC strategyDevelopment and implementation of IT Governance, Risk Management, and Compliance policies, processes, and proceduresImplementation and embedment of various frameworks (e.g. COBIT, ITIL, ISO, NIST, SABSA, PRINCE II, CMM, etc)Implementation of IT controls in alignment with risk, legislative and regulatory requirements, and industry trendsDevelop, monitor and report on IT governance metrics and performance indicatorsAssist in the maintenance of IT alignment activities, including report submissions, across various governance committees and structuresAssist the various IT departments with the development and maintenance of incident response planAssist in the preparation of stakeholder communications in response to cyber security incidentsMaintain accurate and up-to-date documentation related to IT GRC activitiesEstablish processes for continuous monitoring and reporting on compliance and risk management activities.Develop an IT risk profile for the university in alignment with the approved Risk Management framework and processConduct periodical internal risk assessments in various IT departments and tracking of application access reviews, active directory reviews, information security maturity, network and vulnerability assessments, and IT Audits identifying any gaps or areas for improvementLead preparations and facilitate audits for IT certifications, such as ISO27001Maintain and drive the implementation of mitigation controls of the IT Risk RegisterContinuously analyze the effectiveness of IT and Information Security controlsCollaborate with internal stakeholders to perform risk analysis on information hosted by third parties and controls implemented, ensuring the maintenance of acceptable levels of residual riskEnsure visibility of audit and risks by escalating to the relevant committeesFacilitate IT disaster recovery and business continuity initiatives, including testingContinuously assess the adequacy of the IT and Information Security business continuity and disaster recovery plans in conjunction with Risk ManagementCoordinate and support internal and external compliance auditsOversee and evaluate compliance with regulatory requirements and practices to ensure that IT-related activities adhere to prescribed standardsEnsure the organizations IT practices meet all applicable legal and regulatory requirementsManage execution of compliance activities to enhance compliance maturity with the applicable legal and regulatory standards such as POPIA, ETC Act, Cybercrimes ActOversee and facilitate data protection activities to ensure full compliance with POPIA and associated regulations concerning personally identifiable information and business-related sensitive informationDevelop, implement, and monitor reporting mechanisms for IT Governance, Risk Management, and Audit, to support compliance and highlight areas of exposure to managementEnsure timely and accurate reporting to regulatory bodies as requiredQualificationsBachelors Degree in IT or related qualification5 years experience in a similar roleCGEIT, CRISC, CISA, GIAC certifications are advantageous
#J-18808-Ljbffr
