The University of the Western Cape (UWC) seeks to appoint an experienced Information & Technology Risk Manager in its Information and Communication Services (ICS) department. The University has set itself exciting and challenging goals in its Institutional Operating Plan (IOP), which rely heavily on ICT to deliver integrated solutions that enable and support its Academic and Research programs, and its Administrative and Professional Services departments. This permanent position, based at the Bellville main campus, will report to the Deputy Director ICS: Governance Risk and Compliance (GRC) and will play a pivotal role in maturing the University's IT Risk Management functional domain and capabilities in the areas of: IT Risk Identification; IT Risk Assessment; IT Risk Response & Mitigation; IT Risk and Control Monitoring & Reporting. This is a demanding but very stimulating role, which requires an experienced individual with the appropriate breadth and depth of business and technical skills and competencies. We invite you to join our team in a very exciting time in the University's history. Key Performance Areas: 1. IT Risk Identification Identify and classify potential threats and vulnerabilities across the university's people, information, processes, and technology. Develop comprehensive IT risk scenarios and stakeholder accountabilities to gauge their impact on achieving business goals and objectives. Maintain the IT risk register to incorporate identified risk scenarios into the institutional risk profile and combined assurance practices. 2. IT Risk Assessment Assess, maintain and evaluate existing control effectiveness for IT risk mitigation. Ensure clear accountability by assigning risk ownership at appropriate levels. Communicate risk assessment outcomes to senior management for informed decision-making. 3. IT Risk Response & Mitigation Support risk owners in developing risk action plans where necessary. Advise on the design, implementation, or adjustment of mitigating controls to manage risks effectively. Maintain the IT Risk and Control Matrix. Assist control owners in developing control procedures for efficient execution. Validate the execution of risk responses as per action plans. Contribute to developing a risk awareness program to foster a risk-aware culture and facilitate risk training. 4. IT Risk and Control Monitoring & Reporting Assist with the ongoing refinement and improvement of IT risk-related dashboard reports. Assist with the preparation and dissemination of IT Risk management reports, ensuring reporting deadlines are met. Establish key risk and performance indicators (KRIs and KPIs) and thresholds to measure risk control performance and monitor changes or trends in the IT risk profile. Report on the performance, changes, or trends in the overall IT risk profile and control environment to management and stakeholders for decision-making. 5. Internal/External Audits/Compliance Co-ordinate activities required to fulfil the requirements of efficient internal and external IT audits. Provide consultation and advice on audit scope, remediation, and strategic items related to the IT audits and control environment. Represent IT at the UWC Personal Information Reference Group which co- ordinates the institution's response to managing the POPIA compliance risk. Possess a Bachelors degree in Information Systems or Computer Science or an equivalent NQF-7 qualification, coupled with a minimum of 5 years of experience in IT Risk Managementor Alternatively, hold an internationally recognised risk management certification within the industry accompanied by a minimum of 8 years of relevant and equivalent experience in IT Risk Management Proficiency in legal, regulatory, standards, governance and other compliance requirements pertaining to IT Risk Management and a higher education environment (e.g. COBIT, ISO2700x, ISO31000, ISO27701, COSO, NIST, CIS, POPIA etc.) Preferred requirements include: The international CRISC (Certified in Risk and Information Systems Control) certification; An accredited certification in Problem Management (e.g. Kepner Tregoe or related ITIL intermediate course); Experience in IT Service Management, including incident and problem management; COBIT-5 certification in IT Governance; Experience in developing and maintaining IT Risk management policies, processes and procedures aligned to recognised industry leading practice; Good experiential knowledge and understanding of an enterprise business systems architecture (including data centre; server environment; storage network; databases; operating systems; applications; WAN & LAN networks); Good understanding of threats and vulnerabilities relating to: data management; the software development lifecycle (SDLC); project & program management; IT service continuity and disaster recovery; IT operations; Proficiency in business process review tools and techniques; Proficiency in capability assessment models and improvement techniques and strategies; Good understanding of information security controls, concepts and principles; Advanced proficiency in MS Office (MS Word, Excel, Power Point) Experience working in the Higher Education sector Required competencies Diagnostic information gathering Analytical thinking and problem-solving Ability to work unsupervised to meet deadlines Excellent planning, coordination, and time management Effective teamwork and relationship-building with diverse stakeholders Good business acumen and understanding of ICT requirements Attention to quality and detail Ability to influence, focus, lead, and motivate teams Strong customer and service orientation Personal credibility Excellent English Communication skills (verbal and written) Excellent report-writing skills Strong facilitation and inter-personal skills Strong business acumen
#J-18808-Ljbffr
