Job Description

Title of PositionManager: IT Risks & ControlsPost Number8026354Faculty/DepartmentUniversity of the Western Cape -> ICS Department -> IT Operations & ServicesType of PositionPermanent - Full TimeLength of Contract PeriodLocationMain Campus - Bellville, WC ZA (Primary)Closing Date22/9/2024Role Clarification & Key Performance AreasThe University of the Western Cape (UWC) seeks to appoint an experienced Information & Technology Risk Manager in its Information and Communication Services (ICS) department.The University has set itself exciting and challenging goals in its Institutional Operating Plan (IOP), which rely heavily on ICT to deliver integrated solutions that enable and support its Academic and Research programs, and its Administrative and Professional Services departments.This permanent position, based at the Bellville main campus, will report to the Deputy Director ICS: Governance Risk and Compliance (GRC) and will play a pivotal role in maturing the University's IT Risk Management functional domain and capabilities in the areas of: IT Risk Identification; IT Risk Assessment; IT Risk Response & Mitigation; IT Risk and Control Monitoring & Reporting.This is a demanding but very stimulating role, which requires an experienced individual with the appropriate breadth and depth of business and technical skills and competencies.We invite you to join our team in a very exciting time in the University's history.Key Performance Areas:1. IT Risk Identification

• Identify and classify potential threats and vulnerabilities across the university's people, information, processes, and technology.
• Develop comprehensive IT risk scenarios and stakeholder accountabilities to gauge their impact on achieving business goals and objectives.
• Maintain the IT risk register to incorporate identified risk scenarios into the institutional risk profile and combined assurance practices.

2. IT Risk Assessment

• Assess, maintain and evaluate existing control effectiveness for IT risk mitigation.
• Ensure clear accountability by assigning risk ownership at appropriate levels.
• Communicate risk assessment outcomes to senior management for informed decision-making.

3. IT Risk Response & Mitigation

• Support risk owners in developing risk action plans where necessary.
• Advise on the design, implementation, or adjustment of mitigating controls to manage risks effectively.
• Maintain the IT Risk and Control Matrix.
• Assist control owners in developing control procedures for efficient execution.
• Validate the execution of risk responses as per action plans.
• Contribute to developing a risk awareness program to foster a risk-aware culture and facilitate risk training.

4. IT Risk and Control Monitoring & Reporting

• Assist with the ongoing refinement and improvement of IT risk-related dashboard reports.
• Assist with the preparation and dissemination of IT Risk management reports, ensuring reporting deadlines are met.
• Establish key risk and performance indicators (KRIs and KPIs) and thresholds to measure risk control performance and monitor changes or trends in the IT risk profile.
• Report on the performance, changes, or trends in the overall IT risk profile and control environment to management and stakeholders for decision-making.

5. Internal/External Audits/Compliance

• Co-ordinate activities required to fulfil the requirements of efficient internal and external IT audits.
• Provide consultation and advice on audit scope, remediation, and strategic items related to the IT audits and control environment.
• Represent IT at the UWC Personal Information Reference Group which co- ordinates the institution's response to managing the POPIA compliance risk.

Minimum Requirements

• Possess a Bachelors degree in Information Systems or Computer Science or an equivalent NQF-7 qualification, coupled with a minimum of 5 years of experience in IT Risk Management or
• Alternatively, hold an internationally recognised risk management certification within the industry accompanied by a minimum of 8 years of relevant and equivalent experience in IT Risk Management
• Proficiency in legal, regulatory, standards, governance and other compliance requirements pertaining to IT Risk Management and a higher education environment (e.g. COBIT, ISO2700x, ISO31000, ISO27701, COSO, NIST, CIS, POPIA etc.)

Preferred requirements include:

• The international CRISC (Certified in Risk and Information Systems Control) certification;
• An accredited certification in Problem Management (e.g. Kepner Tregoe or related ITIL intermediate course);
• Experience in IT Service Management, including incident and problem management;
• COBIT-5 certification in IT Governance;
• Experience in developing and maintaining IT Risk management policies, processes and procedures aligned to recognised industry leading practice;
• Good experiential knowledge and understanding of an enterprise business systems architecture (including data centre; server environment; storage network; databases; operating systems; applications; WAN & LAN networks);
• Good understanding of threats and vulnerabilities relating to: data management; the software development lifecycle (SDLC); project & program management; IT service continuity and disaster recovery; IT operations;
• Proficiency in business process review tools and techniques;
• Proficiency in capability assessment models and improvement techniques and strategies;
• Good understanding of information security controls, concepts and principles;
• Advanced proficiency in MS Office (MS Word, Excel, Power Point)
• Experience working in the Higher Education sector

Required competencies

• Diagnostic information gathering
• Analytical thinking and problem-solving
• Ability to work unsupervised to meet deadlines
• Excellent planning, coordination, and time management
• Effective teamwork and relationship-building with diverse stakeholders
• Good business acumen and understanding of ICT requirements
• Attention to quality and detail
• Ability to influence, focus, lead, and motivate teams
• Strong customer and service orientation
• Personal credibility
• Excellent English Communication skills (verbal and written)
• Excellent report-writing skills
• Strong facilitation and inter-personal skills
• Strong business acumen

In your application, you are encouraged to highlight your strengths and include anything else you deem exceptional and outstanding to be considered by the selection panel. In addition, please attach a cover letter motivating your suitability, a detailed curriculum vitae and the highest qualification to your online profile. To be considered for this vacancy, you must click on the Apply for this Job link below or apply directly via UWC Careers at https://uwc.hua.hrsmart.com/hr/ats/JobSearch/viewAll. For any queries, please contact the Human Resources Department at +27 21 959 4063/9763/9708/3551/3756 or email: e-recruitment@uwc.ac.zaDISCLAIMER: By applying for the position, you consent to the University sharing your application, including curriculum vitae, with University stakeholders to process the application. In line with the University's commitment to diversifying its workforce, preference will be given to suitably qualified applicants in line with our Employment Equity Targets. The official retirement age at UWC is 65 years. The University reserves the right to not make an appointment, make an appointment at a different level, seek additional candidates and may conduct competency assessments.

University of the Western Cape