Key Performance Areas:

 IT Risk Identification

• Identify and classify potential threats and vulnerabilities across the university’s people, information, processes, and technology.
• Develop comprehensive IT risk scenarios and stakeholder accountabilities to gauge their impact on achieving business goals and objectives.
• Maintain the IT risk register to incorporate identified risk scenarios into the institutional risk profile and combined assurance practices.

 IT Risk Assessment

• Assess, maintain and evaluate existing control effectiveness for IT risk mitigation.
• Ensure clear accountability by assigning risk ownership at appropriate levels.
• Communicate risk assessment outcomes to senior management for informed decision-making.

 IT Risk Response & Mitigation

• Support risk owners in developing risk action plans where necessary.
• Advise on the design, implementation, or adjustment of mitigating controls to manage risks effectively.
• Maintain the IT Risk and Control Matrix.
• Assist control owners in developing control procedures for efficient execution.
• Validate the execution of risk responses as per action plans.
• Contribute to developing a risk awareness program to foster a risk-aware culture and facilitate risk training.

 IT Risk and Control Monitoring & Reporting

• Assist with the ongoing refinement and improvement of IT risk-related dashboard reports.
• Assist with the preparation and dissemination of IT Risk management reports, ensuring reporting deadlines are met.
• Establish key risk and performance indicators (KRIs and KPIs) and thresholds to measure risk control performance and monitor changes or trends in the IT risk profile.
• Report on the performance, changes, or trends in the overall IT risk profile and control environment to management and stakeholders for decision-making.

 Internal/External Audits/Compliance

• Co-ordinate activities required to fulfil the requirements of efficient internal and external IT audits.
• Provide consultation and advice on audit scope, remediation, and strategic items related to the IT audits and control environment.
• Represent IT at the UWC Personal Information Reference Group which co- ordinates the institution’s response to managing the POPIA compliance risk.

Minimum Requirements

• Possess a Bachelors degree in Information Systems or Computer Science or an equivalent NQF-7 qualification, coupled with a minimum of 5 years of experience in IT Risk Management or
• Alternatively, hold an internationally recognised risk management certification within the industry accompanied by a minimum of 8 years of relevant and equivalent experience in IT Risk Management
• Proficiency in legal, regulatory, standards, governance and other compliance requirements pertaining to IT Risk Management and a higher education environment (e.g. COBIT, ISO2700x, ISO31000, ISO27701, COSO, NIST, CIS, POPIA etc.)

Preferred requirements include:

• The international CRISC (Certified in Risk and Information Systems Control) certification;
• An accredited certification in Problem Management (e.g. Kepner Tregoe or related ITIL intermediate course);
• Experience in IT Service Management, including incident and problem management;
• COBIT-5 certification in IT Governance;
• Experience in developing and maintaining IT Risk management policies, processes and procedures aligned to recognised industry leading practice;
• Good experiential knowledge and understanding of an enterprise business systems architecture (including data centre; server environment; storage network; databases; operating systems; applications; WAN & LAN networks);
• Good understanding of threats and vulnerabilities relating to: data management; the software development lifecycle (SDLC); project & program management; IT service continuity and disaster recovery; IT operations;
• Proficiency in business process review tools and techniques;
• Proficiency in capability assessment models and improvement techniques and strategies; 
• Good understanding of information security controls, concepts and principles;
• Advanced proficiency in MS Office (MS Word, Excel, Power Point)
• Experience working in the Higher Education sector