IT Risk and Compliance Manager - Department of Information Technology Services

UP Professional and Support

DEPARTMENT OF INFORMATION TECHNOLOGY SERVICES

IT RISK AND COMPLIANCE MANAGER

PEROMNES POST LEVEL 6

In pursuit of the ideals of excellence and diversity, the University of Pretoria wishes to invite applications for the following vacancy.

The University of Pretoria's commitment to quality makes us one of the top research Universities in the country and gives us a competitive advantage in international science and technology development.

Job Purpose

The Risk and Compliance Manager provides a coordinating and management function to holistically coordinate the security, risk and legal compliance requirements for Information Technology Services. An increasingly complex internal environment, expansion of systems and technologies into the cloud, and sophisticated cyber-attacks expose the University to risks. In addition, legislation related to the protection of personal information, has increased requirements for information security and the impact of potential security breaches.

Responsibilities

The successful candidates’ responsibilities will include, but are not limited to:

• ITS security strategy:
• Define principles for security management and ensure implementation;
• Create, review and coordinate UP IT policies, addressing security, business continuity, risk management, and legal compliance requirements, and their continuous updating;
• Manage and coordinate the ITS security strategy;
  
  

• Information governance and privacy protection:
• Liaise with the Institutional Manager: Information Governance on information governance policies and procedures, to ensure the proper governance and privacy protection of the University’s electronic information assets;
  
  

• Risk management:
• Monitor IT threats and risks as identified in reports published by organisations specialising in IT security;
• Coordinate the risk management function and risk register within ITS;
  
  

• Business continuity and disaster recovery:
• Manage and coordinate business continuity and disaster management plans in ITS;
• Liaise with Professional Services and Faculties with respect to business continuity and disaster management;
  
  

• Security audits:
• Liaise with the internal and external auditors, and coordinate ITS participation in such;
• Coordinate and monitor action plans to address the findings of audit reports;
  
  

• Legal compliance requirements:
• Monitor risks and liabilities due to legislation, and the initiation and coordination of action plans to address these;
  
  

• Compliance with best / standard practices:
• Manage and coordinate ITS compliance with legal requirements, international standards, and UP policy, as well as compliance of users with ITS policy:
• Ensuring IT policy, standards and procedures align with legal requirements;
• Ensuring IT policy, standards and procedures follow international standards as far as possible and reasonable;
• Ensuring the continued improvement of critical ITS processes in line with best practices and maturity guidelines;

• Security awareness programmes:
• Manage and coordinate user security awareness programmes to increase UP’s user community’s awareness of security risks and of their role and responsibilities in ensuring cybersecurity.
  

Minimum Requirements

• Relevant Bachelors / BTech degree or NQF level 7 qualification;
• COBIT or ITIL certified;
• A total of five years’ experience in:
• Governance, risk and compliance;
• Technical experience in aspects of IT, with responsibility for operational security;
• IT project management;
• IT support or client services.
  

Required Competencies (skills, Knowledge And Behavioural Attributes)

• Knowledge:
• Security frameworks, standards and best practices;
• Governance frameworks and principles;
• Risk management frameworks and principles;
• IT and privacy legislation;
• Technical competencies:
• Computer literate;
• Behavioural competencies:
• Ability to:
• Work independently, and in a team;
• Consistently deliver excellent work under stress;
• Liaise professionally and successfully with role players and stakeholders in Information Technology both within and outside ITS;
• Do independent research on matters related to the duties of the position;
• Coordinate the activities related to governance, security, compliance, risk and business continuity of the technical personnel in all the divisions of ITS;
• Apply sound judgement in coordinating activities related to security, compliance, risk and business continuity;
• Assist the Deputy Director by correctly delegating applicable issues within the IT organisation on behalf of the Deputy Director, and only escalating exceptions for the attention of the Deputy Director;
• Follow up and manage the due dates of delegated tasks;
• Build and administrate web sites with a web content management system;
• Gain insight into technical management systems and interaction between organisational units;
• Conflict handling and organising skills;
• Good communication skills;
• Language proficiency in English.
  

Added Advantages And Preferences

• A relevant Honours degree;
• A total of two years’ relevant experience:
• In IT security management;
• Exposure to all aspects of the academic environment, including student interaction, research, lecturing and administration;
• Outside a university environment.
  

PLEASE NOTE: All shortlisted candidates may be required to participate in relevant skills assessments as part of the selection process.

The annual remuneration package will be commensurate with the incumbent’s level of appointment, as determined by UP policy guidelines. UP subscribes to the BESTMED and UMVUZO medical aid schemes and contributes 50% of the applicable monthly premium.

Applicants are requested to apply online at www.up.ac.za, and follow the link: Careers@UP.

In Applying For This Post, Please Attach

• A comprehensive CV;
• Certified copies of qualifications;
• Names, e-mail addresses and telephone details of three referees whom we have permission to contact.
  
  

CLOSING DATE: 02 June 2025

No application will be considered after the closing date, or if it does not comply with at least the minimum requirements.

ENQUIRIES: Ms V Makhubele, Email: violet.makhubele@up.ac.za for application-related enquiries, and Dr Y Roets, Email: yzelle.roets@up.ac.za for enquiries relating to the post content.

Should you not hear from the University of Pretoria by 31 August 2025, please accept that your application has been unsuccessful.

The University of Pretoria is committed to equality, employment equity and diversity.

In accordance with the Employment Equity Plan of the University and its Employment Equity goals and targets, preference may be given, but is not limited to candidates from under-represented designated groups.

All candidates who comply with the requirements for appointment are invited to apply.

By applying for this vacancy, the candidates consent to undergo verification of personal credentials and related information including, but not limited to, qualifications, criminal record, credit record, current and historic disciplinary proceedings as part of the selection process.

The University of Pretoria reserves the right to not fill the advertised positions.