Develop and implement a comprehensive IT GRCstrategy
Development and implementation of ITGovernance, Risk Management, and Compliancepolicies, processes, and procedures
Implementation and embedment of variousframeworks (e.g. COBIT, ITIL, ISO, NIST, SABSA,PRINCE II, CMM, etc)
Implementation of IT controls in alignment with risk,legislative and regulatory requirements, andindustry trends
Develop, monitor and report on IT governancemetrics and performance indicators
Assist in the maintenance of IT alignment activities,including report submissions, across variousgovernance committees and structures
Assist the various IT departments with thedevelopment and maintenance of incidentresponse plan
Assist in the preparation of stakeholdercommunications in response to cyber security incidents
Maintain accurate and up-to-date documentationrelated to IT GRC activities
Establish processes for continuous monitoring andreporting on compliance and risk managementactivities
Conduct periodical internal risk assessments invarious IT departments and tracking of applicationaccess reviews, active directory reviews, information security maturity, network andvulnerability assessments, and IT Audits identifyingany gaps or areas for improvement
Lead preparations and facilitate audits for ITcertifications, such as ISO27001
Maintain and drive the implementation of mitigationcontrols of the IT Risk Register
Continuously analyze the effectiveness of IT andInformation Security controls
Collaborate with internal stakeholders to performrisk analysis on information hosted by third partiesand controls implemented, ensuring themaintenance of acceptable levels of residual risk
Ensure visibility of audit and risks by escalating tothe relevant committees
Facilitate IT disaster recovery and businesscontinuity initiatives, including testing
Continuously assess the adequacy of the IT andInformation Security business continuity anddisaster recovery plans in conjunction with Risk
Management Develop an IT risk profile for the university inalignment with the approved Risk Managementframework and process
Coordinate and support internal and externalcompliance audits
Oversee and evaluate compliance with regulatoryrequirements and practices to ensure that ITrelated activities adhere to prescribed standards
Ensure the organizations IT practices meet allapplicable legal and regulatory requirements
Manage execution of compliance activities toenhance the university's compliance maturity withthe applicable legal and regulatory standards suchas POPIA, ETC Act, Cybercrimes Act
Oversee and facilitate data protection activities toensure full compliance with POPIA and associatedregulations concerning personally identifiableinformation and business-related sensitiveinformation
Develop, implement, and monitor reportingmechanisms for IT Governance, Risk
Management, and Audit, to support complianceand highlight areas of exposure to management
Ensure timely and accurate reporting to regulatorybodies as required