Senior Manager: ICT Audit, Risk and Compliance at University of the Witwatersrand

Main purpose of this position/job is:

• The primary purpose of the Senior Manager: ICT Audit, Risk, and Compliance role is to ensure the security and integrity of the university's IT systems through rigorous audit practices, comprehensive risk management, and strict compliance with regulatory standards.
• This role is critical in safeguarding the university’s information assets, mitigating ICT-related risks, and establishing a robust IT Risk management framework.
• The Senior Manager will provide leadership and expertise to protect the university’s data and IT infrastructure, ensuring alignment with strategic goals and regulatory requirements.
• Key responsibilities include identifying and assessing IT risks, conducting thorough IT audits, ensuring adherence to compliance mandates, and developing frameworks that support the university's ICT risk management strategies.
• This role requires close collaboration with various stakeholders, including academic and administrative departments, to foster a culture of continuous improvement in ICT audit, risk management, and compliance.

Minimum Requirements:

• Bachelor’s degree in information technology, Computer Science, Information Systems, or a related field (NQ7)

Required Years of Work-Related Experience:

• Min 7 – 10 years of experience in IT Audit, Risk, and Compliance.
• At least 3-5 years of experience in management.
• Management Development Program

Professional certifications

• ITIL Certification
• COBIT
• Certified Information Systems Auditor (CISA),
• Certified in the Governance of Enterprise IT (CGEIT)
• Certified Information Security Manager (CISM)
• Certified in Risk and Information Systems Control (CRISC)
• Project Management

Key Responsibilities:

Risk Management:  

• Identify and assess ICT-related risks across the university; Develop and implement risk management strategies and mitigation plans; Monitor and report on risk exposure and the effectiveness of risk mitigation measures; Conduct regular risk assessments and update the risk register.

IT Auditing:

• Develop and execute comprehensive ICT audit plans; Conduct ICT audits including pre-audit planning, fieldwork, and reporting; Evaluate the effectiveness of ICT controls and identify areas for improvement; Prepare detailed audit reports with findings and recommendations.

Compliance:

• Ensure compliance with relevant laws, regulations, and industry standards; Develop and maintain IT compliance policies and procedures; Conduct compliance audits and reviews; Provide training and awareness programs on compliance requirements.

IT GRC and Cybersecurity Projects:

• Serve as the Business Lead on GRC and cybersecurity-related projects; Assist with Scoping, Planning, Execution and Monitoring of GRC and cybersecurity-related projects. 

Management and Team Leadership:

• Lead and manage a team of Governance Risk & Compliance Specialists and the Forensic; Investigation function; Provide guidance, mentorship, and performance management for team members; Develop and implement team objectives and individual performance goals; Conduct regular team meetings and facilitate professional development opportunities; Ensure effective communication and collaboration within the team and with other departments. 

Reporting:

• Produce Audit, Risk, and Compliance-related management reports for various Governance and Management structures; Demonstrated ability to proactively identify emerging ICT risks and effectively communicate these to relevant stakeholders.