Manager Risk Management

The Manager, Risk Management is responsible for strengthening and governing the University's risk management framework, while also serving as the designated lead for institutional data protection matters.

The role ensures that operational, strategic, compliance, academic, regulatory, data protection, and institutional risks are systematically identified, assessed, monitored, mitigated, and reported. The role will work closely with department leaders, schools, faculties, and governance functions such as Registry, Quality Assurance and Accreditation, Legal, Finance, People & Culture, ICT, and other relevant stakeholders to embed sound risk management and data protection practices across the University.

The role will also support reporting to the Board of Governors, TEG Board Commitee, and other senior management or governance forums as required.

Key Responsibilities

1. Risk Management Framework and Governance

• Develop, maintain, and continuously improve the University's risk management framework, policies, procedures, tools, templates, and reporting standards.
• Ensure that the risk management framework is aligned with the University's governance structure, regulatory requirements, institutional priorities, and Group-level risk expectations.
• Provide guidance to departments and functions on the application of risk management principles, including risk identification, risk assessment, mitigation planning, controls, monitoring, escalation, and reporting.
• Ensure that risk ownership, accountability, and reporting lines are clearly defined across schools, faculties, departments, and central functions.

2. Operational Risk Management Activities

• Plan, coordinate, and implement annual and periodic operational risk management activities across the University.
• Facilitate risk assessment sessions with department leaders and risk owners to identify key operational, compliance, academic, student experience, financial, people, digital, reputational, data protection, and regulatory risks.
• Support departments in developing practical mitigation plans, control measures, and action plans to manage identified risks.
• Track the progress of risk mitigation actions and follow up with risk owners to ensure timely closure or escalation where necessary.

3. Risk Register Management and Monitoring

• Maintain and consolidate the University's risk register, ensuring that risks are properly documented, rated, assigned to owners, and updated on a regular basis.
• Review risk registers submitted by schools, faculties, departments, and governance functions to ensure consistency, quality, completeness, and alignment with the University's risk methodology.
• Monitor changes in risk exposure, emerging risks, overdue mitigation actions, control gaps, and significant risk trends.
• Prepare risk dashboards, heatmaps, summaries, and management reports to support decision-making by senior leadership and governance committees.

4. Data Protection Officer Designate

• Serve as the institution's Data Protection Officer designate and act as the internal focal point for data protection governance, compliance, advisory, and coordination.
• Support the University in strengthening its compliance with applicable data protection requirements, including the Personal Data Protection Act and relevant institutional policies, standards, and procedures.
• Work with Legal, ICT, Registry, People & Culture, Student Experience, Marketing, Admissions, academic units, and other data-processing functions to ensure that personal data risks are identified, assessed, managed, and escalated appropriately.
• Provide guidance to departments on data protection matters, including personal data handling, consent, access controls, data retention, data sharing, third-party processing, data subject requests, breach escalation, and privacy-by-design considerations.
• Coordinate data protection impact assessments, data mapping, breach response documentation, and remediation tracking where required.
• Maintain oversight of institutional data protection risks and ensure that material issues are reflected in the University's risk register and governance reporting.
• Support awareness-building and training initiatives to improve staff understanding of data protection obligations and responsible data-handling practices.

5. Stakeholder Collaboration and Advisory

• Collaborate closely with Registry, Quality Assurance and Accreditation, Legal, Finance, ICT, People & Culture, Health and Safety, Student Experience, Marketing, Admissions, and other governance or control functions to ensure integrated risk and data protection oversight.
• Act as a subject matter expert and internal advisor on risk management and data protection matters, providing practical guidance to business and academic stakeholders.
• Promote risk and data protection awareness through briefings, workshops, guidance notes, and training.
• Encourage a proactive culture where departments identify, discuss, and address risks, control gaps, and data protection issues before they escalate into major incidents.

6. Governance Reporting and Committee Support

• Prepare risk and data protection reports, papers, presentations, and updates for the University's senior management, Board of Governors, Educrest Risk Management Committee, and other relevant governance forums.
• Coordinate the preparation of meeting materials, risk updates, action trackers, privacy compliance updates, and follow-up items arising from governance meetings.
• Ensure that reporting is accurate, timely, clear, and sufficiently analytical to support governance oversight and decision-making.
• Track decisions and actions from Board or Committee meetings and work with relevant stakeholders to ensure appropriate follow-through.

7. Compliance, Assurance and Continuous Improvement

• Work with internal stakeholders to identify areas where risk controls, data protection controls, policies, processes, or governance mechanisms require strengthening.
• Coordinate with internal audit, compliance, quality assurance, registry, accreditation, legal, ICT, and other assurance functions to ensure risk and data protection matters are appropriately addressed.
• Support reviews of incidents, audit findings, regulatory matters, accreditation issues, data breaches, complaints, and control weaknesses to identify root causes and preventive actions.
• Recommend improvements to the University's risk management and data protection processes, tools, reporting cadence, and governance practices.

Key Requirements

• The candidate should possess a bachelor's degree in Law, Risk Management, Business Administration, Accounting, Finance, Governance, Management, Information Governance, or a related discipline.
• Professional training or certification in legal practice, risk management, enterprise risk management, data protection, privacy, compliance, governance, internal audit, or project management would be an added advantage.
• The preferred candidate should have legal or risk management professional training, with the ability to interpret regulatory requirements, assess institutional risk exposure, and translate governance obligations into practical operating processes.
• The role requires at least 8 to 12 years of relevant working experience in risk management, governance, internal audit, compliance, enterprise risk management, data protection, privacy governance, legal, or a related function. Experience in higher education, regulated sectors, professional services, financial services, healthcare, or complex matrix organisations would be advantageous.
• The candidate should have strong knowledge of enterprise risk management principles, operational risk management, governance reporting, internal controls, risk registers, mitigation tracking, committee reporting, and data protection governance.
• Experience in preparing reports or papers for senior management, boards, audit committees, risk committees, or governance forums is highly desirable.

Key Competencies

• The candidate must be structured, analytical, and able to translate risk, compliance, and data protection issues into clear, practical, and actionable recommendations.
• Strong stakeholder management skills are essential, as the role requires working with academic leaders, professional services departments, governance functions, and senior management.
• The candidate should be confident in facilitating risk and data protection discussions, challenging assumptions constructively, and guiding risk owners without creating unnecessary bureaucracy.
• Strong written communication skills are required, particularly in preparing board-level papers, risk summaries, dashboards, data protection updates, presentations, and action trackers.
• The candidate should also demonstrate sound judgement, discretion, attention to detail, independence, and the ability to handle sensitive institutional and personal data matters professionally.

Success Measures

Success in this role will be measured by the effective implementation of the University's risk management framework, the quality and timeliness of risk and data protection reporting, the completeness and accuracy of the consolidated risk register, the timely follow-up of mitigation actions, and the level of risk and data protection awareness across departments.

The role will also be assessed based on the quality of support provided to senior management, the Board of Governors, and TEG Board Committee, as well as the ability to strengthen institutional risk culture, improve data protection discipline, and enhance governance practices across the University.