director, compliance, risk and information · oversee information security governance and program...
TRANSCRIPT
Director, Compliance, Risk and
Information
P O S I T I O N D E S C R I P T I O N | D I R E C T O R , C O M P L I A N C E , R I S K & I N F O R M A T I O N
Position purpose
The Director, Compliance, Risk and Information is responsible for providing strategic,
operational and practical support to the organisation in relation to the effective management
of risk and compliance obligations. The role focuses on creating and implementing a
framework which manages risks, improves operational efficiencies and ensures compliance
with the relevant standards and regulations.
The Director plays a critical role in promoting a risk aware culture and working across the
organisation to embed a compliance culture. This role is accountable for developing plans
and processes for protecting the integrity and security of the organisation’s information and
data. The role will Chair the GOTAFE Compliance Committee and work collaboratively with
quality and compliance managers across the organisation to develop and implement an
organisational quality management system for GOTAFE.
The Director will lead, motivate, support and develop a multidisciplinary team; ensuring the
delivery of high quality outcomes for the organisation. Critically, this role is accountable for
leading a collaborative customer orientated department that works effectively with the
broader organisation to deliver on key objectives.
Key areas of responsibility
Compliance:
Promote a culture of compliance.
Ensure GOTAFE complies with legal and regulatory requirements in the normal
course of its business.
Implement the GOTAFE Compliance Framework and associated compliance policies
and procedures.
Provide support to the business to enable effective management of compliance
within their area of responsibility.
Ensure compliance related incidents are managed appropriately.
Drive process development and execution of all activities required to continuously
improve compliance processes and lower potential risks.
Provide appropriate assurance to the Board, Audit Committee and the Executive
around the operation of the Compliance Framework.
Risk Management:
Promote a culture of risk awareness, ensuring GOTAFE pursues its strategy and
business objectives, based on prudent risk management disciplines.
Develop and implement GOTAFE’s Enterprise Risk Management Framework.
Work with the Board and Executive to establish a risk appetite, key risk indicators,
prioritisation of risk and reporting.
P O S I T I O N D E S C R I P T I O N | D I R E C T O R , C O M P L I A N C E , R I S K & I N F O R M A T I O N
Liaise with divisional heads to ensure completion of quality department risk registers,
and the adequacy of proposed actions in relation to the management or risk areas
highlighted in internal audit reports.
Identify training needs for risk management and oversee development of enterprise
risk competence and awareness across the organisation.
Monitor implementation of action plans to ensure risk mitigation efforts are
proceeding as required.
‘Test’ the effectiveness of cascading risk management approach to business decision
making.
Information Security:
Foster a security conscious culture and ensure that GOTAFE manages critical data
in line with an appropriate risk management profile.
Oversee information security governance and program management.
Drive IT security strategies and policies.
Manage risk exposure, controls and processes relating to information management
systems.
Develop and implement strategies to manage security incidents
Ensure regular reporting to the Board and Executive on strategies in place to secure
information and mitigate risks.
Work with the executive and divisional heads to maintain secure information
management systems.
P O S I T I O N D E S C R I P T I O N | D I R E C T O R , C O M P L I A N C E , R I S K & I N F O R M A T I O N
GOTAFE Organisational structure
GOTAFE’s senior leadership team is made up of the CEO, four Executive Directors and
seventeen Directors. All play key roles in influencing the culture and performance of
GOTAFE.
There are four key divisions in the GOTAFE structure:
Education – responsible for ensuring that GOTAFE provides the best possible education, training and learning experiences for all student cohorts across all education sectors.
Student Attraction and Community Engagement – responsible for the start of a student’s journey at GOTAFE and for ensuring that GOTAFE strategically engages with its key stakeholders across the community; including industry and community groups.
People & Innovation – responsible for ensuring that GOTAFE is an employer of choice and for cultivating a culture of innovation and strong organisational performance.
Corporate Services - responsible for the optimal performance of the internal operations of GOTAFE.
Director, Office of the CEO
Chief Executive Officer
Executive Director, People and Innovation
Director, People and Culture
Director, Innovation and Performance
Executive Director, Corporate Services
Director, Asset Management and
Facilities
Director, Finance and Procurement
Director, Digital Solutions
Director, Compliance, Risk and Information
Executive Director, Student Attraction and
Community Engagement
Director, Student Attraction and Enrolment
Director, Student Pathways
Director, Communication and
Engagement
Executive Director, Education
Director, Health, Wellbeing and
Community
Director, Technology and Built Environment
Director, Services and Natural Environment
Director, Further Learning, Koorie and
Multicultural
Director, Customised Learning Solutions
Director, Education Quality
Director, Student Success
P O S I T I O N D E S C R I P T I O N | D I R E C T O R , C O M P L I A N C E , R I S K & I N F O R M A T I O N
Organisational relationship
Executive Director, Corporate Services
Director, Asset Management and Facilities
Director, Finance and Procurement
Director, Digital Solutions
Director, Compliance, Risk and Information
P O S I T I O N D E S C R I P T I O N | D I R E C T O R , C O M P L I A N C E , R I S K & I N F O R M A T I O N
Key stakeholders
Internal External
Executive Director, Corporate
Services
CEO
Board (and Audit Committee)
Executive Team
Staff
Students
Department of Education and Training
GOTAFE Auditors
Higher Education and Skills Group
Australian Skills Quality Authority
Office of the Victorian Information Commissioner
Skills and capabilities required for position
The Director, Compliance, Risk and Information is expected to demonstrate the following key
skills and capabilities in their role:
Leadership
Clearly communicate and exemplify the vision and values of GOTAFE.
Inspire and foster talent and build capability within department.
Create and maintain a culture that supports high level staff engagement and performance.
Provide strong and accountable leadership to ensure delivery of performance objectives.
Show sensitivity and understanding in negotiating, mediating and resolving conflict.
Engage directors and managers from other departments and campuses to ensure
collaboration and effective delivery of outputs.
Lead and foster a team that is client-centric, solutions-orientated and a genuine partner
for the wider organisation.
Management
Actively contribute to all corporate planning and reporting requirements to inform
decision making at various levels.
Ability to manage an annual department budget working to the agreed budget, including
set targets.
Ability to deal with complex matters that may not have established guidelines and
procedures.
Monitor priorities to ensure meaningful work is delivered that supports operational and
organisational objectives.
Ability to think critically and strategically to make informed decisions.
Strategic planning
Deliver high quality, evidence based strategic advice and guidance to the CEO, the
Executive and Board.
Contribute towards the long-term strategic direction of GOTAFE, through the
implementation of relevant areas of the strategic plan and other organisational
strategies.
Compliance
P O S I T I O N D E S C R I P T I O N | D I R E C T O R , C O M P L I A N C E , R I S K & I N F O R M A T I O N
Sound understanding of the compliance risk management processes AS ISO
19600:2015.
Expertise in compliance trends and emerging strategies.
Knowledge of relevant external bodies in both the public and private sector.
Risk Management
Knowledge of key risk assessment techniques and risk management systems
(AS31000).
ISO27001 ISMS accreditation.
Expertise in risk management trends and emerging strategies.
Information Security
Knowledge of Victorian Protective Data Security Framework.
Understanding of the obligations under the Office of the Victorian Information
Commissioner.
High level understanding of information security.
High level understanding of data governance.
P O S I T I O N D E S C R I P T I O N | D I R E C T O R , C O M P L I A N C E , R I S K & I N F O R M A T I O N