ICT Governance Risk & Compliance (GRC) Officer

Overall role and context:

#SETUW

A standby panel may be formed from the competition from which future vacancies may be filled.

SETU is an internationally oriented organisation with a focus on further enhancing its role as an exceptional quality of life driver within the regional, national, and international higher education landscape.

Reporting to the Head of Cybersecurity and ICT Risk and working alongside our ICT and Risk and Compliance Teams, the ICT Governance Risk & Compliance (GRC) Officer will have extensive previous GRC experience and will be responsible for ensuring ongoing ICT & cybersecurity governance, risk management, and compliance for the university.

Industry certification e.g. CRISC, CGRC, CISA, ISO27001 lead implementer/auditor or similar would be beneficial.

You will cover multiple areas of ICT security and risk management, including guiding the university’s continued cybersecurity framework certification and IT risk management activities. The role is crucial in identifying and minimising ICT risk, ensuring compliance and good governance to safeguard the university’s operational capabilities and organisational reputation.

This is a fantastic opportunity for you to provide guidance, governance, implement and manage cybersecurity controls, ICT risk processes, procedures, training and ensure continued audit compliance to industry best practices, ISO27001 and/or similar Certification, legal requirements, and public sector standards.

Principal duties and responsibilities:

The ICT Governance Risk & Compliance (GRC) Officer will, under the direction of the Head of Cybersecurity & ICT Risk, assist and be responsible for the review, implementation and continued management of cybersecurity certifications and ICT risk management activities across SETU. They will work alongside the University’s Risk and Compliance Teams, support the ICT Management Teams and if the need arises may report on certain matters directly to the VP Governance/University Secretary.

Responsibilities:

The principal responsibilities associated with this role include, but are not limited to the following:

• Create, maintain, test and audit information security policies, procedures and processes.

• For Cybersecurity framework controls/certification, lead the surveillance and certification audits, liaising with the external assessors and key stakeholders as required.

• Develop and maintain a cybersecurity & GRC KPI dashboard for the ICT and university management teams.

• Incrementally improve information collection processes and streamline compliance reporting.

• Stay current with emerging ICT risks and industry trends, and the wider cybersecurity threat landscape.

• Collaborate with ICT and business teams to integrate cybersecurity GRC considerations into project lifecycles and business processes.

• Work closely with the university Risk and Compliance team and DPO to ensure an aligned and consistent approach to cybersecurity and information security regulations, best practice and legalisation (such as GDPR) is applied.

• Manage/oversee ongoing cybersecurity and data protection awareness training (with the DPO) and ensure quality of content, delivery, tracking and reporting.

• Work with the ICT teams and key stakeholders to identify potential ICT risks and threats, including ongoing cyber threats, data breaches, system failures, and compliance issues.

• Conduct thorough ICT risk assessments to determine the likelihood and potential impact of identified internal and external ICT risks, in line with the SETU Risk Management policy.

• Propose & monitor risk treatment actions to ensure completion and effectiveness.

• Identify opportunities to improve and streamline the various ICT risk management activities.

• Collaborate with internal/external audits and compliance teams to ensure effective risk management practices are followed.

• Communicate ICT risk information and mitigation strategies to various key stakeholders, including ICT teams, senior management, and the broader HEA risk and governance forums.

• Provide regular risk reports to ICT senior management team, highlighting key risks and mitigation efforts.

• Ensure ongoing compliance with relevant regulatory requirements, public and industry standards/controls, and SETU policies.

• Coordinate with relevant teams and/or departments to obtain and validate required information, assessing information for completeness to meet compliance requirements.

• Identify any compliance gaps, track remediation, and provide regular reports on compliance activities to ICT management and/or other key stakeholders.

• Other duties as may be assigned from time to time by the Head of Cybersecurity & ICT Risk.

The above provides a broad outline of the duties and responsibilities attached to the position as currently envisaged. These may change over time in the context of evolving SETU objectives and organisational restructuring.

Person specification – Qualifications, Knowledge, Experience and Skills:

• A relevant Honours Degree (First or Second class) or equivalent.

• A minimum of 3 years relevant post qualification experience in a Governance, Risk and Compliance (GRC) role in education and/or similar sized private sector organisation.

• Experienced in cybersecurity controls, auditing, risk management or a related field with demonstrable experience and understanding of ISO 27001/2, NIST, CIS, or other information security framework/s.

• Excellent organisational, communication (both orally and in writing), analytical and technical skills including the ability to produce and present high quality plans, presentations, and reports.

• Excellent skills with the ability to work to established deadlines and develop prioritisation of requirements.

• Ability to work collaboratively and supportively with a wide variety of cross-functional stakeholders, both internal and external.

Hours of Work: The appointee will be required to work 35 hours per week together with such additional hours as may be required from time to time for the proper discharge of their duties.

Salary: The Gross Salary Scale applicable to the post is €60,011 - €78,015 per annum on a full time basis as at 01/08/2025.

Annual Leave: 29 days annual leave. Annual Leave will be in accordance with arrangements authorised by the Minister for Further and Higher Education, Research, Innovation and Science from time to time.