NATIONAL STUDENT FINANCIAL AID SCHEME (NSFAS) VACANCIES

NATIONAL STUDENT FINANCIAL AID SCHEME (NSFAS)

The following vacancy exists at NSFAS in Cape Town.

SENIOR MANAGER: ENTERPRISE RISK MANAGEMENT
Type & Grade Permanent, D3
Vacancy No 39 of 2025/26
Department & Unit Enterprise Risk Management

POSITION OVERVIEW:
The role will be responsible for the risk management operations of the entire organisation, covering the identification, assessment, control of risk activities, managing potential risks that could impact NSFAS's operations, financial stability, and reputation on a sustainable basis. This includes analysing the various types of risks, such as financial, operational, strategic, and compliance risks, and developing strategies to mitigate or transfer these risks. The role will also be required to develop and implement an Enterprise Risk Management framework, tools, practices, and policies to assess, analyse, manage, and report NSFAS’s enterprise risks according to an enterprise risk management framework. The Senior Manager will lead or provide key inputs into the enterprise risk or other committees that oversee the risk management process and ensure alignment with NSFAS strategies and objectives applicable laws (e.g., PFMA) and good governance principles.

RESPONSIBILITIES:
Enterprise Risk Strategy and Framework Development and Deployment

Drive the development and management of the Enterprise Risk Management framework that integrates risk management with the strategic objectives of the organisation, including the frameworks for and conduct periodic assessments for specific risk categories to include Fraud and Information Technology Security.
Design and maintain Risk Management Policy, and Risk Appetite Statement in line with ISO 31000, King IV, and the Public Sector Risk Management Framework, and ensure that appropriate risk management policies and procedures are in place and updated as required.to identify, assess, prioritize, mitigate, monitor, and report on organisational strategic and business unit operational risks
Participate in the annual improvement of the organization's enterprise risk management strategy, framework, policies, and standards
Maintain, enhance, and effectively communicate the Enterprise Risk Management framework.
Drive the development and execution of the organisation’s ERM strategy and embed risk management into all business units and processes of the organisation, in line with the risk appetite statements and company policy.
Continuously improve the existing framework to ensure consideration of emerging risks and threats.
Ensure that appropriate governance forums and structures exist to provide operational risk oversight and that these structures are documented.
Provide expert input into committees on operational risk-related matters to ensure informed decision-making.
Manage the development and execution of the risk assessment standard across the organisation.
Undertake research on best practices on enterprise risk implementation through interaction with various risk management committees / bodies / structures and other stakeholders.
Support the enterprise risk unit management to identify and recommend the drafting of relevant policies applicable to the NSFAS environment
Support the development of business processes and systems that are aligned with the NSFAS environment policies

Embed Enterprise Risk Management Framework Within the Organisation

Drive a risk culture in the business through challenging discussions and communication.
Assist in the design, implementation, and management of organisation-wide risk management processes, including an analysis of the financial, legal, reputational, and regulatory risks that impact the organisation and respective business units.
Develop and implement strategic and operational risk registers. Create and deploy guidelines, procedures, and training to management and employees relating to the creation, use, and maintenance of Risk Registers to assess, identify, prioritize, and manage risks in their respective business units.
Conduct organization-wide risk assessments to identify current and emerging risks by collecting and analyzing Risk Registers, creating risk management, monitoring, and reporting systems, and identifying potential areas of operational risk within the organization's processes and systems, and implementing the frequency and monitoring mechanism.
Facilitate strategic and operational risk assessment across departments and projects and identify potential areas of operational risk within the organisation's processes and systems. Including the estimation and prioritization of risks so that it is clear which risks are most important and most urgent.
Ensure emerging risk, risk events, and risk incidents are continuously monitored and addressed.
Ensure that risk issues identified are monitored, reported, and escalated to the relevant person.
Review the risk appetite statement and ensure that there is alignment with all the risk management functions.
Assist risk owners with the determination of appropriate measures and mitigation plans for their risks.
Drive the implementation of risk mitigation strategies and control processes in all business units to minimize the impact of operational risks on the organisation's operations
Build risk models based on a well-reasoned assessment.
Monitor and drive the planned risk management actions by management are implemented, and monitored as to their effectiveness, and corrective action is taken where responses do not match expectations.
Monitor and track findings associated with the risk and self-control assessment process.
Oversee the process of maintaining and updating the risk and control matrix in connection with the risk and control self-assessment process.
Constantly monitor and update the enterprise-wide risk registers and applicable risk tools.
Use external data to benchmark against trends or actual control environments.
Oversee and drive the project management and documentation requirements for all key risk projects.
Oversee and drive the third-party risk management strategy across the organisation.
Contribute to the development of a GRC tool for the organisation.
Work closely and collaborate with the Combined Assurance team, as well as providing regular updates and feedback on the combined assurance activities with applicable and accurate risk data to ensure the Combined Assurance Team can fulfil their duties on Combined Assurance. Including the facilitation of the flow of risk information from the business into various governance bodies, including Internal Audit.
Advise executive and senior management on pending regulatory changes, trends, and best practices, and review the potential impact of these changes on the achievement of strategic and operational objectives as well as processes and strategies with regard to risk.
Develop and track risk-based internal systems audit schedule, such as open issues and action plans
Lead the identification, communication, monitoring, measurement, and management of company-wide risks. Examples include Business risk, Fraud risk, Security risks, all managed and maintained in the Business continuity plan
Develop and implement strategies to identify, assess, and manage digital and cybersecurity risks across the organisation.
Collaborate with IT and cybersecurity teams to ensure alignment of digital risk mitigation and measures with enterprise-wide risk strategies.
Monitor evolving technological risks, including those relating to data privacy, cyber threats, cloud services, and third-party IT vendors.
Ensure integration of digital risk into the broader Enterprise Risk Management Framework.
Report digital risks trends and exposures to executive leadership and relevant governance committees

Risk awareness training

Develop risk awareness guidelines and training materials and deliver periodic training to employees. Including the building and maintenance of tools and techniques in enterprise risk management for use and reference by business unit management and staff.
Facilitate training and coach employees on Risk Management topics and initiatives
Establish and maintain a risk management philosophy and culture through Enterprise Risk Management awareness activities, understanding the risk maturity model, establishing risk appetite and tolerance levels, and participation in ERM activities.

Business Continuity

Oversee the development and testing of the Business Continuity Plans and ensure alignment with the organisation’s risk profile
Integrate disaster recovery and crisis response into the RM strategy

Annual Risk Assessment & Reporting

Manage the annual risk assessment process for the organisation as a whole as well as for all Business Units and disseminate results organization-wide.
Prepare, submit, and present an organisation-wide risk management report to senior management and prepare the same for submission to the audit & risk committee and board.

Enterprise Risk Management Maturity Assessment & Evaluation

Identify and deploy resources to conduct an organisation-wide enterprise risk management maturity status, and report to the Board, Senior Management, and Business Units.
Monitor industry trends and regulatory developments to ensure the organization’s operational risk management practices are in line with industry best practices and regulatory requirements.

Reporting

Compile monthly assurance risk reports, and reports for the various meetings ERM runs and chairs.
Support enterprise risk reporting requirements for Executive Management and the Audit and Risk Committee of the Board
Manage Risk Management Committee meetings (logistics, agenda, packs, minutes).
Assist business leaders with risk-driven communications (i.e., strategy slides).
Provide input into the Annual Integrated Report
Report on unit strategic and operational gaps, interventions, and status of ERM
Report on the operational plan implementation progress
Report on risk matters, considering the outcome of internal & external audit, & risk assessments.

Performance Management & Ethics

Ensure your performance contracting and review process compliance with policy and timeframes

Stakeholder Engagement & Relationships

Participate in the liaison with all stakeholders on risk matters
Participate in the resolution of stakeholder queries and complaints in line with policies and procedures
Serve as a key liaison between the organisation and oversight bodies (e.g., AGSA, National Treasury) on risk matters

Project Facilitation & Management

Support the compilation of risk strategy documents on key and high-risk projects in the organisation managed by the Project Unit.

Risk, Compliance Monitoring & Evaluation

Participate in ensuring the risk and compliance of internal and external audits of ERM and implementation of audit findings/ recommendations
Drive and provide guidance and input to management to ensure identified key controls have established risk mitigation procedures designed by management;
Support the compilation, evaluation, and analysis of organisational reports in line with the ERM framework

Information & Knowledge Management

Collaborate with stakeholders to build systems that enable the management of data obtained from different sources
Collaborate with stakeholders to use their experience, education and understanding to obtain knowledge from this information

DESIRED SKILLS AND EXPERIENCE

Minimum requirements:

NQF Level 7 in Enterprise Risk Management, or related fields in Enterprise Risk Management
Enterprise Risk Management Certified Professional (ERMCP) or equivalent
Member of IRMSA (Institute of Risk Management South Africa)
Computer literacy – Intermediate MS Package Suite
Driver’s License
10 years’ experience, of which 5 should be at a supervisory / managerial position in the public service or private sector.
Thorough understanding of compliance with ISO 31000, COSO , and National Treasury Framework
In depth knowledge of Risk Management process design, development, implementation, and maintenance
In depth knowledge of Business Continuity Management
Knowledge of business operational processes and risk management, in.l: Cybersecurity governance and compliance
Digital transformation risk assessment
Data privacy and protection (POPIA) IT general controls and system integrity risk
Knowledge of cybersecurity frameworks (e.g. NIST)
Knowledge of Risk-Based auditing
Knowledge of PFMA

Preferred

Post Graduate NQF Level 8 in Risk Management or related fields
Computer literacy – Advanced MS Package Suite
10 Years’ experience in a similar role in the public or private sector
Advanced project and policy management
Risk and compliance knowledge and experience
Digital risk management knowledge and experience

Skills & Competencies

Planning and organizing
Strategic thinking and Problem-solving
Analytical thinking
Exceptional written, verbal, and presentation communication
Financial acumen
Business process
Research
Detail-oriented
Innovative
Critical thinking
Attention to detail
People management, coaching, and stakeholder engagement.
Ethical conduct, resilience, and adaptability
Ability to influence and drive change

PLEASE NOTE

Closing date: 04 August 2025

Interested applicants must complete and submit an Employment Application Form available on the NSFAS website. The form must be supported by a detailed Curriculum Vitae which includes amongst other things the vacancy name/position title you are responding to, copies of academic qualifications, Identity Document, and names of three contactable referees. The response must be addressed to the following email address: jobs@nsfas.org.za

The NSFAS does not consider late applications. The NSFAS talent acquisition team only corresponds with Shortlisted Candidates. Should you not hear from the NSFAS talent acquisition team within 2 months from the closing date, please consider your application unsuccessful. Appointments will be made in line with the NSFAS Employment Equity goals and targets.

Get vacancies updates by email: