Director, Compliance, Risk and

Information

P O S I T I O N D E S C R I P T I O N | D I R E C T O R , C O M P L I A N C E , R I S K & I N F O R M A T I O N

Position purpose

The Director, Compliance, Risk and Information is responsible for providing strategic,

operational and practical support to the organisation in relation to the effective management

of risk and compliance obligations. The role focuses on creating and implementing a

framework which manages risks, improves operational efficiencies and ensures compliance

with the relevant standards and regulations.

The Director plays a critical role in promoting a risk aware culture and working across the

organisation to embed a compliance culture. This role is accountable for developing plans

and processes for protecting the integrity and security of the organisation’s information and

data. The role will Chair the GOTAFE Compliance Committee and work collaboratively with

quality and compliance managers across the organisation to develop and implement an

organisational quality management system for GOTAFE.

The Director will lead, motivate, support and develop a multidisciplinary team; ensuring the

delivery of high quality outcomes for the organisation. Critically, this role is accountable for

leading a collaborative customer orientated department that works effectively with the

broader organisation to deliver on key objectives.

Key areas of responsibility

Compliance:

Promote a culture of compliance.

Ensure GOTAFE complies with legal and regulatory requirements in the normal

course of its business.

Implement the GOTAFE Compliance Framework and associated compliance policies

and procedures.

Provide support to the business to enable effective management of compliance

within their area of responsibility.

Ensure compliance related incidents are managed appropriately.

Drive process development and execution of all activities required to continuously

improve compliance processes and lower potential risks.

Provide appropriate assurance to the Board, Audit Committee and the Executive

around the operation of the Compliance Framework.

Risk Management:

Promote a culture of risk awareness, ensuring GOTAFE pursues its strategy and

business objectives, based on prudent risk management disciplines.

Develop and implement GOTAFE’s Enterprise Risk Management Framework.

Work with the Board and Executive to establish a risk appetite, key risk indicators,

prioritisation of risk and reporting.

P O S I T I O N D E S C R I P T I O N | D I R E C T O R , C O M P L I A N C E , R I S K & I N F O R M A T I O N

Liaise with divisional heads to ensure completion of quality department risk registers,

and the adequacy of proposed actions in relation to the management or risk areas

highlighted in internal audit reports.

Identify training needs for risk management and oversee development of enterprise

risk competence and awareness across the organisation.

Monitor implementation of action plans to ensure risk mitigation efforts are

proceeding as required.

‘Test’ the effectiveness of cascading risk management approach to business decision

making.

Information Security:

Foster a security conscious culture and ensure that GOTAFE manages critical data

in line with an appropriate risk management profile.

Oversee information security governance and program management.

Drive IT security strategies and policies.

Manage risk exposure, controls and processes relating to information management

systems.

Develop and implement strategies to manage security incidents

Ensure regular reporting to the Board and Executive on strategies in place to secure

information and mitigate risks.

Work with the executive and divisional heads to maintain secure information

management systems.

P O S I T I O N D E S C R I P T I O N | D I R E C T O R , C O M P L I A N C E , R I S K & I N F O R M A T I O N

GOTAFE Organisational structure

GOTAFE’s senior leadership team is made up of the CEO, four Executive Directors and

seventeen Directors. All play key roles in influencing the culture and performance of

GOTAFE.

There are four key divisions in the GOTAFE structure:

Education – responsible for ensuring that GOTAFE provides the best possible education, training and learning experiences for all student cohorts across all education sectors.

Student Attraction and Community Engagement – responsible for the start of a student’s journey at GOTAFE and for ensuring that GOTAFE strategically engages with its key stakeholders across the community; including industry and community groups.

People & Innovation – responsible for ensuring that GOTAFE is an employer of choice and for cultivating a culture of innovation and strong organisational performance.

Corporate Services - responsible for the optimal performance of the internal operations of GOTAFE.

Director, Office of the CEO

Chief Executive Officer

Executive Director, People and Innovation

Director, People and Culture

Director, Innovation and Performance

Executive Director, Corporate Services

Director, Asset Management and

Facilities

Director, Finance and Procurement

Director, Digital Solutions

Director, Compliance, Risk and Information

Executive Director, Student Attraction and

Community Engagement

Director, Student Attraction and Enrolment

Director, Student Pathways

Director, Communication and

Engagement

Executive Director, Education

Director, Health, Wellbeing and

Community

Director, Technology and Built Environment

Director, Services and Natural Environment

Director, Further Learning, Koorie and

Multicultural

Director, Customised Learning Solutions

Director, Education Quality

Director, Student Success

P O S I T I O N D E S C R I P T I O N | D I R E C T O R , C O M P L I A N C E , R I S K & I N F O R M A T I O N

Organisational relationship

Executive Director, Corporate Services

Director, Asset Management and Facilities

Director, Finance and Procurement

Director, Digital Solutions

Director, Compliance, Risk and Information

P O S I T I O N D E S C R I P T I O N | D I R E C T O R , C O M P L I A N C E , R I S K & I N F O R M A T I O N

Key stakeholders

Internal External

Executive Director, Corporate

Services

CEO

Board (and Audit Committee)

Executive Team

Staff

Students

Department of Education and Training

GOTAFE Auditors

Higher Education and Skills Group

Australian Skills Quality Authority

Office of the Victorian Information Commissioner

Skills and capabilities required for position

The Director, Compliance, Risk and Information is expected to demonstrate the following key

skills and capabilities in their role:

Leadership

Clearly communicate and exemplify the vision and values of GOTAFE.

Inspire and foster talent and build capability within department.

Create and maintain a culture that supports high level staff engagement and performance.

Provide strong and accountable leadership to ensure delivery of performance objectives.

Show sensitivity and understanding in negotiating, mediating and resolving conflict.

Engage directors and managers from other departments and campuses to ensure

collaboration and effective delivery of outputs.

Lead and foster a team that is client-centric, solutions-orientated and a genuine partner

for the wider organisation.

Management

Actively contribute to all corporate planning and reporting requirements to inform

decision making at various levels.

Ability to manage an annual department budget working to the agreed budget, including

set targets.

Ability to deal with complex matters that may not have established guidelines and

procedures.

Monitor priorities to ensure meaningful work is delivered that supports operational and

organisational objectives.

Ability to think critically and strategically to make informed decisions.

Strategic planning

Deliver high quality, evidence based strategic advice and guidance to the CEO, the

Executive and Board.

Contribute towards the long-term strategic direction of GOTAFE, through the

implementation of relevant areas of the strategic plan and other organisational

strategies.

Compliance

P O S I T I O N D E S C R I P T I O N | D I R E C T O R , C O M P L I A N C E , R I S K & I N F O R M A T I O N

Sound understanding of the compliance risk management processes AS ISO

19600:2015.

Expertise in compliance trends and emerging strategies.

Knowledge of relevant external bodies in both the public and private sector.

Risk Management

Knowledge of key risk assessment techniques and risk management systems

(AS31000).

ISO27001 ISMS accreditation.

Expertise in risk management trends and emerging strategies.

Information Security

Knowledge of Victorian Protective Data Security Framework.

Understanding of the obligations under the Office of the Victorian Information

Commissioner.

High level understanding of information security.

High level understanding of data governance.

P O S I T I O N D E S C R I P T I O N | D I R E C T O R , C O M P L I A N C E , R I S K & I N F O R M A T I O N