IT Governance , Risk & Compliance Manager

SUMMARY:
IT Governance, Risk & Compliance Manager

POSITION INFO:

Purpose Statement : To manage IT governance, Risk, Compliance for the company and to monitor the implementation of the end-to-end governance, risk, and compliance in relation to IT and proactively identify cyber security threats

Specification

IT Governance, Risk and Compliance

• Governance
  • Develop an IT governance framework that integrates ITIL, COBIT and ISO27001/2 frameworks to ensure the delivery of results and contribute to the maturity of the following areas:
    • IT Governance
    • Business Continuity (Disaster Recovery)
    • IT Service Management including ITIL
    • Project Governance
    • Risk Management
    • Compliance to data and information protection acts and regulations.
    • Information security management
• Build and develop a global best practice IT Governance structure, process and capability
• Evaluate, enhance and continuously improve overall IT Governance.
• Participate in IT Governance steering committee
• Evaluate, policies, procedure and processes compliance with regulations
• Report on the regulatory environment and the company’s compliance threats
• Develop systems and processes to improve our IT governance
• Develop policies, processes and participate in acquiring technology and the implementation of said policies, processes, to improve IT GRC

• Risk Management
  • Continuously liaise with the enterprise risk team on new developments (internal) evolution of industry (external) and the risk it introduces, the risk management and mitigation processes and strategies
  • Assist in identifying, monitoring and maturing the Information Technology Risk Management Programme
  • Meet with business stakeholders to identify top IT risks
  • Assist in developing and driving the implementation of security best practices and standards to mature the overall IT Risk Management
  • Works with IT, Information Security, and Business stakeholders to determine the acceptable level of risk for the organization
  • Assist in performing Third Party Risk Assessments for new and existing vendor tools, on premise implementations, and third parties with access to the environment.
  • Assist in maturing the Third-Party Risk Management program by defining security controls required of vendors.
  • Articulate identified risks to the business for remediation, mitigation and sign off.

• Compliance and Monitoring
  • Ensure alignment to the King IV, COBIT, ITIL, ISO27001/2 , ISO2230 and NIST Cybersecurity and other relevant Frameworks
  • Monitor the progress of the Security Roadmap and Programme
  • Review and update policies and supporting procedures/processes/standards
  • Perform assessments of adherence to policies/processes/standards
  • Work closely with IT management
  • Assess 3rd party vendors’ adherence to standards and security controls
  • Develop Security and Controls Compliance reports in accordance with adopted security frameworks and standards
  • Track Security Risk
  • Oversee Remediation of security controls gaps by IT Operations
  • Stay on top of changes in the industry as it relates to IT GRC
  • Assist in performing IT Capability Maturity assessments
  • Assist with maturing the Data Governance Program which includes defining a Data Classification and Handling Program, identifying Data
  • Owners, and assisting with the design and implementation of a Data Classification and Rights Management tool.
  • Assist in developing and maintaining Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) for IT
  • Assist in the management and maintenance of the enterprise-wide Information Security Awareness Program which includes phishing
  • simulations, computer-based training, proactive communications on latest threats, workshops, and newsletters.

Functional and managerial leadership

• Provide mentorship to junior team members
• Assist with task allocation among team members
• Improve ways of work and testing framework
• Maturity level of IT processes
• Enable achievement of business strategies

Requirements           

Knowledge and Skills

Formal Education

• Related qualification/IT/Risk/Governance

Technical/Legal Certification

• ITIL
• COBIT
• Certified Information Security Manager (CISM)
• Certified Information Systems Auditor (CISA) - an advantage

Experience

• Governance experience: 5 years
• IT Risk Management experience: 5 years
• Risk Management
• Governance
• Project Management/
• Incident Management
• Reporting
• Security Management: 2 years
• Understanding of cybersecurity frameworks (ISO, NIST,COBIT,FFIEC)
• Strong documentation and communication skills

Competencies

Knowledge

• IT Governance: COBIT or ITIL
• Technology: Microsoft & SQL
• Technical Understanding: Technical understanding of technology platforms, operating systems, system development life cycle, change management, information security, databases
• IT Security: Knowledge and hands on experience with Controls, Security Architecture and IT Security
• IT Processes: Knowledge of IT and Business Processes
• Security Management: IS----- certified (including IT experience)

Skills

• Strategic planning: Aligning IT with business
• Compliance management: Accountable for ensuring that IT adheres to all the necessary legal and regulatory requirements
• Audit Skills: General IT/Audit review skills
• Risk management: Accountable for identifying IT risks and ensuring that adequate controls are in place to mitigate the risks
• Interpersonal Skills: Can work with different teams to achieve results

Attributes

• Conceptual thinker: Develop opportunities & answer future challenges
• Time management: Develop & deliver solutions within the required time frame
• Team player: Build a climate of empowerment & responsibility

Other Special Requirements

• Handle high stress & adhere to deadlines

NB! This job is now closed. You can apply for other jobs by uploading your CV.