Specialist: IT Governance, Risk and Compliance - Pretoria, South Africa - Secondments Recruitment

Secondments Recruitment

Verified Company

Pretoria, South Africa

3 weeks ago

Posted by:

Thabo Mthembu

beBee Recruiter

Description

Job Advert Summary:

The purpose of the position is to develop and maintain the information technology (IT) risk and compliance frameworks, policies, processes and procedures through implementation of best practices and approved IT governance framework.

The incumbent is also responsible to monitor compliance to IT security policies and their alignment with the company business objectives, monitor IT disaster recovery plans and execution and their alignment with company business continuity plans and work with risk management and internal audit units to monitor IT internal control system.

Minimum Requirements:

GENERAL REQUIREMENTS
Minimum requirement

This position requires a minimum Degree/diploma (NQF 7) in Information Technology/Information Systems or Computer Science PLUS the following certifications:

CISA, CISM, CRISC, CGEIT or CISSP
COBIT Training

Added advantage:
Any post graduate qualification in IT, compliance or Internal/External Audit or risk management will be an advantage.

Minimum 5 years' experience in IT auditing or ICT governance, risk and compliance in a medium to large organisation, with 3 years managing IT audit teams and working with COBIT 19 processes.

:

TECHNICAL COMPETENCIES
IT governance

Reviews information systems for compliance with legislation and specifies any required changes.
Responsible for ensuring compliance with organisational policies and procedures and overall information management strategy.
Implements the governance framework to enable governance activity to be conducted.

Within a defined area of accountability, determines the requirements for appropriate governance reflecting the organisation's values, ethics and wider governance frameworks.

Communicates delegated authority, benefits, opportunities, costs, and risks.
Assists in reviews of governance practices with appropriate and sufficient independence from management activity.

IT risk management

The planning and implementation of organisation-wide processes and procedures for the management of IT risk to the success or integrity of the business, especially those arising from the use of information technology, inappropriate disposal of IT materials, hardware or data.

Carries out risk management activities within a specific function, technical area or project of medium complexity.
Identifies risks and vulnerabilities, assesses their impact and probability, develops mitigation strategies and reports to the business.
Involves specialists and domain experts as necessary.

Information assurance

The leadership and oversight of information assurance, setting high level strategy and policy, to ensure stakeholder confidence that risk to the integrity of information in storage and transit is managed pragmatically, appropriately and in a cost-effective manner.

Performs technical assessments and/or accreditation of complex or higher-risk information systems.
Identifies risk mitigation measures required in addition to the standard organisation or domain
measures.
Establishes the requirement for accreditation evidence from delivery partners and communicates accreditation requirements to stakeholders.
Contributes to planning and organisation of information assurance and accreditation activities.
Contributes to development of and implementation of information assurance processes.

Information security governance

The management of, and provision of expert advice on, the selection, design, justification, implementation and operation of information security controls and management strategies to maintain the confidentiality, integrity, availability, accountability and relevant compliance of information systems with legislation, regulation and relevant standards.

Explains the purpose of security controls and performs security risk and business impact analysis for medium complexity information systems.
Identifies risks that arise from potential technical solution architectures.
Designs alternate solutions or countermeasures and ensures they mitigate identified risks.
Investigates suspected attacks and supports security incident management.

Duties and Responsibilities:

KEY PERFORMANCE AREAS (KPA's)

Strategic Function

Contribute to the development of IT Risk and compliance frameworks and strategies for company.
Support the implementation of the centre Balance Score Card (BSC) initiatives.

Product Management

IT governance and risk management:
Provide support to the senior leadership team on the service portfolio and governance requirements.
Assess ICT general controls by conducting reviews on various aspects of information security, data privacy and business continuity.
Develop and implement a mitigation plan for ICT general control gaps identified during periodic assessments.
Interpret ICT policies and contribute to development of procedures, standards and guidelines that comply with these.
Develop and maintain a risk register that includes ICT operational, business and strategic risks.
Assess the impact and lik