Specialist: Ict Governance Risk and Compliance - Pretoria, South Africa - Affirmative Portfolios

Affirmative Portfolios

Verified Company

Pretoria, South Africa

2 weeks ago

Posted by:

Thabo Mthembu

beBee Recruiter

Description

Information Technology

Pretoria
***:
JOB OUTLINE

Specialist:
ICT Governance Risk and Compliance

PERMANENT

PRETORIA

Department - Corporate Services

Sub division - ICT

Reports to - Head: ICT & Knowledge Management

Overview:

Design, develop, implement and maintain ICT Governance, Risk and Compliance strategic frameworks and activities, data privacy compliance reporting and processes as well as conduct regular governance audits and take corrective action on behalf of the company to support business operations and strategic objectives.

Key Performance Areas:

KEY PERFORMANCE AREA

ROLE ACTIVITIES

WEIGHT

Functional

Provide an ICT Governance, Risk and Compliance (GRC) framework, including data compliance and cybersecurity risk aligning ICT with the overall objectives of the company.
Coordinate the development and implementation of ICT policies, standards, processes and procedures and ensure that data compliance standards are adhered to throughout the organisation and escalate noncompliance issues.
Monitor and evaluate adherence to ITC policies at the divisional and organisational level and escalate noncompliance to line management for corrective action.
Ensure that all relevant controls, policies and procedures are embedded and monitored as operating effectively and that actions are in place to address emerging risks and incidents.
Identify, report and ensure implementation of mitigation of all ICT related cybersecurity threats and risk assessment procedures.
Implement controls to mitigate risks identified during the risk assessment process.
Implement and stress test the Disaster Recovery Plan to ensure ICT business continuity processes and procedures are running smoothly within the organisation.
Ensure that independent annual vulnerability and penetration testing are performed in the environment and implement remedial actions as required.
Contribute to the development of the Business Continuity Strategy and process in consultation with the Head: ICT to ensure readiness for recovery from ICT service interruptions.
Ensure and coordinate regular Business Impact Analyses of ICT Services on company processes.
Track timely closure of identified control gaps and risk mitigation plans and actively support action owners during issue remediation.
Ensure that internal control frameworks are developed and implemented across the organisation with regard to IT Risk Standards, ICT controls and regulatory and legislative requirements.
Review and update policy / standards compliance and exceptions, and report status to management and document advice for corrective actions.

Develop and coordinate the implementation of an IT governance, metrics collection, and reporting capability across the ICT division.
Provide guidance on implementing ICT compliance control objectives and provide support for gap analysis initiatives.
Provide input to improve efficiency and effectiveness of ICT cybersecurity governance services.
Act as point of contact within the ICT division with regards to risk and compliance issues.
Coordinate the ICT audit process and ensure that related audit activities and requests are handled efficiently and effectively.
Support ICT team during the planning and subsequent phases of an audit as well as during the audit closeout process.
Report on all ICT Governance, Risk and Compliance matters as required.
Provide technical support and training to users with regards to ICT Governance and Risk principles.

Risk and Compliance Management

Assist in identifying and adhering to fraud controls, risk prevention principles, sound governance and compliance processes, and tools to identify and manage risks
Support and provide evidence to all internal and external audit and regulatory requirements.
Maintain quality risk management standards in line with regulatory requirements.
Maintain and enforce all related Service Level Agreements to minimise business risk and ensure business continuity.
Adhere to all relevant laws, policies and Standard Operating Procedures throughout the organisation.

15%

Stakeholder Management

Build and maintain effective internal and external stakeholder relationships for the purpose of expectations management, knowledge sharing and integration, and to manage the organisation's reputation.
Represent and participate in the organisation's committees and tasks teams when required.
Convene and attend meetings and present relevant information stakeholders when required.
Ensure the provision of excellent customer service.
Resolve queries and problems within span of control and within agreed time frames.
Follow up on unresolved queries and complaints where required.
Liaise with relevant stakeholders regarding followup of information, as required for tender requests.
Manage internal and external relationships to ensure that business process engineering best practices