Applications are invited for the position of IT Governance, Risk and Compliance Specialist (Grade 8) based at Bruma. The successful applicants will be reporting to the Senior Manager: IT Planning and Governance.

Major Activities

• Assist in the development and implementation of IT Governance, frameworks, control matrices, recommendations, and action plans following an appropriate methodology approved by management and aligned with international standards (e.g. COBIT, ITIL, ISO, ISACA, PRINCE II, CMM, etc).
• Develop, implement and monitor reporting mechanisms for IT Governance, Risk Management, and Audit, to support compliance and highlight areas of exposure.
• Assess the current adequacy of the IT strategies, business continuity / disaster recovery plans in conjunction with Risk Management, potential threats to the systems, and then calculate the impact of potential adverse events.
• Support the development of policies, processes and procedures for the IT Department, including control document reviews, meeting coordination, assessment, finding mediation, assisting control owner with remediation plan development, tracking findings through remediation, progress monitoring, reporting, and escalation.
• Participates in the development, adoption and compliance of IT governance framework across all domains.
• Establish and maintain alignment of IT activities, including report submissions, across various governance committees and structures.
• Perform design and process analysis for IT business processes that impact IT Governance
• Facilitate adoption and continuous improvement of planning practices and processes within IT and the wider organisation.
• Provide insight on appropriate tools and systems to support technology risk management in line with the approved risk management framework, compliance and governance efforts across the entire IT Department
• Implement IT Governance, Risk and Compliance Solutions in line with the ATNS approved policies and frameworks.
• Assess the status of complex multi-location projects as well as identify and implement appropriate corrective measures to resolve issues as they arise.
• Assist in the development and implementation IT Governance, Risk Management and Compliance policies, processes, procedures and IT control training materials to keep colleagues abreast of relevant industry, legislative and regulatory changes.
• Act as a risk and compliance champion for IT Department.
• Perform ad-hoc duties as assigned to ensure the smooth functioning of the GRC domain and maintain the reputation of the organization as a viable business partner.
• Develop, implement and monitor the IT risk framework aligned to the ATNS approved enterprise risk management framework
• Develop and maintain the IT Risk Register in collaboration with ERM and drive implementation of mitigation controls of risks (through responsible Senior Managers and/or line of Business) within the committed period.
• Integrate Cyber risk into IT Risk Management practices, processes, procedures and activities.
• Co-ordinate periodical internal risk assessments in various domains and ensure vulnerability remediation and tracking. e.g. application access, active directory, security, network and vulnerability assessments.
• Conduct IT risk assessments, and analyses the effectiveness of control activities, and reports on them with actionable recommendations.
• Support the development and implementation of the IT wide risk management function to ensure that IT risks are identified and monitored.
• Review identified security risks and breaches to ensure the IT assets (software and hardware) and information are always appropriately secured.
• Monitor and review compliance with risk management strategies and practices to ensure IT-related activities are meeting minimum standards.
• Ensure visibility, management and escalation of IT risks inherent in the delivery of IT services
• Work directly with the clients, third parties and other internal Departments such as Risk Management to facilitate IT risk analysis and risk management processes and to identify acceptable levels of residual risk
• Keep IT management up to date on the results of the risk assessment and make recommendations for mitigations, or projects, to protect systems or cover potential losses.
•  Compile periodic IT risk reports, metrics, and presentations that will be distributed to IT Senior Management, and / or risk owners.
• Coordinate review of existing Issues and Incidents, along with actions, to ensure they are being managed in line with the Risk Management Strategy and Standards.
• Participate in vendor risk assessment and management process.
• Support the IT Department in ensuring compliance to Quality Management System (QMS) Processes and standards.
• Drive continuous improvement of tools and process capabilities in the area of compliance.
• Co-ordinate the creation, review and updating of all IT policies, procedures and standards, involving relevant Senior Managers and drive policy approval through the appropriate governance structures
• Align, plan, organise and monitor IT compliance with relevant legislation.
• Maintain IT Contract management register and provide early warning on contract issues and renewal.
• Monitor and conduct IT policies and processes compliance assessments (e.g. daily / weekly / monthly, etc)
• Participate in the creation and maintenance of all IT Policies and Standards to secure and protect sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
• Support the system-wide information security compliance program, ensuring IT activities, processes, and procedures meet defined requirements, policies and regulations.
• Maintain constructive and productive stakeholder relations across the business.
• Manage the IT audit findings tracker and drive resolution/closure of findings (through responsible Senior Managers and/or line of Business) within the committed period.
• Perform IT Audit follow-up reviews to assess the progress of suggested implementations while working directly with the information team to encourage good process, practice and the development of measures and metrics.
• Develop and execute plans for dealing with increasing number of audits, compliance checks and external assessment processes for internal / external auditors.
• Serve as a liaison and support audit-related initiatives managing relationships, collection of data, progression tracking, assessment and remedial activities.
• Participate in regular audits of IT control effectiveness and process compliance.

Minimum Qualifications

• Bachelor’s degree in information technology or another related field
• COBIT Implementation Certification
• ITIL Foundation Certification
• Added Advantage:
• Vendor certifications such as CGEIT, CISSP, CISA, CISM, etc. will be considered as a strong plus.
• Project Management qualification or certification. e.g. PRINCE II, PMBOK or equivalent will be added advantage.
• Risk Management qualification or certification e.g. CRMA, CRISC or equivalent

Minimum Experience

• A minimum of 5 years’ experience in IT Governance.
• A minimum of 3 years’ experience in IT Risk management, Compliance and Audit.
• Experience working in cross functional teams.
• Excellent knowledge of ISO standards, King IV, POPIA, PAIA, GDPR, etc.
• Experience in performing audits and risk assessments
• Excellent knowledge of Policy, Standards, Response Assessment, Compliance and Risk Management concepts, including risk analysis methodologies.
• Demonstrated experience / exposure / Knowledge / understanding of business process optimisation.