IM GRC Officer at Exxaro Resources

Closing Date: 2020/03/23
Reference Number: EXX200312-2

Purpose

• Responsible for the overall management of business continuity, security and quality management. Ensures policies, procedures and process are in place to manage and mitigate Information Technology and business risks and ensures that these are audited on a regular basis. Assesses the risk and security infrastructure and recommends acceptable levels of risk in the organisation.

Qualifications

• BCom (Hons) Accounting (Essential/Minimum or)
• BCom (Hons) Informatics (Essential/Minimum or)
• BSc (Hons) Information Systems Technology (Essential/Minimum)
• Management Development Programme (Recommended/Desirable)

Experience:

• 8 years Relevant operation experience in Information Technology Governance and Risk Management. With a minimum of 3 years’ experience within the project management environment

Requirements:

• Psychometric Assessment (Essential/Minimum)
• Certificate of Fitness (Essential/Minimum)
• Open Group Architecture Framework Certif (Recommended/Desirable)
• COBIT 5 Foundation (Recommended/Desirable)
• Microsoft Certified Solutions Associate (Recommended/Desirable)

Duties & Responsibilities    
The incumbent will inter alia be responsible for the following:

Compliance, Governance and Assurance

• Adhere to the all corporate governance, processes, procedures, statuary, legal and other requirements
• Identify, evaluate and report on legal and regulatory, Information Technology (IT), and cybersecurity risk to information assets
• Support the organisation culture and live the values
• Entrench a culture of discipline and transparency
• Ensure the Company maintains software licensing compliance in accordance with Federation Against Software Theft (FAST) and British Information Security (BSI) standards
• Responsible to stay up-to-date with knowledge of regulatory requirements
• Ensure all data collected, controlled, processed, and stored by the organisation is in accordance with all applicable laws and global regulatory requirements

IT Risk Management

• Design, socialise, and monitor the information security management control framework based on industry leading control frameworks
• Ensure the IT Governance and Risk frameworks are embedded in the organisation through ensuring that all relevant policies, standards and guidelines aligned to the business strategy
• Develop and implement an end to end risk management strategy
• Responsible for the planning and implementation for the Group in respect of the Information Technology, Information Security and Projects portfolios to effectively manage the associated risks and deliver on the full requirements of the Information Technology Risk Management Framework (ITRMF) and Cyber Resilience Risk Management Framework (CRRMF)
• Conduct IT risk and control reviews across the Group to evaluate whether related IT Risks are adequately identified, assessed, measured, monitored, controlled and mitigated
• Ensure the establishment and implementation of risk appetites and key risk indicators for IT, information security and project risks
• Provide oversight and assurance on the management of IT risks and the IT control environment within relevant business areas (including IT initiatives/projects/Information security) and report any control gaps identified and the mitigation thereof
• Identify, evaluate and report on legal and regulatory, IT, and cybersecurity risk to information assets
• Ensure the implementation and monitoring of the strategic, comprehensive information security programme
• Responsible to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy and recovery of information assets owned, controlled or/and processed by the Group
• Serve as point of escalation, review and approval for key issues and decisions in the IT Governance Framework

Information Security

• Assist the Group to improve their information security risk profile through identification, assessment, measurement and monitoring of the Group’s information security risks
• Create, implement and monitor the information security awareness training program for all employees, contractors and approved system users, establishing a baseline and Key Performance Indicators (KPIs) to measure the programme effectiveness
• Actively develop and execute the cyber security program elements and cyber security plans
• Manage the completion of the cyber security risk assessments, ensuring that they are understood, captured in the risk management processes and that appropriate controls are embedded in the day-to-day operations, and remediation of non-compliance is documented and addressed.
• Assist the Group with identification of critical assets from a confidentiality point of view ("crown jewels") and feeding that back into the business impact analysis and risk management processes
• Work with the business to develop processes and procedures to ensure information security policies and standards are integrated
• Drive compliance to security policies and standards on the Group’s infrastructure
• Assist with third party supplier information and supplier cyber security risk assessments and assurance
• Coordinate the development and implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event
• Responsible to handle all large IT projects, assessments and audits

Project Management

• Identification and prioritization of key Group IT projects for monitoring
• Identification, assessments and tracking of risks that impact project timelines and deliverables and allocation of risk owners
• Ensure quality of the risk data in the Projects Risk Register and alignment with business Risk Control Self-Assessments (RCSAs)
• Promote and direct risk management for key Group projects
• Monitoring project performance and assisting in the mitigation of all IT project risks through project governance structures.
• Document risk response actions with timelines in agreement with project teams and business

Safe and Healthy Work Environment

• Maintain and ensure a healthy environment, safe operations practices, ensuring compliance with all applicable Safety Health and Environmental (SHE) policies and procedures in line with set standards
• Encourage a culture that focuses on safety in all operations

Behavioural Alignment
Demonstrates the following:

• Creativity, collaboration, sociable and awareness to the ecosystem
• Stewardship, accountability, ability to develop trust, safety conscious and ethical
• Ability to respond quickly to business needs/agility, flexibility, continuous learning, innovation and proven ability to experiment on creative business solutions
• Ability to be inclusive, eagerness for multiple skills, embraces multiple cultures, accepts different approaches and be human-centric/empathetic
• Results oriented, quality driven, excellence, entrepreneurial abilities, efficient and effective

The appointment will be made in accordance with Exxaro’s Employment Equity policy.
If you have not been contacted within 28 days of the closing date of this advertisement, please accept that your application was unsuccessful.