Information Governance Manager: (GRC) ICT Governance, Risk And Compliance (Pretoria) at FSCA South Africa

Purpose of the Job:

• The Information Governance Manager will manage and oversee the daily operations of the Information Governance (IG) portfolio within the ICT Division. This role ensures the effective implementation and management of IG  policies and practices, and supports the organisation's compliance with data protection regulations.
• The person appointed to this position will report to the Departmental Head: ICT Governance, Risk and Compliance.

Minimum Experience:

• Experience in developing and implementing governance frameworks across large or complex organizations, ideally with a focus on data regulations (e.g., DAMA-DMBOK, POPIA, ECTA).  Hands-on experience in data governance tools and technologies, as well as managing information assets, data quality, and data lifecycle management processes. 
• Experience in regulatory compliance and managing audits related to IG, cybersecurity, and data protection.  Experience collaborating with cross-functional teams and leading initiatives related to data stewardship, risk management, and data quality.

Key Performance Areas:

• Improve and maintain the IG framework, aligning with industry standards (e.g., ISO 27001, ISO 38500, DAMA-DMBOK, POPIA).
• Maintain policies and procedures related to data governance, data security, and data privacy.
• Coordinate with key divisions to improve the IG framework across the organisation.
• Regularly review and update governance policies to reflect evolving regulatory requirements, business needs, and technological advancements.
• Ensure that roles and responsibilities for data ownership, custodianship, and stewardship are clearly defined and communicated.
• Develop and implement data and information protection impact assessments (DPIAs) for new projects or systems.
• Conduct regular assessments to ensure compliance with data regulations and internal policies.
• Coordinate training programs to raise awareness of data and information management and compliance requirements across the organisation.
• Act as the primary point of contact for data-related inquiries and investigations from external or internal auditors.
• Identify and assess risks associated with the organisation’s information assets and governance practices.
• Develop risk mitigation strategies to reduce the likelihood and impact of data breaches or governance failures.
• Implement and manage data and information risk assessment processes, including the classification of data based on its sensitivity and risk level.
• Compile reports on IG risks and mitigation efforts for senior management and relevant committees.
• Ensure that data stewards are appointed and trained across departments to manage data accuracy and integrity.
• Improve processes for data quality monitoring, including regular data audits and exception reporting.
• Work with departments to resolve data quality issues and ensure that data is fit for business purposes.
• Mature data lifecycle management practices to ensure the appropriate retention, archival, and deletion of data.
• Collaborate with the ICT security team to ensure that data governance policies are aligned with cybersecurity strategies and protocols.
• Ensure that data access controls, encryption standards, and security measures are in place to protect sensitive information.
• Participate in security incident response teams to address data-related breaches or threats.

Requirements

• Bachelor’s degree in Information Security, Data Management or a related discipline with at least 5 years’ working experience within an Information Technology (IT) environment. A 7 years minimum proven experience in IG, data protection, or compliance roles, with a focus on functional responsibilities.