Manager: Governance Risk Compliance at Armscor

QUALIFICATIONS

• Grade 12.
• Degree (NQF 7) in Risk Management, Commerce, Business Management, or a related field
• Post graduate qualification in Risk Management / Business management / equivalent will be an added advantage.

TECHNICAL / LEGAL CERTIFICATION / PROFESSIONAL REGISTRATION 

• Professional certification/qualification in Risk Management (ISO 31000, CFE, CRM Practitioner or CRM Professional) will be an added advantage
• Membership in a professional body will be an added advantage

EXPERIENCE

• Minimum 10 years’ experience in Governance, Risk Management, Compliance, Internal Audit, or related fields, including at least 3 years in a supervisory role within a medium to large organisation 
• Proven experience in the public sector (minimum 3 years) within enterprise risk management and compliance functions
• Demonstrated experience in the design and implementation of enterprise risk management and compliance frameworks, including governance framework development and regulatory compliance monitoring.
• Strong experience in conducting enterprise risk assessments, internal control testing, and development of risk mitigation strategies and action plans.
• Experience in preparing and presenting governance, risk, and compliance reports to executive management and governance structures (e.g., Audit and Risk Committees, EXCO).
• Experience in data analysis, risk analytics, and use of GRC systems or business performance management tools to support decision-making and reporting

CRITICAL PERFORMANCE AREAS

Governance Frameworks & Risk Strategy Management 

• Develop and implement the Annual Risk Management Implementation Plan aligned to the approved Risk Management Strategy.
• Develop, review, and maintain governance frameworks, policies, standards, methodologies, and procedures.
• Ensure governance practices remain aligned to legislative requirements, King V principles, and organisational objectives.
• Drive continuous improvement, innovation, and best practices within the GRC environment.
• Ensure effective reporting mechanisms for governance, risk, and compliance performance monitoring.

Risk Management and Assessment

• Provide and manage enterprise risk oversight by Facilitate enterprise-wide risk assessments across strategic, operational, financial, compliance, and reputational risk areas.
• Monitor organisational risk registers, emerging risks, mitigation action plans, and risk treatment strategies.
• Develop and implement methodologies for analysing the effectiveness of internal controls.
• Lead the development and enhancement of risk mitigation controls and key risk indicators (KRIs).
• Monitor organisational risk appetite and provide recommendations to management.
• Perform business impact trend analyses on internal and external risks affecting organisational sustainability.
• Provide risk analytics and reporting to support informed decision-making.
• Ensure risk incidents are identified, escalated, and managed proactively.

Compliance Management & Regulatory Oversight

• Develop and implement the compliance management framework and monitor organisational compliance.
• Monitor and maintain the regulatory universe applicable to the organisation.
• Ensure compliance with relevant legislation, policies, regulations, and governance standards.
• Conduct compliance monitoring and recommend corrective actions where non-compliance is identified.
• Analyse the cost implications associated with risk exposure and non-compliance.
• Provide compliance advisory services to management and business units.

Assurance Coordination & Reporting

• Develop and maintain whistleblowing policies that ensure confidentiality, protection, and compliance with legal requirements.
• Receive, assess, and coordinate investigations of reported concerns in a timely and impartial manner.
• Track whistleblowing cases, outcomes, and trends; provide regular reports to leadership and relevant authorities.
• Ensure all whistleblowing activities comply with applicable laws, regulations, and industry standards.
• Promote a speak-up culture, encouraging ethical behaviour and transparency across the organization.

GRC Systems, Training & Awareness

• Facilitate implementation and optimisation of GRC systems and tools.
• Drive organisational risk and compliance awareness initiatives and training programmes.
• Promote a proactive risk management and compliance culture across the organisation.
• Research emerging risk methodologies, trends, and industry developments to improve organizational practices.