Senior Manager: IT Governance, Risk and Audit (2744) at The South African National Roads Agency (SANRAL)

MINIMUM REQUIREMENTS:

• NQF Level 7 Bachelor’s degree, Advanced Diploma or equivalent in Information Technology.
• Certificate in CISA, CRISC, CISM, CGEIT or COBIT.
• 10 years min relevant experience.
• 5 years managerial experience in IT GRC.

KEY RESPONSIBILITIES:

Management:

• Oversee the development, implementation, and management of an organization's IT GRC program.
• Establish IT governance frameworks.
• Identify and mitigate IT risks.
• Ensuring compliance with relevant regulations and policies.
• Lead and mentor a team of GRC professionals, fostering a culture of accountability and continuous improvement.

IT Governance:

• Work closely with the IT team to develop and implement organization-wide IT policies, processes and procedures.
• Assist in the review of IT management processes (and decisions) and confirm that they are compliant with the organisation's strategy for corporate governance of IT.
• Assist with establishing policy and standards for compliance with relevant global legislation relating to IT Governance, Privacy laws, data integrity, PCI-DSS, and other applicable laws.
• Act as the Subject Matter Expert for line managers and employees on matters relating to IT Governance.
• Research and keep up to date with international best practice in IT governance.
• Create IT RACI charts to clearly outline the responsibilities for managing the supply and demand aspects of IT.
• Perform regular IT Governance Maturity Assessments and implement improvement plans.
• Develop training plans to embed the IT Governance Programme.

IT Risk Management:

• Oversee the implementation of organisation-wide processes and procedures, tools and techniques for the identification, assessment, and management of IT risk inherent in the operation of business processes and of potential risks arising from planned changes – including technology upgrades.
• Monitor the implementation and maintenance of IT risk self-assessment programs across the organization.
• Work closely with the IT department management to ensure that IT risks are communicated and mitigated.
• Pro-actively manage and mitigate all potential IT Risks to the organization, in association with Senior Manager and team members.
• Perform third-party IT supplier risk assessments to ensure supply chain risk is managed throughout the supplier's lifecycle.

IT Audit Management:

• Develop and execute IT annual audit plans based on organisational priorities and risk assessments.
• Identify audit objectives, scope, and methodologies for each engagement in collaboration with the internal\external audit team.
• Communicate audit findings and recommendations to relevant stakeholders.
• Prepare clear and concise audit responses in collaboration with senior management.

IT Compliance Management:

• Develop, enhance and maintain compliance, best practice and legislative requirements.
• Prepare and submit reports showcasing compliance with regulatory requirements, industry standards and internal policies.

Reporting:

• Prepare and submit reports showcasing compliance with regulatory requirements, industry standards and internal policies.
• Prepare reports for relevant governance committees.
• Compile, deliver and communicate ICT performance and status updates to key stakeholders including executive leadership.
• Continuously evaluate and improve ICT reporting processes and reports to deliver more valuable insights and recommendations.
• Establish robust reporting mechanisms for tracking IT performance metrics, cybersecurity incidents, and regulatory compliance, promoting transparency and accountability.