Senior Manager: IT Governance, Risk & Compliance at Believe Resourcing

The Position

• As the Senior GRC Manager, you will play a pivotal role in supporting the Director: GSS in establishing and maturing the University’s IT GRC processes and practices with a focus on the following Key Performance Areas (KPA’s):

KPA’s

• GRC Projects:
• Serve as the Business Lead on GRC-related projects (as directed)

Assist with Scoping, Planning, Execution and Monitoring of GRC-related projects – e.g.

• IT Disaster Recovery Project
• IT Vendor Governance Project
• IT Governance:
• Lead the definition and implementation, working closely with the ICTS BI/Reporting Analyst, of Key Performance Indicators across the ICTS department, aligned with industry-accepted IT Governance standards (e.g. COBIT, ISO 27004 etc.);
• Lead the development of RACI matrices for various IT processes;
• Facilitate the development and documentation of IT-related policies, standards and procedures.
• IT Risk & Issues Management:
• Facilitate the ICTS departmental Risk Management Forum (RMF);
• Facilitate the Identification, Assessment, and Mitigation of ICT risks, through ongoing engagement with the ICTS Directorate & members of the RMF.
• Facilitate the maintenance of the ICTS Risk and Issues Register
• Provide specialist support/guidance in the design of risk mitigation plans
• Monitor the implementation of risk-mitigating controls
• IT Processes and Controls:
• Lead the design and implementation of a risk-informed system of IT Controls in the ICTS department that is aligned with best practice industry standards and frameworks (e.g. COBIT 2019, ISO 27001/27002, ISO 27031, ISO 22301. ITIL, TOGAF, NIST SP 800-53, CIS Critical Security Controls (CIS CSC), POPIA, etc.).
• Lead the review and monitoring of compliance with approved business processes and control frameworks within the ICTS department.
• IT Quality Assurance & Compliance Management:
• Facilitate internal departmental reviews and assessments against adopted standards (e.g. COBIT 2019, ISO 27001 etc.) to assist with compliance management and the improvement of IT / business processes.
• Assist with quality assurance reviews of IT Projects, within the ICTS project office, against project management industry standards adopted.
• Facilitate Compliance reviews and testing procedures.
• Internal / External Audits:
• Oversee activities by ICTS units to meet the requirements of internal and external audit reviews;
• Oversee and monitor remediation plans / projects / activities in response to audit findings.
• Reporting:
• Produce GRC-related management reports for various Governance and Management structures.

What They Are Looking For From You

• At least an NQF-6 qualification in Information Systems, IT Management, Computer Science, Business Studies, or a related field; plus
• An Industry recognized certification in IT Governance, or IT Risk Management, or Information Security Management or Information Systems Auditing; plus
• At least 8 years of relevant experience in IT Governance, Risk & Compliance (IT GRC) management in an enterprise (large/complex) IT environment;
• A proven track record of assessing the system of IT controls and facilitating the design, implementation, testing and monitoring of IT Controls;
• Good knowledge of IT Governance and IT Risk Management frameworks;
• Good knowledge of Information Security frameworks;
• A track record of effective project and people leadership;
• Strong planning, organizing, coordinating and work management skills;
• Strong elicitation, facilitation and communication skills;
• Strong analytical and problem-solving skills;
• Excellent inter-personal skills with the ability to build and maintain strong relationships with diverse stakeholder groups (e.g. from executive management through to technical staff);
• Good business acumen;
• Excellent English Oral and Written communication and Presentation skills;

Desired Skills and Experience

• IT Risk Management Frameworks, Risk Management, IT Management,, Risk & Compliance, IT Controls, Information Security frameworks