Senior Specialist: Group Governance Risk and Compliance at Vodacom

Role Purpose

The Senior Specialist Governance Risk and Control role based within Technology. The primary purpose of this role is to provide management with assurance that there are adequately designed controls in place which are operating effectively, and that control coverage is sufficient across the IT and Networking environments.
The individual will also be responsible for the development and review of governance aspects including policies and standards, tracking audit-related management actions, and managing Cyber Security risk. The function is across Vodacom Group markets.

Your Responsibilities Will Include

• Provide proactive support and guidance across the environment on the management of technology risks through robust controls. This includes managing the top 10 key technology risks from a controls perspective across the Vodacom markets, identification and assessment of new risks, tracking and re-evaluation of existing risks, closure of risks where applicable, and management reporting. Ensure that Cyber risk consistently aligns with and supports organisational risk.
• Best practice recommendations for Cyber Security implementation across various markets with consideration of local challenges and needs, and coupled with innovative problem-solving.
• Act as assurance liaison between external and internal audit functions and business stakeholders across Vodacom markets, establishing and agreeing audit scope, requirements and timelines, and providing sound recommendations to business in terms of audit evidence responses in alignment with industry assurance principles.
• Monitoring of security control and process compliance and coverage with the aim to identify opportunities to improve effectiveness and efficiency.
• Extensive focus on Cyber business intelligence reporting to facilitate an end-to-end view of the state of security across the environment, and to support management and executive Cyber strategy formulation and decision-making.
• Provide educated, researched and informed guidance, input and recommendations to stakeholders on various levels within the organisation on Cyber Security topics as required. Become a trusted advisor.
• Assist with development, implementation and communications of Cyber Awareness and Culture campaigns and programs.
• Assist with implementation of standardised policies, standards, procedures and practices across Vodacom markets.
• Provide GRC guidance and support for Vodacom markets, including Risk, Audit and Assurance reporting advisory and quality assurance.

The Ideal Candidate For This Role Will Have

• IT Audit, Risk Management or Cyber Security experience in large enterprises is required.
• Relevant Frameworks and Industry Certifications (for example CISM, CISSP, CRISC, CISA, ISO 2700x, Security+, etc.) preferable.
• Experience with implementing or auditing PoPI, GDPR, PCI-DSS and SOx would be a bonus.
• Technical/Infrastructure/Process knowledge is required i.e. a good overall knowledge of the following:
• Operating Systems (LINUX, Windows)
• IT Networks, Firewalls, VPNs
• Databases (SQL, Oracle, MongoDB, etc.)
• Security telemetry tools such as EDR, EPP, DLP, ATP, encryption, etc.
• Patch and vulnerability management
• Data leak prevention
• Data protection mechanisms, e.g. encryption, anonymization and masking.
• Privacy and Protection of Personal Information (PPI)
• AAA, IAM and PUAM
• Security Incident Management
• Security Event Monitoring and Detection

Personal Attributes Required

• Ability to function autonomously
• Taking initiative and an innovative mindset
• Critical thinking
• Ability to communicate on various levels with diverse stakeholders
• Strong analytical skills
• Attention to detail
• Meticulous documentation skills
• Good client engagement skills
• Good interpersonal and presentation skills

Must Have Technical / Professional Qualifications

• A relevant IT/Technology Degree (e.g. BSc Computer Science/Engineering, BCom Informatics) OR a minimum of 8 years’ proven work experience in a similar role.
• Knowledge of one or more information security governance frameworks and standards e.g. ISO Series (2700x and 9001 in particular), NIST CSF, CoBIT for Information Security, ISF SOGP, CIS/SANS, etc.
• Knowledge of privacy regulations such as GDPR, PoPI.
• Experience in conducting cyber security risk assessments.

Overall Experience 5yrs, Inclusive Of

• At least 5-8 years’ experience in risk, assurance, control and compliance management in a technology environment, with Cyber or Information Security experience preferred.
• At least 5 years’ experience in Information Security GRC or an Information Security Audit function would be advantageous

Closing date for Applications: 24 July 2020

The base location for this role is, Midrand, Vodacom Campus