Transnet is the largest and most crucial part of the freight logistics chain that delivers goods to each and every South African. Transnet freight rail has approximately 38 000 employees, who are spread throughout the country. Transnet Limited, operating and controlling South Africa’s major transport infrastructure, is also responsible for ensuring that the country’s transport industries operate according to world-class standards. Transnet forms an integral part of the Southern African economy.
Read more about this company
To ensure that there is a consistent ICT governance approach (Governance, Risk, Audit and Compliance) integrated and aligned with the enterprise governance frameworks and methodologies by implementing and maintaining effective enabling structures, principles, processes and practices in order to achieve the enterprise’s strategies, mission, goals and objectives.
Position Outputs
Direct and control all activities related to Governance, Risk, Audit and Compliance to ensure resilience of the TRIM business and operations environment to support business outcomes and strategies. Direct and control activities to steer ICT with regards to information and technology risk in line with the Group ICT and Enterprise Risk Management Framework.
Ensure that the appropriate best practices governance frameworks are implemented, monitored, measured and reported on. (e.g. COBIT, ITIL, IS 20000, TRIM ICT Operational Model, ICT Lifestyle, Project and Portfolio Management (Agile, DevOps, Scrum). Ensure provision of assurance services to all ICT Functional areas in line with King IV and COBIT framework.
Review ICT process controls effectiveness. Review the operation of controls, including a review of monitoring and test evidence, to ensure that controls within ICT processes operate effectively. Ensure that the control effectiveness meets the requirements related to business, regulatory and social responsibilities. Monitor internal controls. Continuously monitor, benchmark and improve the IT control environment and control framework to meet organisational objectives.
Encourage management and process owners to take positive ownership of control improvement through a continuing programme of self-assessment to evaluate the completeness and effectiveness of management’s control over processes, policies and contracts.
Identify and report control deficiencies. Identify control deficiencies and analyse and identify their underlying root causes. Escalate control deficiencies and report to stakeholders.
Ensure that the entities performing assurance are independent from the function, groups or organisations in scope. The entities performing assurance should demonstrate an appropriate attitude and appearance, competence in the skills and knowledge necessary to perform assurance, and adherence to codes of ethics and professional.
Plan, Scope and Execute assurance initiatives. Report on identified findings. Provide positive assurance opinions, where appropriate, and recommendations for improvement relating to identified operational performance, external compliance and internal control system residual risk.
Identify external compliance requirements. On a continuous basis, identify and monitor for changes in local and international laws, regulations and other external requirements that must be complied with from an IT perspective. Optimise response to external requirements. Review and adjust policies, principles, standards, procedures and methodologies to ensure that legal, regulatory and contractual requirements are addressed and communicated. Consider industry standards, codes of good practice, and best practice guidance for adoption and adaptation.
Confirm external compliance. Confirm compliance of policies, principles, standards, procedures and methodologies with legal, regulatory and contractual requirements. Obtain assurance of external compliance. Obtain and report assurance of compliance and adherence with policies, principles, standards, procedures and methodologies. Confirm that corrective actions to address compliance gaps are closed in a timely manner.
Evaluate, Direct and Monitor risk management. Continually examine and ensure that the Risk Register is up to date with mitigating actions by continually identify, assess and reduce IT-related risk within levels of tolerance set by enterprise executive management.
Integrate the management of IT-related enterprise risk with overall ERM, and balance the costs and benefits of managing IT-related enterprise risk. Provide tactical governance, risk, audit and compliance guidance for all IT projects, including the evaluation and recommendation of technical controls according to the TRIM ICT Operational Model and the TRIM ICT Lifecycle.
Provide monthly Management Reports to the Senior Specialist GRC and Head GRC on the implementation of the Governance, Risk, Compliance, Audits and Change and Quality management in TRIM ICT.
Manage Performance, Training and coaching needs to empower GRC team with appropriate skills and attitudes and ensure a high-performance culture of continuous learning. Ensure alignment with HR processes and measurements systems (e.g. performance evaluation, succession planning, talent management, compensation decisions, promoting decisions, recruiting).
Qualifications and Experience
Relevant Bachelor’s Degree in Information Systems and/or Computer Science or related. A post graduate qualification is advantageous. 5 – 8 years’ related experience in the ICT environment, with at least 3 years in ICT Governance, Risk and Compliance. Following Certifications Required: COBIT and/or ITIL Foundation required. ISO27000, and TOGAF Certification preferred. Certifications in CRISC, CISA and CGEIT would be advantageous. Quality management – ISO 20 000 and Lean Six Sigma advantageous. Requirement of Trust and Honesty in the handling of Finances as per the National Credit Act Amendment 19. Standard Job Requirements Drivers license code 08. Travel as required and approved.
Gmail
Yahoomail