Specialist: ICT Governance Risk and Compliance - Pretoria at South African Bureau of Standards (SABS)

Purpose Statement

• To design, develop, implement and maintain ICT Governance, Risk and Compliance strategic frameworks andactivities, data privacy compliance reporting and processes as well as conduct regular governance audits and take corrective action on behalf of the SABS to support business operationsand strategic objectives.

Minimum Requirements    

• Diploma + Advanced Diploma /B-Degree in ICT, IS, Computer science or a related field.                              
• Certified in the Governance of Enterprise IT (CGEIT) certification is essential.                                                
•  Certified Information Systems Auditor (CISA) certification is advantageous.                                                              
•  Certified in Risk and Information Systems Control (CRISC) certification is advantageous.                                            
• 8 years relevant work experience in ICT Governance Risk and Compliance                            

Duties and Responsibilities    
Functional Management

• Provide an ICT Governance, Risk and Compliance (GRC)?framework, including data compliance and cybersecurity risk?aligning ICT with the overall objectives of SABS.
• Coordinate the development and implementation of ICT policies, standards, processes and procedures and ensure that data compliance standards are adhered to throughout the organisation and escalate non-compliance issues.
• Monitor and evaluate adherence to ITC policies at the divisional and organisational level and escalate non-compliance to line management for corrective action.
• Ensure that all relevant controls, policies and procedures are embedded and monitored as operating effectively and that actions are in place to address emerging risks and incidents.
• Identify, report and ensure implementation of mitigation of all ICT related cybersecurity threats and risk assessment procedures. 
• Implement controls to mitigate risks identified during the risk assessment process.
• Implement and stress test the Disaster Recovery Plan to ensure ICT business continuity processes and procedures are running smoothly within the organisation.
• Ensure that independent annual vulnerability and penetration testing are performed in the SABS environment and implement remedial actions as required. 
• Contribute to the development of the Business Continuity Strategy and process in consultation with the Head: ICT to ensure readiness for recovery from ICT service interruptions.
• Ensure and coordinate regular Business Impact Analyses of ICT Services on SABS processes.
• Track timely closure of identified control gaps and risk mitigation plans and actively support action owners during issue remediation.
• Ensure that internal control frameworks are developed and implemented across the organisation with regard to IT Risk Standards, ICT controls and regulatory and legislative requirements.
• Review and update policy / standards compliance and exceptions, and report status to management and document advice for corrective actions. 
• Develop and coordinate the implementation of an IT governance, metrics collection, and reporting capability across the ICT division.
• Provide guidance on implementing ICT compliance control objectives and provide support for gap analysis initiatives.
• Provide input to improve efficiency and effectiveness of ICT cybersecurity governance services.
• Act as point of contact within the ICT division with regards to risk and compliance issues.
• Coordinate the ICT audit process and ensure that related audit activities and requests are handled efficiently and effectively.
• Support ICT team during the planning and subsequent phases of an audit as well as during the audit close-out process.
• Report on all ICT Governance, Risk and Compliance matters as required.
• Provide technical support and training to SABS users with regards to ICT Governance and Risk principles. 

Risk and Compliance Management

• Assist in identifying and adhering to fraud controls, risk prevention principles, sound governance and compliance processes, and tools to identify and manage risks.
• Support and provide evidence to all internal and external audit and regulatory requirements.
• Maintain quality risk management standards in line with regulatory requirements.
• Maintain and enforce all related Service Level Agreements to minimise business risk and ensure business continuity.
• Adhere to all relevant laws, policies and Standard Operating Procedures throughout the organisation.

Stakeholder Management

• Build and maintain effective internal and external stakeholder relationships for the purpose of expectations management, knowledge sharing and integration, and to manage the organisation’s reputation. 
• Represent and participate in the organisation’s committees and tasks teams when required. 
• Convene and attend meetings and present relevant information stakeholders when required.
• Ensure the provision of excellent customer service. 
• Resolve queries and problems within span of control and within agreed time frames.
• Follow up on unresolved queries and complaints where required.   
• Liaise with relevant stakeholders regarding follow-up of information, as required for tender requests.
• Provide subject-matter advocacy and expertise to all relevant stakeholders.
• Manage internal and external relationships to ensure that business process engineering best practices are implemented across the organisation.