Specialist Technology Goverance & Risk at ATNS

Job description

Technology Governance -

• Participate in the development of the technology governance framework, namely the model, methodologies, policies and processes to support effective TI governance; Provide governance-related inputs and insights into technology and information planning processes;
• Monitor and ensure that all TI policies, processes, and standards across Technology & Information departments have been developed and implemented, and that they are reviewed and updated on an ongoing basis; Provide inputs on proper governance measures and controls relevant to the use of IT technologies within the organization;
• Maintain the TI Contract management register and provide early warnings on contract issues and renewals; Ensure that proper change management processes are in place; Establish and maintain alignment of technology activities, including report submissions, across various governance committees and structures; Analyse technology business processes to ensure alignment with the TI governance framework;
• Facilitate the implementation and continuous improvement of planning practices and processes within technology and the wider organization; Assess the status of complex multi-location projects and identify and implement appropriate corrective measures to resolve issues as they arise.

Governance, Compliance, and Risk Management -

• Provide regular reports on SLA compliance and identify and report areas of inefficiency; Monitor and ensure compliance with quality management (QMS) processes and standards; Contribute to the development of the TI risk framework ensuring alignment with the enterprise risk management framework; Maintain the TI risk register and ensure regular review to identify possible new risks; Monitor the effectiveness of controls and response plans, and recommend appropriate interventions where required;
• Perform regular internal risk assessments in various domains, e.g. application access, directory services, network, and vulnerability assessments, and ensure  that vulnerability remediation and tracking have been conducted; Develop and implement technology governance risk management plans as required; Implement the technology governance risk log;
• Perform technology and information governance activities, such as ensuring compliance to all relevant policies, processes, regulation, legislation, and standards; Contribute to the development of the maturity model and apply across all key governance processes. Propose initiatives to improve the level of maturity; Train all users in relevant TI governance requirements;
• Ensure that all documentation required for audit purposes are available prior to auditing; Integrate Cyber risk into TI Risk Management practices, processes, procedures and activities; Conduct TI risk assessments, analyse the effectiveness of controls, and report the results with actionable recommendations; Support the development and implementation of the TI wide risk management function to ensure that TI risks are identified and monitored; Review identified security risks and breaches to ensure that TI assets (software and hardware) and information are always appropriately secured;
• Ensure visibility, management and escalation of TI risks inherent to the delivery of TI services; Work directly with clients, third parties and other internal Departments such as GRC department to facilitate TI risk analysis and risk management processes, and to identify acceptable levels of residual risk; Keep TI management up to date on the results of the risk assessment and make recommendations on mitigation required to protect systems and cover potential losses;
• Compile periodic TI risk reports, metrics, and presentations that will be distributed to management, and / or risk owners; Review existing issues and incidents, along with actions, to ensure they are managed in line with risk management processes and standards; Participate in vendor risk assessment and management process; Assist in the development, implementation and communication of the function’s policies and processes and procedures to support the effective delivery of planning and governance initiatives.

Stakeholder Relations Management -

• Develop and maintain sound relationships with key TI service providers to support ongoing collaboration and alignment; Assist in managing SLAs with relevant departments to ensure that business expectations are managed and obligations met.

Financial Management -

• Participate in the development of the budget; Assist in monitoring and managing expenditure in line with business needs and priorities, and within set financial parameters; Ensure efficient utilisation of the approved budget; Provide required reports on the utilisation of the budget including possible deviations; Identify, avoid, and prevent irregular, fruitless and wasteful expenditure.

Minimum requirements

Minimum Formal Qualifications:

• B.Sc./B.Eng. in Engineering (Electrical/Electronics) or B-Degree in Computer Science/ Computer Studies/ Information Technology or related field
• ECSA Professional Registration as an Engineer will be an advantage
• ISACA Professional Registration will be an advantage

Minimum Years of Experience:

• Minimum 3 years’ experience in IT governance, risk and compliance is required in a complex electronic operations environment
• Knowledge and understanding of IT governance, systems and projects
• Experience in the implementation of IT governance frameworks
• Strong business acumen, including ability to interpret and apply company policies to effectively achieve objectives