Job Opening at GOLD FIELDS

Job description

Job Summary

The Group ICT Governance and Cyber Security Manager will be responsible for Governance, Risk, Architecture, Security, Standards and Compliance (GRASSC) for the Gold Fields Group reporting to the Group CIO.

The GRASSC discipline within the ICT Delivery Model is concerned with the following:

Governance:

As per the ICT Charter, a formal governance structure is responsible for ensuring the adequacy and effectiveness of the ICT function exists. This structure ensures that ICT enables and supports the business strategy with value through ICT services, in a stable, reliable and secure manner.

Risk:

The management of ICT Risk is integrated into the Gold Fields Risk Management framework and managed through the ICT risk policy.

Architecture:

Ensuring that ICT and broader technology architecture decisions are governed through an architecture design authority. The overall stability of the ICT landscape together with appropriate safeguards against architecture incompatibility are maintained.

Security:

The purpose of sustaining a suitable security posture is to protect the information assets contained within the Gold Fields technology landscape. Securing ICT resources, is based on the identification, monitoring and response to ICT cyber security threats.

Standards:

Within the Gold Fields ICT environment, there are 41 overarching standards and policies, which are reviewed and updated annually. The ongoing review and update ensures that these standards and policies remain relevant to the changing technology environment.

Compliance:

Maintaining a relevant regulatory framework includes identifying which technology changes require regulatory changes or updates. The compliance to the regulatory framework refers to compliance with internal policies, selected industry standards, external laws and regulations

The Appointee Should Have

• A tertiary qualification from an accredited institution, (NQF 5) in the field of Information Technology
• A minimum of 5-8 years’ experience in Information Technology and 3 years’ experience in a management position
• Full understanding and experience of Sarbanes Oxley compliance
• Thorough understanding of applicable legislation that impacts ICT
• Experience in compliance frameworks for Information Security, Compliance & IT Governance Standards: ISO27001, COBIT, King III, PMBOK, TOGAF, etc.
• Strong risk assessment/audit capabilities with hands on experience in many technologies and platforms across a broad range of industries.
• A clear understanding of cyber Security trends
• Established networks in the industry and be up to date with best practice trends
• Advanced report writing skills

Governance & Compliance

Key responsibilities:

• Ensure that all governance processes, policies and procedures are updated, approved and implemented in the regions.
• Conducting internal assessments
• Maintaining the target COBIT maturity levels as agreed with ICT leadership
• Ensure that regular self-assessments are conducted across the group to maintain compliance

Risk

• Identify, classify and document ICT Risks and ensure these are integrated into the group risk management processes and documented in the Group ICT Risk Register.
• Lead Risk Management workshops
• Develop an ICT risk awareness program and identifying the risk response options and mitigations

Architecture And Standards

• The creation, iteration, and maintenance of structures such as enterprise and business architectures embodying the key principles, methods and models that describe the organisation's future state and that enable its evolution.
• Ensure that any ICT acquisitions/ projects conform to the Architecture and Standards prescribed by the group
• Maintain an Enterprise ICT Architecture model that is evolving to facilitate the digital initiatives

Security

• Identify malicious applications, malicious communication and abnormal or irregular communication entering or leaving the Gold Fields network environment.
• Help to design, implement, and maintain the organization’s cybersecurity plan.
• Manage vendors and service providers to ensure that the defined Gold Fields security posture is maintained

Audits

• Collaborate with internal and external audit to define all ICT governance and security audits are conducted regularly
• Facilitate these ICT audits across the group
• Ensure the findings and associated remediation activities are conducted
• Lead and manage the process of self-assessment as part of the overall IT Governance Framework.

Knowledge And Skills

• Full understanding and experience of Sarbanes Oxley compliance
• Thorough understanding of applicable legislation that impacts ICT
• Experience in compliance frameworks for Information Security, Compliance & IT Governance Standards: ISO27001, COBIT, King III, PMBOK, TOGAF, etc.
• Strong risk assessment/audit capabilities with hands on experience in many technologies and platforms across a broad range of industries.
• Clear understanding of cyber Security trends
• Advanced report writing skills
• Advanced Interpersonal and relationship building skills
• Be a team player and collaborative
• Highly Results Focused
• Courageous and resilient
• Well balanced emotional intelligence
• Strategic and collaborative
• Ability to Influence Management, Employees and key stakeholders
• Advanced business acumen
• Be Inspirational and motivational

It Will Be Advantageous If Applicants Have

• Post graduate qualification in Information Technology (NQF 6)
• Professional Registrations
• Financial Management and budgeting knowledge
• Project Management knowledge
• Knowledge of the mining industry