Description
Job description : IT Cybersecurity and Governance, Risk and Compliance, the incumbent is responsible for developing, implementing, managing and maintaining a robust IT Governance, Risk and Compliance framework that ensures the integrity, confidentiality, and availability of the Firm's information assets.
The role involves implementation of policies, procedures, and controls to manage IT risks, ensure compliance with regulatory requirements, and align IT strategies with the firm's overall objectives.
Manage IT assets and IT projects.
Key Performance Areas
- Lead the development and implementation of departmental policy, procedures and processes.
- Keep up to date with effective policy and practice execution strategies.
IT Governance
Develop and implement IT governance frameworks and strategies aligned with organisational goals and industry best practices.Establish policies, procedures, and controls to ensure compliance with regulatory requirements and internal standards.Develop and maintain a complete controls library for IT controls in line with best practice recommendations.Monitor and evaluate the effectiveness of governance processes and recommend improvements as needed.IT Risk Management
Design, develop, and implement the Information Technology (IT) Risk Management Framework that is aligned to the SNG Grant Thornton Enterprise Risk Management (ERM) framework.Identify, assess, and prioritise IT-related risks across the organisation.Develop risk mitigation plans and strategies to minimise potential impacts on IT operations and data integrity.Conduct regular risk assessments and audits to ensure ongoing compliance and risk readiness.Drive the creation of an understanding of IT policies, processes, risk, and controls in line with the SNG Grant Thornton Policy Framework.Act as a liaison between IT Department and all relevant stakeholders to ensure that IT risks are adequately considered in the overall risk profile of the SNG Grant Thornton.Proactively ensure that all new projects have correct levels of assurance controls by conducting internal risk reviews before and during project implementation.Manage third-party risks compliance and assurance across the IT environment.Stay up to date with regulatory requirements and industry standards relevant to IT operations (e.g., POPIA, GDPR, HIPAA, ISO).Implement and maintain compliance programs and initiatives, including training and awareness campaigns for staff.Coordinate audits and assessments by internal / external auditors and regulatory bodies.Proactively manage the reduction of unsatisfactory audits by : identifying areas of risk within IT Department, by assisting with the development of remediation plans to address issues by providing risk and audit expertise, and raising and tracking IT Department Issues which may be of a strategic, tactical, or operational nature.Ensure involvement during planning, fieldwork, and reporting stages of all audits that are IT-related.Review audit reports for factual accuracy and ensure that the correct action owners were identified.Review the feasibility of agreed actions and facilitate closure of audit findings.Training and Awareness
Oversee the development and delivery of training programs on IT governance, risk management, and compliance for employees.Promote a culture of compliance and awareness across the organisation through workshops, seminars, and informational materials.E.g., Cybersecurity awareness, Policy Compliance, POPIA Compliance, etc.
Track the remediation of all observations / findings
Track and monitor the adequate and on-time remediation of observations raised by all independent assurance bodies.Record remediation plans and facilitate closure for IT-related control weaknesses identified.Ensure this is done through weekly progress tracking with control owners (typically Senior Managers) and reporting.Engage with IT management and senior management to discuss and manage overall progress against remediation plans.Ensure that all audit closure documents are reviewed by the appropriate stakeholders before being submitted to Auditors.Asset Management
Manage IT assets throughout the lifecycle of assets.Manage movement and allocation of assets.Ensure identification and tagging of assets where required.Maintain records and an asset register.IT Projects
Develop and implement an IT project management framework.Develop templates and tools.Manage IT projects in line with established frameworks.Reporting and Documentation.Develop a stakeholder matrix and ensure reporting requirements and timelines are understood.Prepare regular reports and updates for senior management and stakeholders on IT governance, risk, and compliance activities on a monthly basis or as and when required.Communicate risks, compliance issues, and recommendations clearly and effectively to key stakeholders.Collaborate with IT teams, relevant internal Committees, legal counsel, and business units to address compliance concerns and implement solutions.Maintain documentation of IT Governance, Risk and Compliance processes, policies and procedures.Behavioural Competencies Required
ResilienceCommunicationWorking with PeopleNetwork and AlliancesPlanning, Organising and CoordinatingEmployee EngagementPersonal MasteryJudgement and Decision MakingEthics and ValuesClient Service OrientationManagerial Competencies Required
Change management.Coaching and mentoringConflict managementCritical and innovative thinkingStrategic thinking and planningFacilitation and presentation SkillsTeam leadership and collaborationService Delivery InnovationStakeholder development and relationsProblem solvingReportingTechnical Competencies Required
IT Risk and Governance Frameworks.Understanding of Risk and Compliance Concepts.Project Management Skills.Interpersonal Skills.Policy conceptualisation and formulationProgramme / project managementExperience
Relevant 2-5 years' experience in IT Governance, Risk and Compliance environment of which 2 years must have been on a management / supervisory level / area of expertise.
MINIMUM REQUIREMENTS / Qualifications
Bachelor's Degree / Advanced Diploma in IT / Risk Management / Audit / IT Governance related qualification.Postgraduate in IT / Risk Management / Audit / IT Governance related qualification will be advantageous.Certification in CISA, COBIT and ITIL.ISO certification will be an added advantage.Package & Remuneration
Market Related
About Us
SNG Grant Thornton is a forward-thinking firm where you'll work with diverse clients and professionals dedicated to delivering excellence. We are a member firm of Grant Thornton International, one of the world's leading international organisations of independently owned and managed accounting and consulting firms. We offer high-quality assurance, tax and advisory services to a diverse range of clients.
Our success is based on great depth of expertise, delivered in a distinctively personal and straightforward way.
#J-18808-Ljbffr
