Risk and Compliance Specialist

Operating Division : TPT POD Corporate H / O

Employee Group : Permanent

Department : ICT

Location : Durban

Reporting To : Senior Manager : ISGRC

Grade : F

Reference : req3629

The closing date is on 07 / 11 / 2025. It is the responsibility of the applicant to ensure that HR has received the application before the closing date of the advertisement.

Position Purpose

• Ensure the implementation and compliance of Legislative and Organisational policies, procedures, standards, and frameworks across the IT landscape.
• Manage the ICT related risks for TPT in accordance with the ERM framework, by constantly assessing the ICT environment for emerging risks and putting in place preventative and mitigating measures to reduce the likelihood and impact of the risks.
• Ensuring greater success of business goals and objectives by reducing the likelihood and impact of potential risks.

Position Outputs

Provide guidance, feedback, and support across ICT regarding identification of risk, risk mitigation and management.

Create an appropriate metrics to quantify, track and report on identified risk across ICT.

Perform risk management for ICT projects and initiatives and ensure risks are properly assessed, evaluated and assigned to the relevant owners for risk treatment.

Conduct ICT risk awareness and training – design and publish communications which develop awareness and accountabilities for risk management activities.

Keeps abreast of developments by identifying emerging risks and creation of associated risks registers within the organization.

Identify process improvement opportunities and develop and communicate recommendations for implementation.

Keeps abreast of developments in the areas of legal, regulatory, corporate requirements.

Ensure vendor and stakeholder compliance to Transnet’s Governance frameworks and adherence to SLA’s.

Weekly, monthly, and quarterly reporting on the compliance across the various application systems in the organisation.

Take appropriate steps to identify trends and improve compliance effectiveness.

Assist in executing other tasks of the Information Security, Governance, Risk and Compliance function, as and when required.

Work with internal control, audit, information security and compliance to manage the end‑to‑end processes for regular internal as well as any statutory reporting of risks in manner that provides a complete view of all ICT risks and that also guides management decision making.

Provide feedback to related governance forums such as MANCO and RISKCO, regarding latest risk posture of TPT ICT.

Qualifications and Experience

ICT Risk Management

Certified in Risk and Information Systems Controls (CRISC)

Information Systems Audit and Control Association (ISACA)

Competencies

Equity Statement

Preference will be given to suitably qualified Applicants who are members of the designated groups in line with the Employment Equity Plan and Targets of the Organisation / Operating Division.

#J-18808-Ljbffr