Senior Manager: IT Governance, Risk & Audit - SANRAL

Full Job Description - Read Carefully

POSITION OBJECTIVE:

The Senior Manager: IT Governance, Risk and Audit will be responsible for overseeing and ensuring that SANRAL's ICT operations align with business objectives, regulatory requirements, and industry best practices. This role involves developing and implementing IT governance frameworks, risk management strategies, and internal audit programs to protect assets and maintain integrity. The Senior Manager will also be expected to contribute to the development of the internal audit strategy and annual assurance plan.

Build and maintain relationships with the allocated portfolio of business units and other assurance providers as well as attend and present at selected governance committee meetings.

KEY RESPONSIBILITIES:

Management:

• Oversee the development, implementation, and management of an organization's IT GRC program.
• Establish IT governance frameworks.
• Identify and mitigate IT risks.
• Ensuring compliance with relevant regulations and policies.
• Lead and mentor a team of GRC professionals, fostering a culture of accountability and continuous improvement.

IT Governance:

• Work closely with the IT team to develop and implement organization-wide IT policies, processes and procedures.
• Assist in the review of IT management processes (and decisions) and confirm that they are compliant with the organisation's strategy for corporate governance of IT.
• Assist with establishing policy and standards for compliance with relevant global legislation relating to IT Governance, Privacy laws, data integrity, PCI-DSS, and other applicable laws.
• Act as the Subject Matter Expert for line managers and employees on matters relating to IT Governance.
• Research and keep up to date with international best practice in IT governance.
• Create IT RACI charts to clearly outline the responsibilities for managing the supply and demand aspects of IT.
• Perform regular IT Governance Maturity Assessments and implement improvement plans.
• Develop training plans to embed the IT Governance Programme.

IT Risk Management:

• Oversee the implementation of organisation-wide processes and procedures, tools and techniques for the identification, assessment, and management of IT risk inherent in the operation of business processes and of potential risks arising from planned changes – including technology upgrades.
• Monitor the implementation and maintenance of IT risk self-assessment programs across the organization.
• Work closely with the IT department management to ensure that IT risks are communicated and mitigated.
• Pro-actively manage and mitigate all potential IT Risks to the organization, in association with Senior Manager and team members.
• Perform third-party IT supplier risk assessments to ensure supply chain risk is managed throughout the supplier's lifecycle.

IT Audit Management:

• Develop and execute IT annual audit plans based on organisational priorities and risk assessments.
• Identify audit objectives, scope, and methodologies for each engagement in collaboration with the internal\external audit team.
• Communicate audit findings and recommendations to relevant stakeholders.
• Prepare clear and concise audit responses in collaboration with senior management.

IT Compliance Management:

• Develop, enhance and maintain compliance, best practice and legislative requirements.
• Prepare and submit reports showcasing compliance with regulatory requirements, industry standards and internal policies.

Reporting:

• Prepare and submit reports showcasing compliance with regulatory requirements, industry standards and internal policies.
• Prepare reports for relevant governance committees.
• Compile, deliver and communicate ICT performance and status updates to key stakeholders including executive leadership.
• Continuously evaluate and improve ICT reporting processes and reports to deliver more valuable insights and recommendations.
• Establish robust reporting mechanisms for tracking IT performance metrics, cybersecurity incidents, and regulatory compliance, promoting transparency and accountability.

MINIMUM REQUIREMENTS:

• NQF Level 7 Bachelor’s degree, Advanced Diploma or equivalent in Information Technology.
• Certificate in CISA, CRISC, CISM, CGEIT or COBIT.
• 10 years min relevant experience.
• 5 years managerial experience in IT GRC.

WORKPLACE COMPETENCIES:

• Strong leadership, communication, and stakeholder management skills.
• Expertise in IT governance frameworks, risk management, and compliance requirements.
• Good knowledge of Information Security standards and principles (e.g. ISO 27001).
• Experience in facilitating compliance audits / internal self-assessments.
• Strong planning, organizing, coordinating and work management skills.
• Diligence in developing and maintaining governance documentation, conducting thorough risk assessments, and ensuring accurate reporting.
• Software Development Lifecycle: Act as a bridge between development and security, providing guidance, overseeing security controls, and responding to IT GRC issues.
• Demand Management.
• Technology Trends: Play a crucial role in aligning IT with business objectives, managing risks, and ensuring compliance with regulations.
• Project management skills to organize, drive, and execute initiatives
• Experience in continuously improving IT GRC processes and practices to adapt to changing business needs and emerging risks.
• Leadership skills
• Customer Focus
• Business Needs Analysis
• Relationship Building and Influence
• Communication skills