Governance, Risk and Compliance Manager - Westville at RCL Foods

• The role will provide vision and expertise on SAP and Syspro user access and authorisation requirements as well as processes including directly related subsidiary ERP systems aligned with Group goals.
• In addition, the incumbent will be required to develop & implement best practice governance processes for the group around the key IT & Financial systems, lead the security access function for Key IT systems across the group and lead the access design and delivery of end-to-end information security solutions which are enabled by technology for Key IT systems.
• The role will be based in Westville and report to the Group Commercial Executive. 

Minimum Requirements    

Qualifications

• CA/CIMA or equivalent qualification

Skills and Experience

• A minimum of 4 years experience in a multi-functional, multi-divisional production and supply chain environment, 2 of which must be in a supervisory position.
• Experience in business processes and disciplines across financial/management accounting, inventory and materials management, quality control in an FMCG environment, product costing, data analysis, and reporting, system implementation (both new and enhancements) etc.
• Experience across the full supply chain in the Business from processing through to market would be advantageous.
• Experience in a fully/semi-integrated systems environment.

Knowledge 

• SAP and SYSPRO access & authorisation across all modules including but not limited to MTECH, MACS, ADEXA, and ORACLE.
• Interfaces and workflow architecture, rules, and processes.

Duties & Responsibilities    
Operational Management

• Design and develop Governance, Risk & Compliance documentation and appropriate workflow requirements and processes.
• Interact directly with Group managers and key stakeholders through a change management process with new systems implementation and/or system enhancements.
• Co-lead new systems implementation projects and systems enhancements.

Governance Risk and compliance (GRC)

• Owner of the Governance Risk & Compliance systems application.
• Analyse and gain an understanding of the Group business requirements for the User Access Management, Emergency Access Management, Business Role Management and Access Risk Analysis.
• Applying the Business requirements of the Group to configuring the GRC application.
• Assessing, recommending and configuring financial and operational controls around the SAP and Syspro applications.
• Identify potential risk to the business for user access (segregation of duties) and business role development.
• Recommending mitigation and remediation strategies to business process owners to reduce risk exposure of the business.
• Preparing and constructing access blueprints from best practices for security of systems to reduce risk exposure,
• Implementing authorised best practice strategies documented in Group blueprints in the GRC space.
• Manage relationships with internal and external stakeholders. Provide risk analysis reports to Internal and external audit.
• Liaise with internal audit to ensure that the controls designed and implemented are in line with Audit requirements.
• Owner of all external audit queries around user access and role management for key financial system.

User Access & Emergency User Access

• Manage user provisioning and authorisations across the SAP and Syspro technology  platforms and key IT Systems
• Provide advisory services in terms of Information Security.
• Maintain access to securable SAP and Syspro resources.
• Implement and document measures to safeguard the SAP and Syspro operating environment against accidental or unauthorized modification, destruction or disclosure.
• Analyse, categorise and resolve negative audit findings reported by internal or external auditors.
• Develop best practice policies, procedures and standards, to ensure consistency in key system applications across the organisation.
• Document information security standards and procedures relevant to the across the system applications for the group.
• Understanding of and commitment to internal control.
• Assess risks and controls and identify, construct and implement opportunities for improvement.
• Technical approve user access for Rainbow systems access.
• Ensure that the risks associated with these requirements are mitigated.
• Custodian of Developer Keys in the SAP environment.
• Request and register custom developers and objects for development in the SAP environment.
• Development of Syspro access systems in alignment with SAP processes

Business Role and User Management 

• Develop, configure, and administer system Security components for all SAP and Syspro ERP systems and Best of Breed applications for the Group
• Proactively engages in automating and streamlining of security and the appropriate control processes.
• Manage security administration, role design, and compliance for SAP and Syspro systems and other applications within the group.
• Developing good working relationships with other Managers, Architects and other Leads across the organisation as well as external consultants, customers and auditors.
• Work with business owners to identify, define and document business roles.
• Analyse and identify risks within these business roles.
• Provide guidance and recommend remediation/ mitigation controls for risks identified within business/technical roles.
• Redesign roles for remediation and advise on technical changes.
• Design, develop & document mitigation controls for business roles that have risk.
• Investigate opportunities to improve system capabilities based on observed risks or gaps.
• Ensure timely reporting & remediation of security control gaps and vulnerabilities to the computing environment.
• Interfacing with members of Architecture, Infrastructure and Business Facing groups within the IT department & Business to develop solutions and troubleshooting issues.

IT Security

• Managing projects and teams in order to deliver solutions to complex problems which may incorporate information security, data protection and information management.
• Develop industry knowledge and thought leadership for business environments and industry solutions and tools related to information security, data protection, security governance, and compliance.
• Analyse and formulate information security strategy and strategic plans/objectives.
• Maintain and develop technical skills in the field of information security and data protection.
• Lead colleagues in solving unique information security and technology challenges.

• GRC Standards Establishment and Ownership
• Document the meaning of core governance risk & compliance process and define business rules to ensure consistency of appropriate user access.
• Establish and define appropriate approval and authorisation levels in respect of user categories.

Reporting

• Deliver management-level reporting against KPI’s related to user access, appropriate authorisation access accuracy and integrity for internal customers on a monthly basis.

Innovation Promotion

• Scan for, assess and, where appropriate, introduce emerging risk management methodologies and systems to the Business for segregation of duties violations,emergency access requests. 
• Be an active participant in NPD project teams.
• Identify and manage on-going database and system enhancements.

Technical Expertise

• Serve as subject matter expert, providing technical guidance and advice to the leadership of the Business.

Staff Management

• Ensure compliance with Governance Risk & Control standards to protect overall information and financial integrity.
• Lead and develop staff within the context of the Labour Relations Act, Employment Equity Act, Basic Conditions of Employment Act, and the Skills Development Act.
• Monitor staff performance and provide regular feedback.
• Manage staff activities, ensuring service levels are met and protocols are adhered to.
• Coach and support staff where necessary to achieve objectives.
• Manage staff leave and general time management issues in line with organisational deliverables and standards.
• Manage and deliver on succession plans to enable the development of a future generation of leaders and specialists and ensure optimal turnover and retention levels are maintained.
• Champion staff training and development through the utilisation of available training opportunities or contributing to the development of new training solutions in collaboration with national training specialists.
• Conduct regular performance appraisals with subordinates.
• Establish sound staff and labour organising and communication structures and systems.
• Lead the team towards meeting the strategy and targets through regular communication and utilisation of the full organisational talent management tool set.
• Conduct regular meetings and ensure that records are kept and shared across the team and that action plans agreed to within team meetings are delivered upon.

Closing Date    
2023/06/23