Senior Manager: IT Governance, Risk & Compliance at Believe Resourcing Group

The Position:

As the Senior GRC Manager, you will play a pivotal role in supporting the Director: GSS in establishing and maturing the
University’s IT GRC processes and practices with a focus on the following Key Performance Areas (KPA’s):

KPA’s:

GRC Projects:

• Serve as the Business Lead on GRC-related projects (as directed)

Assist with Scoping, Planning, Execution and Monitoring of GRC-related projects – e.g.

• IT Disaster Recovery Project
• IT Vendor Governance Project

IT Governance:

• Lead the definition and implementation, working closely with the ICTS BI/Reporting Analyst, of Key
  Performance Indicators across the ICTS department, aligned with industry-accepted IT Governance
  standards (e.g. COBIT, ISO 27004 etc.);
• Lead the development of RACI matrices for various IT processes;
• Facilitate the development and documentation of IT-related policies, standards and procedures.

IT Risk & Issues Management:

• Facilitate the ICTS departmental Risk Management Forum (RMF);
• Facilitate the Identification, Assessment, and Mitigation of ICT risks, through ongoing engagement with the
  ICTS Directorate & members of the RMF.
• Facilitate the maintenance of the ICTS Risk and Issues Register
• Provide specialist support/guidance in the design of risk mitigation plans
• Monitor the implementation of risk-mitigating controls

IT Processes and Controls:

• Lead the design and implementation of a risk-informed system of IT Controls in the ICTS department that
  is aligned with best practice industry standards and frameworks (e.g. COBIT 2019, ISO 27001/27002, ISO
  27031, ISO 22301. ITIL, TOGAF, NIST SP 800-53, CIS Critical Security Controls (CIS CSC), POPIA, etc.).
• Lead the review and monitoring of compliance with approved business processes and control frameworks
  within the ICTS department.

IT Quality Assurance & Compliance Management:

• Facilitate internal departmental reviews and assessments against adopted standards (e.g. COBIT 2019,
  ISO 27001 etc.) to assist with compliance management and the improvement of IT/business processes.
• Assist with quality assurance reviews of IT Projects, within the ICTS project office, against project
  management industry standards adopted.
• Facilitate Compliance reviews and testing procedures.

Internal / External Audits:

• Oversee activities by ICTS units to meet the requirements of internal and external audit reviews;
• Oversee and monitor remediation plans/projects/activities in response to audit findings.

Reporting:

• Produce GRC-related management reports for various Governance and Management structures.

What they are looking for from you:
 

• At least an NQF-6 qualification in Information Systems, IT Management, Computer Science, Business Studies, or a
• related field; plus
• An Industry recognized certification in IT Governance, IT Risk Management, or Information Security
• Management or Information Systems Auditing; plus
• At least 8 years of relevant experience in IT Governance, Risk & Compliance (IT GRC) management in an
• enterprise (large/complex) IT environment;
• A proven track record of assessing the system of IT controls and facilitating the design, implementation, testing, and monitoring of IT Controls;
• Good knowledge of IT Governance and IT Risk Management frameworks;
• Good knowledge of Information Security frameworks;
• A track record of effective project and people leadership;
• Strong planning, organizing, coordinating, and work management skills;
• Strong elicitation, facilitation, and communication skills;
• Strong analytical and problem-solving skills;
• Excellent inter-personal skills with the ability to build and maintain strong relationships with diverse stakeholder
• groups (e.g. from executive management through to technical staff);
• Good business acumen;
• Excellent English Oral and Written communication and Presentation skills;