Specialist: Ict Governance Risk and Compliance

**Job Advert Summary**:
**About SABS**

The South African Bureau of Standards (SABS) is mandated to develop, promote and maintain South African National Standards (SANS); promote quality in connection with commodities, products and services; and render conformity assessment services and assist in matters connected therewith. Working for the SABS opens the mind to the world around you. We offer diverse career paths in a dynamic environment that nurtures and recognises talent and potential. Become part of our vision of being a trusted standardisation and business assurance solution provider and join a team that fosters accountability, excellence and innovation in an inclusive workplace.

SABS is an equal opportunities employer, and our recruitment will be done in line with the Employment Equity Act 55 of 1998 and our EE Policy.
- Please note by responding to the advertisement, you consent to the collection, processing, and storing of your Personal Information in accordance with the Protection of Personal Information Act (POPIA). Your information will be used solely for purposes of recruitment and more specifically for the position you have applied for, and will not be shared with third parties without prior consent unless required by law._

**Purpose Statement**

To design, develop, implement and maintain ICT Governance, Risk and Compliance strategic frameworks and
activities, data privacy compliance reporting and processes as well as conduct regular governance audits and take corrective action on behalf of the SABS to support business operationsand strategic objectives.

**Minimum Requirements**:
**Qualification**
- Diploma + Advanced Diploma / B-Degree in ICT, IS, Computer science or a

related field (NQF Level 7).
- Certified in the Governance of Enterprise IT (CGEIT) certification is advantageous..
- Certified Information Systems Auditor (CISA) certification is advantageous.
- Certified in Risk and Information Systems Control (CRISC) certification is

advantageous.
**Work Experiance**
- 8 years relevant work experience in ICT Governance Risk and Compliance
- 4 years specialist experience
- Must have ICT governance and risk experience within a corporate environment.
- Proven track record in implementing COBIT 5 Enterprise Governance

frameworks within an organisation

**Duties and Responsibilities**:
**Functional Management**
- Provide an ICT Governance, Risk and Compliance (GRC)?framework, including data compliance and cybersecurity risk?aligning ICT with the overall objectives of SABS.
- Coordinate the development and implementation of ICT policies, standards, processes and procedures and ensure that data compliance standards are adhered to throughout the organisation and escalate non-compliance issues.
- Monitor and evaluate adherence to ITC policies at the divisional and organisational level and escalate non-compliance to line management for corrective action.
- Ensure that all relevant controls, policies and procedures are embedded and monitored as operating effectively and that actions are in place to address emerging risks and incidents.
- Identify, report and ensure implementation of mitigation of all ICT related cybersecurity threats and risk assessment procedures.
- Implement controls to mitigate risks identified during the risk assessment process.
- Implement and stress test the Disaster Recovery Plan to ensure ICT business continuity processes and procedures are running smoothly within the organisation.
- Ensure that independent annual vulnerability and penetration testing are performed in the SABS environment and implement remedial actions as required.
- Contribute to the development of the Business Continuity Strategy and process in consultation with the Head: ICT to ensure readiness for recovery from ICT service interruptions.
- Ensure and coordinate regular Business Impact Analyses of ICT Services on SABS processes.
- Track timely closure of identified control gaps and risk mitigation plans and actively support action owners during issue remediation.
- Ensure that internal control frameworks are developed and implemented across the organisation with regard to IT Risk Standards, ICT controls and regulatory and legislative requirements.
- Review and update policy / standards compliance and exceptions, and report status to management and document advice for corrective actions.
- Develop and coordinate the implementation of an IT governance, metrics collection, and reporting capability across the ICT division.
- Provide guidance on implementing ICT compliance control objectives and provide support for gap analysis initiatives.
- Provide input to improve efficiency and effectiveness of ICT cybersecurity governance services.
- Act as point of contact within the ICT division with regards to risk and compliance issues.
- Coordinate the ICT audit process and ensure that related audit activities and requests are handled efficiently and effectively.
- Support ICT team during the planning and subsequen