Executive: IT Governance, Risk and Compliance

**Core Description**:
**Competencies**:
FUNCTIONAL KNOWLEDGE:
Business Threat Identification and Communication; Information Risk Assessment and Management; Regulatory and Legal Frameworks; Change Management and Change Risk; GRC and Security Standards, Policies and Practices; Information Risks within Systems and IT Architecture; Information Risks within people and processes; Infrastructure Risks to business delivery; Enterprise and Security Architecture; Operational Security Practices and Management Information Security Awareness; Information Security value

FUNCTIONAL SKILLS:
Strategy formulation & Execution; Incident Management and Response; Analytical and investigative; Communication and Interpretation; Decision making; Problem solving; Project and complex task management; Risk Awareness and explanation

ATTITUDES/LEADERSHIP COMPETENCIES:
Integrity; Assertive; Confident; Initiator; Supportive; Persuasive; Team Player; Problem Ownership Thought Leadership: Developing strategies/ Providing insights; Generating ideas; Exploring possibilities; Examining information; Adopting practical approaches Market Leadership: Developing expertise; Challenging ideas; Interacting with people; Understanding people; Seizing opportunities; Managing tasks Business Leadership: Pursuing goals; Taking action; Upholding standards; Managing tasks; Seizing opportunities People Leadership: Making decisions; Empowering individuals; Challenging ideas; Directing people; Convincing people; Interacting with people Personal Leadership: Embracing change; Thinking positively; Showing composure; Understanding people; Valuing individuals; Team working Values Aligned with Telkom Values (CHART)

**Responsibilities**:
**IT Governance, **IT Risk Management, **IT Compliance Management**

***Information Security Management**
- Provide leadership and vision to ensure information security obstacles to achievement of business objectives are identified and addressed
- Effectively Communicate Information Security risk at senior management and strategic levels
- Ensure availability of appropriate skills, technologies, processes and resources
- Ensure all security teams, services, technologies and processes are coordinated throughout the organization
- Ensure production of timely, informative and accurate business and IT metrics relating to information risk - using these metrics prioritise key initiatives
- to reduce or respond to business risk
- Ensure that business systems and information security services and security of customer products and services are aligned and managed

**Information Security Governance**
- Oversee and coordinate all aspects of alignment of Telkom's Information Security Management System
- Ensure Appropriate Security Governance Create/ Maintain/ Communicate Information Security Policies and Standards
- Ensure Regulatory and Security Policy Compliance and Business Risk alignment through review and update processes
- Maintain Information Security Strategy ensuring Business Strategy Alignment, development of business cases to support short and long term strategic initiatives
- Ensure delivery of Information Security Awareness activities to communicating behavior, threats, and Business Risks

**Information Security Risk Management**
- Report to Business on assessment of Enterprise Information threats and Risks, ensure business affecting risks are included on Risk register
- Ensure appropriate Research, Identification and Assessment of Information threats to business (New and existing)
- Ensure and Manage Project and Change Consultation and Assessment of Risk
- Ensure appropriate security systems, tools and resources are made available to protect business initiatives
- Ensure Information Security Governance and Business forums operate and support business risk management
- Monitor, Assess and Report on Operational Security Assurance
- Ensure security operations and incident response capabilities are appropriate for threat environment

**Information Security Architecture**
- Ensure Enterprise Security Architecture aligns with business requirements and risks
- Advise and recommend Technical Security direction in support of Enterprise Security Architecture
- Define, Assess and Communicate Information Security elements within Business and IT Architecture
- Information Security input to Business cases and projects
- Ensure Information Security Architecture requirements are met within all systems and processes
- Ensure network, technology and security architectures are consistent throughout the company

**Required Certification**:
Required at least one of: CISM, CRISC CISSP, SABSA, CoBIT

Optional: CISA, CoBIT, TOGAF, ITIL

**Qualifications**:

- Relevant 3 year Degree in IT or Information Security (NQF level 7).
- Post graduate qualification preferred.

**Experience**:
8 Years relevant experience, of which at least 3 years on senior management level. Practical experience in IT GRC with specialisation in Information Security, of which seven