Senior Manager: Risk and Assurance

PURPOSE OF THE ROLE

To effectively manage Quality Management System, Environmental Management System, Energy Efficiency Management System, OHS Management System & Information Security, Data Protection & Cybersecurity Management System to retain current and new clients, minimise operational risk as well as reputational risk for Teraco. Overall responsibility to ensure that the Management System is effective, by ensuring that all the programmes/ system are aligned, cohesive and do not have duplication or conflicting systems. Overseeing Teraco’s risk and BCP programmes and accurate reporting thereof. Manage the Risk & Assurance team.

MAIN FUNCTIONS OF THE JOB
- The evaluation, motivation and implementation of any new standards or certifications;
- Maintenance of existing certifications and attestations, including but not limited to ISO 9001, ISO 27001, ISO 14001, ISO 50001, ISO 45001, ISAE 3402 Type II, SOC2 Type II, PCI DSS 4.0;
- Overall responsibility to ensure that the Management System is effective, by ensuring that all the programmes/ system are aligned, cohesive and do not have duplication or conflicting systems.
- Management Representative of Teraco’s Quality Management and Information Security Management programmes. Support to the management representatives of the Energy, Environmental and OHS programmes.
- Responsible for the ISO Management System (clauses 1-5), policy and documented records/ evidence.
- Assist with performance reporting of the Management Systems and where required, client report dissemination.
- Support the Head of Operations in preparing for the annual Strategic Planning/ Management Review meeting.
- Responsible for the Teraco Risk Management program & procedure and implementation/ maintenance thereof.
- Responsible for supporting the CEO and Head of Operations in maintaining the business continuity program and for ensuring the simulations are executed as planned.
- Responsible for the Operational Risk meeting, and monthly collation and presentation of the ESG report
- Oversight to ensure there is planning and execution of the internal audit and self assessment audit schedule.
- Ownership and oversight of internal & external audits/attestations for ISEA3402, SOC2, ISO9001, ISO27001, ISO14001, ISO45001, ISO50001 and PCI, including site additions and transitions.
- Compile responses to client audits, as per delegated area of responsibility.
- Lead 3rd party client audits and ensure closure of audit findings e.g. Trusight, SSPA etc.
- When requested, attend client audits and/or quarterly reviews, where required to present evidence on audit, certification etc.
- Compile and lead action plan to address any deficiencies identified in client audits and SLA review.
- Identify audit trends and / or emerging client needs to guide the business to have the required process defined and implemented proactively.
- Accountability and responsibility for the quality and accuracy of MyZone Policies, Procedures, EOP etc documentation, including compliance to CI and brand.
- Assist functional areas with or compile new procedures, policies, work instructions and forms as and when required. Where required, lead the development of new policies, and drive alignment between the interested parties.
- Support the CISO in information security awareness, education and training. KnowBe4 champion and owner of KnowBe4 information security training program.
- Conduct independent quarterly audits of system access rights. Oversight to ensure that all access audits are occurring including client access audits, service/provider contractor access audits and all physical security configuration and data integrity audits.
- Develop and implement an audit program to measure compliance to client contracted SLA’s, and track correctives for effective implementation.
- Management and development of the Risk and Assurance team member(s).

SKILLS REQUIREMENT
- Excellent written and verbal communication skills:

- Listens to others and accepts input from team members
- Clearly articulates ideas and thoughts
- Accurately prepares written business correspondence that is coherent, grammatically correct, effective and professional
- High quality output
- Proactive problem solver:

- Proposes solutions to problems and considers timeliness, effectiveness, and practicality in addressing requirements
- Generates innovative solutions by approaching problems with curiosity and open mindedness, using existing information to its fullest potential
- A honed alertness and vigilance to potential breaches in compliance. This means actively enforcing a mandatory reporting policy and seeking out any weakness in company dealings.
- Ability to work independently & a positive team player
- Self-motivated and displays leadership skills
- Demonstrates flexibility in day-to-day work.
- Establishes harmonious working relationships with team members
- Appreciates each team member's contributions and values each individual member
- Sets high standards of