Executive: IT Gov, Risk and Compl

**Core Description**:
**Competencies**:
**Functional Knowledge**
Business Threat Identification and Communication; Information Risk Assessment and Management; Regulatory and Legal Frameworks; Change Management and Change Risk; GRC and Security Standards, Policies and Practices; Information Risks within Systems and IT Architecture. Information Risks within people and processes; Infrastructure Risks to business delivery; Enterprise and Security Architecture; Operational Security Practices and Management Information Security Awareness; Information Security value.

**Functional Skills**
Strategy formulation & Execution; Incident Management and Response; Analytical and investigative; Communication and Interpretation; Decision making; Problem solving; Project and complex task management; Risk Awareness and explanation

**Attitudes/ Leadership Competencies**
Integrity; Assertive; Confident; Initiator; Supportive; Persuasive; Team Player; Problem Ownership

**Thought Leadership**: Developing strategies/ Providing insights; Generating ideas; Exploring possibilities; Examining information; Adopting practical approaches

**Market Leadership**: Developing expertise; Challenging ideas; Interacting with people; Understanding people; Seizing opportunities; Managing tasks

**Business Leadership**: Pursuing goals; Taking action; Upholding standards; Managing tasks; Seizing opportunities

**People Leadership**: Making decisions; Empowering individuals; Challenging ideas; Directing people; Convincing people; Interacting with people

**Personal Leadership**: Embracing change; Thinking positively; Showing composure; Understanding people; Valuing individuals; Team working

Values Aligned with Telkom Values (CHART)

**Responsibilities**:
IT Governance

IT Risk Management

IT Compliance Management

**Information Security Management**
- Provide leadership and vision to ensure information security obstacles to achievement of business objectives are identified and addressed
- Effectively Communicate Information Security risk at senior management and strategic levels
- Ensure availability of appropriate skills, technologies, processes and resources
- Ensure all security teams, services, technologies and processes are coordinated throughout the organization
- Ensure production of timely, informative and accurate business and IT metrics relating to information risk - using these metrics prioritise key initiatives to reduce or respond to business risk
- Ensure that business systems and information security services and security of customer products and services are aligned and managed

**Information Security Governance**
- Oversee and coordinate all aspects of alignment of Telkom's Information Security Management System
- Ensure Appropriate Security Governance Create/ Maintain/ Communicate Information Security Policies and Standards
- Ensure Regulatory and Security Policy Compliance and Business Risk alignment through review and update processes
- Maintain Information Security Strategy ensuring Business Strategy Alignment, development of business cases to support short and long term strategic initiatives
- Ensure delivery of Information Security Awareness activities to communicating behaviour, threats, and Business Risks

**Information Security Risk Management**
- Report to Business on assessment of Enterprise Information threats and Risks, ensure business affecting risks are included on Risk register
- Ensure appropriate Research, Identification and Assessment of Information threats to business (New and existing)
- Ensure and Manage Project and Change Consultation and Assessment of Risk

**Required Certification**:
Required at least one of: CISM, CRISC CISSP, SABSA, CoBIT

Optional: CISA, CoBIT, TOGAF, ITIL

**Qualifications**:
Relevant 3-year Degree in IT or Information Security (NQF level 7). Post graduate qualification preferred.

**Experience**:
8 Years relevant experience, of which at least 3 years on senior management level. Practical experience in IT GRC with specialisation in Information Security, of which seven years must include an IT, Network or Information Security role, with the last 5 years in a senior Information Risk management role with strong people management experience.

**Special Requirements**:

- Prepared to work all hours as required.
- Valid driver's license.
- No Criminal record.
- No credit judgement

**Comments**: