IT Risk and Governance Manager

Job description

IT Cybersecurity and Governance, Risk and Compliance, the incumbent is responsible  for  developing, implementing, managing t  I and maintaining a robust IT Governance, Risk and Compliance framework that ensures the integrity, confidentiality, and availability of the Firm's information assets. The role involves implementation of  policies, procedures, and controls to manage IT risks, ensure compliance with regulatory requirements, and align IT strategies with the firm's overall objectives. Manage IT assets and IT projects.

KEY PERFORMANCE AREAS
Policy review and implementation

• Lead the development and implementation of departmental policy, procedures and processes.

• Keep up to date with effective policy and practice execution strategies.

IT Governance

• Develop and implement IT governance frameworks and strategies aligned with organisational goals and industry best practices.

• Establish policies, procedures, and controls to ensure compliance with regulatory requirements and internal standards.

• Develop and maintain a complete controls library for IT controls in line with best practice recommendations.

• Monitor and evaluate the effectiveness of governance processes and recommend improvements as needed.

IT Risk Management

• Design, develop, and implement the Information Technology (IT) Risk Management Framework that is aligned to the SNG Grant Thornton Enterprise Risk Management (ERM) framework.

• Identify, assess, and prioritise IT-related risks across the organisation.

• Develop risk mitigation plans and strategies to minimise potential impacts on IT operations and data integrity.

• Conduct regular risk assessments and audits to ensure ongoing compliance and risk readiness.

• Drive the creation of an understanding of IT policies, processes, risk, and controls in line with the SNG Grant Thornton Policy Framework.

• Act as a liaison between IT Department and all relevant stakeholders to ensure that IT risks are adequately considered in the overall risk profile of the SNG Grant Thornton.

• Proactively ensure that all new projects have correct levels of assurance controls by conducting internal risk reviews before and during project implementation.

Manage third-party risks

Compliance and assurance across the IT environment

• Stay up to date with regulatory requirements and industry standards relevant to IT operations (e.g., POPIA, GDPR, HIPAA, ISO 27001, and relevant legislation).

• Implement and maintain compliance programs and initiatives, including training and awareness campaigns for staff.

• Coordinate audits and assessments by internal/external auditors and regulatory bodies.

• Proactively manage the reduction of unsatisfactory audits by: (1) identifying areas of risk within IT Department, (2) by assisting with the development of remediation plans to address issues by providing risk and audit expertise, and (3) raising and tracking IT Department Issues which may be of a strategic, tactical, or operational nature.

• Ensure involvement during planning, fieldwork, and reporting stages of all audits that are IT-related.

• Review audit reports for factual accuracy and ensure that the correct action owners were identified.

• Review the feasibility of agreed actions and facilitate closure of audit findings.

Training and Awareness

• Oversee the development and delivery of training programs on IT governance, risk management, and compliance for employees.

• Promote a culture of compliance and awareness across the organisation through workshops, seminars, and informational materials. E.g., Cybersecurity awareness, Policy Compliance, POPIA Compliance, etc.

Track the remediation of all observations/findings

• Track and monitor the adequate and on-time remediation of observations raised by all independent assurance bodies.

• Record remediation plans and facilitate closure for IT-related control weaknesses identified.

• Ensure this is done through weekly progress tracking with control owners (typically Senior Managers) and reporting.

• Engage with IT management and senior management to discuss and manage overall progress against remediation plans.

• Ensure that all audit closure documents are reviewed by the appropriate stakeholders before being submitted to Auditors.

Asset management
Manage IT assets throughout the lifecycle of assets

• Manage movement and allocation of assets
• Ensure identification and tagging of assets where required
• Maintain records and an asset register

IT Projects

Develop and implement an IT project management framework

Develop templates and tools

Manage IT projects in line with established frameworks

Reporting & Documentation

• Develop a stakeholder matrix and ensure reporting requirements and timelines are understood

• Prepare regular reports and updates for senior management and stakeholders on IT governance, risk, and compliance activities on a monthly basis or as and when required.
  Communicate risks, compliance issues, and recommendations clearly and effectively to key stakeholders.
  
  • Collaborate with IT teams, relevant internal Committees. legal counsel, and business units to address compliance concerns and implement solutions.
• Maintain documentation of IT Governance, Risk and Compliance processes, policies and procedures.
  
  Behavioural Competencies Required
  Resilience
  
  • Communication
  
  • Working with People
  
  • Network and Alliances
  
  • Planning, Organising and Coordinating
  
  • Employee Engagement
  
  • Personal Mastery
  
  • Judgement and Decision Making
  
  • Ethics and Values
  
  • Client Service Orientation
  
  Managerial Competencies Required
  
  • Change management.
  
  • Coaching and mentoring
  
  • Conflict management
  
  • Critical and innovative thinking
  
  • Strategic thinking and planning
  
  • Facilitation and presentation Skills
  
  • Team leadership and collaboration
  
  • Service Delivery Innovation
  
  • Stakeholder development and relations
• Problem solving
  Reporting
  
  Technical Competencies Required
  
  • IT Risk and Governance Frameworks.
  
  • Understanding of Risk and Compliance Concepts.
  
  • Project Management Skills.
  
  • Interpersonal Skills.
  
  • Policy conceptualisation and formulation
  
  • Programme/project management

Experience

• Relevant 2-5 years' experience in IT Governance, Risk and Compliance environment of which 2 years must have been on a management/ supervisory level/ area of expertise.

MINIMUM REQUIREMENTS

Qualifications

• Bachelor's Degree/ Advanced Diploma in IT/Risk Management/Audit/IT Governance related qualification.

• Postgraduate in IT/Risk Management/Audit/IT Governance related qualification will be advantageous.

• Certification in CISA, COBIT and ITIL.

• ISO 27001 certification will be an added advantage.

---