IT Governance Officer | Permanent | Cape Town/ Johannesburg/ Work from Home
Our client is seeking an IT Governance Officer, reporting into the Group Head Architecture. The ideal candidate has a strong understanding of IT governance and cyber security. The candidate has a practical approach to closing out compliancy, security and audit gaps and can co-create solutions with the team. Security operations background will be extremely beneficial to make the conversations practical.
Governance, Risk and Compliance (GRC) and Strategy:
Defining and establishing governance mechanisms in respect of the implementation of infrastructure and application changes to either on-premises or cloud environments.
Develop and manage IT policies, standards, and guidelines in accordance with regulatory requirements and industry leading practices.
Design, create, and manage enterprise-wide security standards, policies, and controls.
Implement compliancy measures to ensure compliance with policies particularly security policies and controls.
Regular reporting on the compliance with policies within the IT environment, measurement of compliance, and gap identification, analysis and closing plans.
Create a Risk Management Framework, based on organisational goals, projects, and operational environment.
Measure risks according to the risk framework, track risks and remedial actions.
Regularly report on risks and remedial actions.
Definitions and creations of IT Security Policies and standards.
Assisting the Architecture, DevSecOps, and other internal teams with the establishment of an enterprise security architecture function and framework to define the standards, patterns and roadmap to ensure a consistent approach to the implementation of security policies.
Guide the Architecture, DevSecOps and other internal teams in determining the security requirements and controls for the development and maintenance of the IT asset base, on-prem, and cloud.
Developing an information security scorecard with measurements metrics and reporting processes to demonstrate the business value of the Information Security Management System and Programme.
Give guidance on security controls to various development teams.
Establishing a security management process to ensure the security requirements are built into tenders, contracts, and vendor management processes.
Assisting the DevSecOps and Architecture team to define and document a security architectural process that defines and assesses security requirements for technology development and acquisitions.
Reviewing and updating the security compliance management framework, which addresses information security aspects, to ensure compliance with legislative and regulatory frameworks.
Contribute to the Enterprise Security Architecture framework
Provide inputs to the security strategy
Support projects in ensuring policies are incorporated correctly
Liaise with the teams on special projects regarding IS controls implementation.
Assess and manage security risks for the organization
Involved in identification of security requirements during the system development lifecycle
Create various IS metrics and dashboards including GRC Dashboard / CTIO dashboard
Process development (policy, processes, procedures, checklists, templates) and communication to relevant stakeholders through formal and informal methods of training, workshops, mailers, discussions etc.),
Facilitate service review / process review meetings and continuous improvements
Ability to create a collaborative environment and facilitate cross-functional teams for IS / IT initiatives
Ensure senior management remain informed of regulatory, legislative, and best practice changes and their obligations under these changes and how they impact the Company.
Provide regular reports to boards and other relevant bodies detailing any current issues or information as required.
External risk reporting to stakeholders.
Governance – Security, SDLC, Release Management, CAB. General Governance of IT processes.
Policy Creation and Maintenance
Engage with all stakeholders in a professional and cooperative manner:
Gain commitment from senior stakeholders to accept proposed actions
Provide input during engagements with senior stakeholders, coordinate with finance leads in OPCO’s as well as the Company’s Group Product Head to communicate results, and obtain buy-in for proposed actions, you may also be required to represent the Company at relevant governance forums to facilitate best outcome for the business
Provide authoritative, expertise and advice to all stakeholders
Build and maintain relationships with internal and external stakeholders
Deliver on agreements made with stakeholders in order to ensure that expectations are managed
Make recommendations to improve stakeholder engagement
Participate and contribute to the Company culture by living the Company values.
Self-management and teamwork:
You will be required to take ownership of key deliverables and drive to implementation
Develop and maintain productive and collaborative working relationships with peers and stakeholders
Positively influence and participate in change initiatives
Continuously develop own expertise in terms of professional, industry and legislation knowledge
Contribute to continuous innovation through the development, sharing and implementation of new ideas
Take ownership for driving career development
Contribute to financial controls and planning:
Identify solutions to enhance cost effectiveness and increase operational efficiency
Manage financial and other company resources under your control with due respect
Provide input into the risk identification processes and communicate recommendations in the appropriate forum.
Key Performance Measures:
Understands how the business operates, what the key issues and risks are that drives business success; and how they impact on the commercial viability of potential ventures and the profitability of the Company.
Customer/ Stakeholder Commitment
Anticipates, meets and exceeds clients and stakeholders’ expectations by creating long lasting relationships that support the client value proposition.
Drive for Results
Drive a sense of urgency, focus, accountability, agility and execution to deliver business results.
Creative Problem Solving
Ability to find fresh perspectives and innovative solutions to business problems.
Leads Change and Innovation
Challenge the status quo, does what is right for the business, and encourage continuous improvement and innovation.
Prioritize the business interests of the Company and invests in the success of the Company by aligning effort across business areas.
Impact and Influence
Persuades, convinces, influences and inspires others, both within the Company and externally to win support, loyalty and gain commitment to the purpose of the Company.
Self-Awareness and Insight
Manages self and relationships with others effectively, deals with ambiguity, uncertainty and pressure, and provides perspective in difficult situations.
Diversity and Inclusiveness
Is sensitive to individual and cultural differences and demonstrates humility and an openness to engage people from diverse backgrounds and cultures to the mutual benefit of all parties concerned.
Information Technology related degree (preferred)
Minimum experience and skills required:
A significant can-do attitude
Results focus and driven
Security Operations (must have)
Cobit 5/2019 Experience (preferred)
ITIL experience (preferred)
Policy and standards definitions (must have)
5+ years of IT Governance experience (must have)
8+ years of IT Governance experience (preferred)
IT Governance and Risk Frameworks (preferred)
King IV (advantage)
CGCIT (Corporate Governance of ICT) (advantage)
Suitable candidates may contact firstname.lastname@example.org or call XXX-XXXX