Specialist: ICT Governance Risk and Compliance

Job Advert Summary

About SABS

The South African Bureau of Standards (SABS) is mandated to develop, promote and maintain South African National Standards (SANS); promote quality in connection with commodities, products and services; and render conformity assessment services and assist in matters connected therewith. Working for the SABS opens the mind to the world around you. We offer diverse career paths in a dynamic environment that nurtures and recognises talent and potential. Become part of our vision of being a trusted standardisation and business assurance solution provider and join a team that fosters accountability, excellence and innovation in an inclusive workplace.

SABS is an equal opportunities employer, and our recruitment will be done in line with the Employment Equity Act 55 of 1998 and our EE Policy.

Please note by responding to the advertisement, you consent to the collection, processing, and storing of your Personal Information in accordance with the Protection of Personal Information Act (POPIA). Your information will be used solely for purposes of recruitment and more specifically for the position you have applied for, and will not be shared with third parties without prior consent unless required by law.

Please note that applications received after the closing date will not be considered.

Purpose Statement

To design, develop, implement and maintain ICT Governance, Risk and Compliance strategic frameworks and
activities, data privacy compliance reporting and processes as well as conduct regular governance audits and take corrective action on behalf of the SABS to support business operationsand strategic objectives.

Minimum Requirements

Qualification

• Diploma + Advanced Diploma / B-Degree in ICT, IS, Computer science or a

• Certified in the Governance of Enterprise IT (CGEIT) certification is advantageous..
• Certified Information Systems Auditor (CISA) certification is advantageous.
• Certified in Risk and Information Systems Control (CRISC) certification is

Work Experiance

• 8 years relevant work experience in ICT Governance Risk and Compliance
• 4 years specialist experience
• Must have ICT governance and risk experience within a corporate environment.
• Proven track record in implementing COBIT 5 Enterprise Governance

Duties and Responsibilities

Functional Management

• Provide an ICT Governance, Risk and Compliance (GRC)?framework, including data compliance and cybersecurity risk?aligning ICT with the overall objectives of SABS.
• Coordinate the development and implementation of ICT policies, standards, processes and procedures and ensure that data compliance standards are adhered to throughout the organisation and escalate non-compliance issues.
• Monitor and evaluate adherence to ITC policies at the divisional and organisational level and escalate non-compliance to line management for corrective action.
• Ensure that all relevant controls, policies and procedures are embedded and monitored as operating effectively and that actions are in place to address emerging risks and incidents.
• Identify, report and ensure implementation of mitigation of all ICT related cybersecurity threats and risk assessment procedures.
• Implement controls to mitigate risks identified during the risk assessment process.
• Implement and stress test the Disaster Recovery Plan to ensure ICT business continuity processes and procedures are running smoothly within the organisation.
• Ensure that independent annual vulnerability and penetration testing are performed in the SABS environment and implement remedial actions as required.
• Contribute to the development of the Business Continuity Strategy and process in consultation with the Head: ICT to ensure readiness for recovery from ICT service interruptions.
• Ensure and coordinate regular Business Impact Analyses of ICT Services on SABS processes.
• Track timely closure of identified control gaps and risk mitigation plans and actively support action owners during issue remediation.
• Ensure that internal control frameworks are developed and implemented across the organisation with regard to IT Risk Standards, ICT controls and regulatory and legislative requirements.
• Review and update policy / standards compliance and exceptions, and report status to management and document advice for corrective actions.
• Develop and coordinate the implementation of an IT governance, metrics collection, and reporting capability across the ICT division.
• Provide guidance on implementing ICT compliance control objectives and provide support for gap analysis initiatives.
• Provide input to improve efficiency and effectiveness of ICT cybersecurity governance services.
• Act as point of contact within the ICT division with regards to risk and compliance issues.
• Coordinate the ICT audit process and ensure that related audit activities and requests are handled efficiently and effectively.
• Support ICT team during the planning and subsequent phases of an audit as well as during the audit close-out process.
• Report on all ICT Governance, Risk and Compliance matters as required.
• Provide technical support and training to SABS users with regards to ICT Governance and Risk principles.

Risk and Compliance Management

• Assist in identifying and adhering to fraud controls, risk prevention principles, sound governance and compliance processes, and tools to identify and manage risks.
• Support and provide evidence to all internal and external audit and regulatory requirements.
• Maintain quality risk management standards in line with regulatory requirements.
• Maintain and enforce all related Service Level Agreements to minimise business risk and ensure business continuity.
• Adhere to all relevant laws, policies and Standard Operating Procedures throughout the organisation.

Stakeholder Management

• Build and maintain effective internal and external stakeholder relationships for the purpose of expectations management, knowledge sharing and integration, and to manage the organisation’s reputation.
• Represent and participate in the organisation’s committees and tasks teams when required.
• Convene and attend meetings and present relevant information stakeholders when required.
• Ensure the provision of excellent customer service.
• Resolve queries and problems within span of control and within agreed time frames.
• Follow up on unresolved queries and complaints where required.
• Liaise with relevant stakeholders regarding follow-up of information, as required for tender requests.
• Provide subject-matter advocacy and expertise to all relevant stakeholders.
• Manage internal and external relationships to ensure that business process engineering best practices are implemented across the organisation.