It Risk And Governance Manager

IT Cybersecurity and Governance, Risk and Compliance. The incumbent is responsible for developing, implementing and maintaining a robust IT Governance, Risk and Compliance framework that ensures the integrity, confidentiality and availability of the firm's information assets. The role involves implementation of policies, procedures and controls to manage IT risks, ensure compliance with regulatory requirements and align IT strategies with the firm's overall objectives.

• Policy review and implementation – lead the development and implementation of departmental policy, procedures and processes; keep up to date with effective policy and practice execution strategies.
• IT Governance – develop and implement IT governance frameworks and strategies aligned with organisational goals and industry best practices; establish policies, procedures and controls to ensure compliance with regulatory requirements and internal standards; develop and maintain a complete controls library for IT controls in line with best practice recommendations; monitor and evaluate the effectiveness of governance processes and recommend improvements.
• IT Risk Management – design, develop and implement the Information Technology (IT) Risk Management Framework that is aligned to the SNG Grant Thornton Enterprise Risk Management (ERM) framework; identify, assess and prioritise IT‑related risks across the organisation; develop risk mitigation plans and strategies to minimise potential impacts on IT operations and data integrity; conduct regular risk assessments and audits to ensure ongoing compliance and risk readiness; drive the creation of an understanding of IT policies, processes, risk and controls in line with the SNG Grant Thornton Policy Framework; act as a liaison between IT Department and all relevant stakeholders to ensure that IT risks are adequately considered in the overall risk profile of the SNG Grant Thornton; proactively ensure that all new projects have correct levels of assurance controls by conducting internal risk reviews before and during project implementation; manage third‑party risks compliance and assurance across the IT environment; stay up to date with regulatory requirements and industry standards relevant to IT operations (e.g., POPIA, GDPR, HIPAA, ISO).
• Audit and Assurance – coordinate audits and assessments by internal/external auditors and regulatory bodies; proactively manage the reduction of unsatisfactory audits by identifying areas of risk within IT Department, assisting with the development of remediation plans, and raising and tracking IT Department Issues; ensure involvement during planning, fieldwork and reporting stages of all audits that are IT‑related; review audit reports for factual accuracy and ensure that the correct action owners were identified; facilitate closure of audit findings.
• Training and Awareness – oversee development and delivery of training programs on IT governance, risk management and compliance; promote a culture of compliance and awareness across the organisation through workshops, seminars and informational materials; track remediation of all observations/findings and ensure timely closure.
• Asset Management – manage IT assets throughout their lifecycle, including movement, allocation, identification, tagging and register maintenance.
• IT Projects – develop and implement an IT project management framework, templates and tools; manage IT projects in line with established frameworks; prepare stakeholder matrix and reporting; communicate risks, compliance issues and recommendations to key stakeholders; collaborate with relevant internal committees and units to address compliance concerns and implement solutions; maintain documentation of IT governance, risk and compliance processes, policies and procedures.

Bachelor's Degree or Advanced Diploma in IT, Risk Management, Audit or IT Governance; postgraduate qualification advantageous; certification in CISA, COBIT, ITIL and ISO preferred.

2‑5 years in an IT Governance, Risk and Compliance environment, with at least 2 years in a management/supervisory role or area of expertise.

• Resilience, Communication, Working with People, Network and Alliances, Planning, Organising and Coordinating, Employee Engagement, Personal Mastery, Judgement and Decision‑Making, Ethics and Values, Client Service Orientation.
• Change Management, Coaching and Mentoring, Conflict Management, Strategic Thinking and Planning, Facilitation, Presentation Skills, Team Leadership and Collaboration, Service Delivery, Innovation, Stakeholder Development and Relations, Problem Solving, Reporting.

IT Risk and Governance Frameworks, Understanding of Risk and Compliance Concepts, Project Management Skills, Interpersonal Skills, Policy conceptualisation and formulation, Programme/project management.