Lead : It Governance, Risk And Compliance (Grc) Isando

Lead : IT Governance, Risk and Compliance (GRC)

Core purpose of the role: The Lead: Information Technology Governance, Risk and Compliance (GRC) is accountable for developing and managing the end-to-end governance, risk and compliance function within IT as aligned with the correct standards as well as the mitigation of IT risks.

Key deliverables and outputs:

1. Develop and Implement the Corporate Governance of IT (CGICT) Framework
2. Develop the most effective CGICT framework based on research into the most appropriate model
3. Define and implement the IT governance framework
4. Set objectives for implementation of the framework and monitor compliance
5. Define IT management policies and standard operating procedures
6. Select COBIT controls, valid selections and monitor implementation (establishment and tracking of IT controls based on; POPIA, ISO 27x, ITIL, King)
7. Manage the IT vendor onboarding process including meetings and alignment to the procurement process
8. Monitor contract adherence to ensure compliance with Service Level Agreements
9. Manage breaches and service realignment
10. Manage the process of vendor compliance with internal controls including the signing of non-disclosure agreements
11. Oversee IT alignment to employment equity and B-BBEE requirements relating to vendor management
12. Develop and monitor the IT budget
13. Alignment of the IT budget to IT strategic objectives
14. Reporting on budget utilisation against the baseline to various governance committees
15. Benchmarking and ratio analysis against industry standards
16. Develop IT risk management framework as aligned to the organisational risk framework
17. Review divisional IT risk registers in operational manuals
18. Update and manage the consolidated IT register
19. Develop IT audit management framework as aligned to the organisational audit framework
20. Review divisional IT audit registers in operational manuals
21. Update and manage the consolidated audit register
22. Manage external auditors including the scope, execution, findings and audit ageing
23. Maintain comprehensive records of compliance activities, audit results, and corrective actions
24. Generate regular compliance reports for management and relevant stakeholders
25. Complete follow-up reviews to confirm actions have been completed
26. Compile monthly IT exco reports outlining IT performance numbers, IT resource management, IT finance, IT security, IT project portfolio and IT value analytics
27. Compile IT reporting for governance committees such as the IT steering committee, audit & risk committee (ARC) and the board
28. Provide clear direction and decisive leadership to direct reports, ensuring all are aligned to the goals and have a clear purpose
29. Set clearly defined performance standards/targets for direct reports, holding them accountable to achieve these and providing support and guidance where needed
30. Create and maintain a constructive atmosphere within the team, engaging and motivating direct reports to always give their best, while respecting any areas of diversity (whether areas of expertise, culture, gender, age, background, etc.)
31. Ensure direct reports adhere to set business policies and procedures, emphasising the importance of general discipline at work and objectively correcting and handling any deviations as they arise
32. Resource and staff the team appropriately, considering the relevance of current and new jobs as well as the most suitable ways in which to place or replace any vacancies
33. Set the example to the team and deliver on the employee value proposition by leading the team and the business in line with the Zeda Leadership Behaviours
34. Support and encourage direct reports to drive their development plans to further grow as professionals in their jobs

Internal and External Stakeholders: The role requires close engagement and collaboration with key internal and external stakeholders.

Academic Qualifications:

1. NQF Level 7 Qualification in Information Technology, Computer Science, or a related field
2. Valid Driver's License
3. Advantageous: Certification in IT Compliance or related areas (e.g., Certified Internal Auditor (CIA), Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP))

Work Experience:

1. 5-7 Years' Proven Experience with Managing People
2. Experience in IT risk management with relevant IT, risk, auditing, governance, and compliance (with a special interest in IT Security)
3. Proven experience with designing business continuity and IT disaster recovery management procedures and processes
4. Proven experience in developing and submitting audit and compliance reports to governing bodies, legal entities and/or external authorities
5. Experience in planning, organising, and developing information technology policies, procedures, and practices
6. Advantageous: 3+ Experience in other disciplines within IT
7. Automotive Industry experience

This job requires that the employee maintains the highest level of Honesty and Integrity as he/she will have access to company assets, cash handling and confidential record storage areas. This requires that a formal personal background check is undertaken.