Risk and Compliance Specialist

Operating Division: TPT POD Corporate H/O
Employee Group: Permanent
Department: ICT
Location: Durban
Reporting To: Senior Manager: ISGRC
Grade: F
Reference: req3629

The closing date is on 07/11/2025. It is the responsibility of the applicant to ensure that HR has received the application before the closing date of the advertisement.

• Ensure the implementation and compliance of Legislative and Organisational policies, procedures, standards, and frameworks across the IT landscape.
• Manage the ICT related risks for TPT in accordance with the ERM framework, by constantly assessing the ICT environment for emerging risks and putting in place preventative and mitigating measures to reduce the likelihood and impact of the risks.
• Ensuring greater success of business goals and objectives by reducing the likelihood and impact of potential risks.

Provide guidance, feedback, and support across ICT regarding identification of risk, risk mitigation and management.

Create an appropriate metrics to quantify, track and report on identified risk across ICT.

Perform risk management for ICT projects and initiatives and ensure risks are properly assessed, evaluated and assigned to the relevant owners for risk treatment.

Conduct ICT risk awareness and training – design and publish communications which develop awareness and accountabilities for risk management activities.

Keeps abreast of developments by identifying emerging risks and creation of associated risks registers within the organization.

Identify process improvement opportunities and develop and communicate recommendations for implementation.

Keeps abreast of developments in the areas of legal, regulatory, corporate requirements.

Ensure vendor and stakeholder compliance to Transnet’s Governance frameworks and adherence to SLA’s.

Weekly, monthly, and quarterly reporting on the compliance across the various application systems in the organisation.

Take appropriate steps to identify trends and improve compliance effectiveness.

Assist in executing other tasks of the Information Security, Governance, Risk and Compliance function, as and when required.

Work with internal control, audit, information security and compliance to manage the end‑to‑end processes for regular internal as well as any statutory reporting of risks in manner that provides a complete view of all ICT risks and that also guides management decision making.

Provide feedback to related governance forums such as MANCO and RISKCO, regarding latest risk posture of TPT ICT.

• Degree (NQF 7) in Information Technology/ Computer Science/ Internal Auditing/Financial Information Systems (FIS)
• At least 5 years’ relevant experience in any of the following ICT disciplines in a large enterprise including but not limited to:
  • ICT Risk Management
  • ICT Audit
  • ICT Compliance
  • ICT Governance
• Minimum 1 year in a supervisory level or specialist position.
• Further qualifications preferred:
  • Certified in Risk and Information Systems Controls (CRISC)
  • Certified Information Systems Auditor (CISA)
  • Certified in the Governance of Enterprise IT (CGEIT)
• Further professional memberships preferred:
  • Information Systems Audit and Control Association (ISACA)
  • Compliance Institute of South Africa (CISA)
  • Institute of Internal Auditors (IIA)
• Recognition of competenceRelevant qualification (NQF 5)6 yrs relevant and solid experience with at least 2 yrs at managerial level or specialist experience.

• Sound knowledge of the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (CobiT) frameworks.
• Sound understanding of governance frameworks for ICT.
• Sound knowledge of IT laws.
• Understanding of KING IV.

Preference will be given to suitably qualified Applicants who are members of the designated groups in line with the Employment Equity Plan and Targets of the Organisation/Operating Division.