Chief Specialist: IT Governance, Risk and Compliance

• Establish and maintain the IT governance operating model, including the mandate and inter-relationship between governance structures
• Monitor the effectiveness of internal governance structures, including Executive committees, steering committees, and business forums, recommending potential improvements to Exco for consideration
• Consolidate GRC-related information across functions and governance structures, identifying priority focus areas, monitoring progress and reporting to stakeholders
• Effectively promote and practice good corporate Governance.

• Lead the development and implementation of the system-wide risk management function of the IT GRC framework as designed to ensure information IT risks are identified and monitored.
• Develop and maintain IT Risk Registers for the group companies, and departments, and ensure its regular review by management
• Internally assess, evaluate, and make recommendations to management regarding the adequacy of the IT controls for the Group’s information and technology systems.

• Lead the system-wide IT compliance program, ensuring IT activities, processes, and procedures meet defined requirements, policies, and regulations.
• Develop and implement effective and reasonable policies and practices to secure protected and sensitive data and ensure IT and compliance with relevant legislation and legal interpretation.

• Work with Internal Audit, External Audit, Internal Control functions and outside consultants as appropriate on required IT assessments and audits
• Coordinate and track all information technology and IT related audits including scope of audits, timelines, auditing agencies and outcomes.
• Work with auditors as appropriate to keep audit focus in scope, maintain excellent relationships with audit entities and provide a consistent perspective that continually puts the institution in its best light. Provide guidance, evaluation, and advocacy on audit responses.

• Perform other duties as assigned to ensure the smooth functioning of the Group and maintain the reputation of the organization as a viable business partner.
• Recommend programmatic and technical directions and operate with a high degree of independence in matters relating to the investigation, impact, and analysis of IT incidents, decisions regarding risk, and measures for ICT.
• Operate with a high degree of independence with regards to project management activities, including development of project plans and budget/resource estimates.

• Bachelor's degree with auditing and information systems or equivalent
• Additional governance qualification/ certification
• 6-8 years’ experience at managerial level in a governance, risk & compliance environment
• Auditing experience as a compliance officer, information risk specialist, or information technology auditor
• Experience managing technology budgets and management/board reporting
• Extensive knowledge of governance frameworks and standards such as COBIT, ISO and NIST (CoBIT certification is a plus

IT Ridge Technologies