IT Governance and Security Manager, Centurion

12 Month Contract Fixed Term Contract

IT Governance and Security Manager

Our client a leader in mining industry is looking for a specialist in IT GRC to manage their Governance and Security Portfolio. This role will be a hybrid role, office based in Centurion, market-related salary on offer.

The main purpose of this position:

To provide strategic and thought leadership by ensuring effective information and technology (IT) governance, risk and compliance (GRC) management AND protecting the systems and investments, in support of the Company IT strategy.

Key Areas of Responsibility:

Governance:

• Manage and direct the development and maintenance of governance frameworks and governance structures
• Compile and drive the implementation of divisional operational plans
• Define the strategies for maturing IT processes, based on agreed governance and quality frameworks (COBIT and others) and ensure the execution thereof, hence contributing towards effective IT process execution and governance
• Direct and facilitate the development and maintenance of IT-related policies and procedures, in support of the department's and the Company strategic objectives
• Manage the conceptualization, design and formulation of the department and group performance scorecard based on performance objectives, deliverables and performance targets which are executable and reported
• Provide regular reporting and recommendations on IT GRC to various oversight forums
• Manage the planning and drive the execution of control self-assessments to ensure the integrity of the Company systems and improve the soundness of the IT control environment
• Manage strategic and operational IT risks and establish a risk awareness culture in the department to reduce security incidents
• Manage and oversee internal compliance (i.e., policies, and internal and external audit reviews) and ensure the resolution of risks and audit findings
• Provide assurance on compliance to applicable regulatory and legal requirements as well as good business practices, including training and awareness
• Keep abreast of best practices and developments in the field of GRC and ensure continuous improvement
• Keep the governance executive committee and other IT governance structures abreast of the developments in IT governance and other related topics
• Develop and manage strategic stakeholder relationships (internal and external) to ensure effective reporting and alignment to organisational risks and compliance
• Provide technical guidance on IT GRC to staff and other departmental stakeholders

Cyber Security:

• Champions and delivers the cybersecurity across all operating geographies ensuring the right priorities are focused on to reduce cyber risk across the Company as rapidly as possible
• Developing cybersecurity strategy for the Company aligned to the group IT strategy
• Overseeing the implementation of large-scale cybersecurity initiatives across the group
• Embedding adequate and relevant security practices into business areas
• Delivering new security capabilities into business areas and identifying opportunities and security demand from business areas
• Identifying and working with technology teams to remediate cybersecurity risk
• Being a cybersecurity champion and develop the cybersecurity culture, awareness, training and consulting on cybersecurity issues across the enterprise
• Assesses cyber IT risks with the assistance of the business unit & information system department
• Assesses cyber OT risks with the assistance of the business unit & information system department
• Translating technical capabilities into business outcomes and objectives, defining clear metrics for progress and regularly reporting them into executive forums
• Audit and control of the application of group and local cybersecurity policies
• Monitoring local regulatory and technical developments to ensure that cybersecurity policies are in line with these developments.

Desired Experience & Qualification:

• A Bachelor's degree in Information Systems and Management or an equivalent qualification
• An industry certification in IT governance, IT auditing/risk or IT compliance
• Risk-related industry-standard qualifications such as CISA, CISM, CRISC / CGEIT / CEH / CPTE / CISSP / AWS Security / Microsoft Security or equivalent qualification will be an advantage.
• A minimum of 8 to 10 years' experience in IT GRC or related disciplines such as IT risk management, IT governance and IT compliance, with at least 5 to 8 years' experience in people management
• GRC legislation; quality assurance; control definitions
• Risk and compliance monitoring and reporting
• Successfully managed and implemented IT Risk and Compliance projects
• Process improvement
• Experience in compliance frameworks for Information Security, Compliance and IT Governance Standards: ISO 2700x, PCI-DSS, COBIT, King III/IV, NIST and ITIL
• Knowledge of SOX Compliance and of SOX ITGC is required.
• List of Deficiencies LOD Tracking and Remediation
• Testing of previously performed security assessments and internal audits
• Test the remediation of findings
• Programme management
• Experience implementing large scale cyber programmes in geographically dispersed locations
• Operational background in cybersecurity with non-technical writing skills
• Experience defining and implementing strategy for a multinational organisation
• Cyber Security Incident Response Experience and knowledge of Information Technology and IT Security
• Industry, organisational and business awareness
• Continued learning and/or professional development
• People leadership and management
• Collaboration and digital fluency