Job Summary
This role will have broad accountability for ICT governance, risk and compliance related functions including ICT policies, standards, risk, and controls management. This role is a key contributor to IT Strategy, which includes developing frameworks aligned to the appropriate industry standards, creating the required forums, and establishing appropriate monitoring mechanisms to ensure that compliance is effective.
Duties and Responsibilities:
Governance
- Establish and maintain the IT governance operating model, including the mandate and inter-relationship between governance structures
- Monitor the effectiveness of internal governance structures, including Executive committees, steering committees, and business forums, recommending potential improvements to Exco for consideration
- Consolidate GRC-related information across functions and governance structures, identifying priority focus areas, monitoring progress and reporting to stakeholders
- Effectively promote and practice good corporate Governance.
Risk
- Lead the development and implementation of the system-wide risk management function of the IT GRC framework as designed to ensure information IT risks are identified and monitored.
- Develop and maintain IT Risk Registers for the group companies, and departments, and ensure its regular review by management
- Internally assess, evaluate, and make recommendations to management regarding the adequacy of the IT controls for the Group’s information and technology systems.
Policy/Compliance
- Lead the system-wide IT compliance program, ensuring IT activities, processes, and procedures meet defined requirements, policies, and regulations.
- Develop and implement effective and reasonable policies and practices to secure protected and sensitive data and ensure IT and compliance with relevant legislation and legal interpretation.
Audit
- Work with Internal Audit, External Audit, Internal Control functions and outside consultants as appropriate on required IT assessments and audits
- Coordinate and track all information technology and IT related audits including scope of audits, timelines, auditing agencies and outcomes.
- Work with auditors as appropriate to keep audit focus in scope, maintain excellent relationships with audit entities and provide a consistent perspective that continually puts the institution in its best light. Provide guidance, evaluation, and advocacy on audit responses.
Leadership
- Perform other duties as assigned to ensure the smooth functioning of the Group and maintain the reputation of the organization as a viable business partner.
- Recommend programmatic and technical directions and operate with a high degree of independence in matters relating to the investigation, impact, and analysis of IT incidents, decisions regarding risk, and measures for ICT.
- Operate with a high degree of independence with regards to project management activities, including development of project plans and budget/resource estimates.
Qualifications and experience required:
- Bachelor's degree with auditing and information systems or equivalent
- Additional governance qualification/ certification
- 6-8 years’ experience at managerial level in a governance, risk & compliance environment
- Auditing experience as a compliance officer, information risk specialist, or information technology auditor
- Experience managing technology budgets and management/board reporting
- Extensive knowledge of governance frameworks and standards such as COBIT, ISO and NIST (CoBIT certification is a plus