Snr Specialist: IT Assurance and Compliance Structural Information Job number: 10031639 Job title: Snr Specialist: IT Assurance and Compliance Job grade: S4 Group/ BU: Corporate Division: TGIT Span of control: 0-5 Reports to: Executive Management Core Description Responsible for ensuring that an organization's information technology systems are secure, reliable, and comply with relevant regulations and standards. The role is aimed at ensuring the organization's IT systems and processes comply with internal policies, external regulations, and industry standards. This role involves conducting audits, assessments, business analysis, reviews, reporting and compliance to identify and mitigate risks, ensuring data integrity and security, and maintaining up-to-date documentation of compliance activities. Responsible for the development and implementation of the IT GRC strategy and framework, including supporting processes and procedures. To establish and monitor functions responsible for the measurement, control and minimisation of loss associated with uncertain risks throughout the ICT, ICT Services and network environments. The development, documentation, implementation and monitoring of an Information risk management framework including policies, standards, procedures, and security architectures to ensure delivery and awareness of sound Information Security management practices company wide, including compliance with national legislation and international standards. The Senior Manager IT Assurance and Compliance is responsible for overseeing the IT compliance framework, ensuring adherence to regulatory requirements, and implementing IT audit processes. This role involves managing risk assessments, compliance monitoring, and establishing policies to safeguard the organization's information assets. The IT Assurance and Compliance Manager plays a critical role in safeguarding the organization's IT assets, ensuring regulatory compliance, and managing IT-related risks. Job Responsibilities Develop IT governance frameworks to ensure effective management and control of IT resources. Develop and implement a comprehensive IT GRC strategy and framework. Monitor and report on IT governance metrics and performance indicators. Establish processes for continuous monitoring and reporting on compliance and risk management activities. Establish and maintain IT policies, procedures, and standards. Train staff on compliance policies and procedures. Ensure that all policies and procedures are up-to-date with the latest laws, regulations, and industry standards. Lead internal IT audits to ensure compliance with internal and external standards. Coordinate with external auditors and regulatory bodies during compliance reviews and audits. Implement audit recommendations, track remediation efforts, and ensure timely resolution of identified issues. Plan and conduct internal IT audits to evaluate the effectiveness of controls and compliance with standards. Develop and implement comprehensive IT compliance programs aligned with industry standards and regulations (e.g. POPIA, PCI-DSS etc). Ensure the organization's IT practices adhere to all legal and regulatory requirements. Monitor and assess compliance with regulatory requirements, ensuring that the organization's IT practices remain compliant. Conduct regular compliance audits and assessments, identifying any gaps or areas for improvement. Identify, assess, and mitigate IT risks across the organization. Develop risk management strategies and frameworks to protect IT assets. Collaborate with stakeholders to integrate risk management into business processes. Maintain accurate and up-to-date documentation of all compliance activities, risk assessments, audit findings, and incident responses. Prepare and present detailed reports on compliance status, risk management efforts, and audit outcomes to senior management. Ensure timely and accurate reporting to regulatory bodies as required. Stay current with evolving regulatory requirements, industry best practices, and emerging threats. Identify opportunities for improving IT compliance and security processes. Drive initiatives to enhance the organization's compliance posture and risk management capabilities. Collaborate with various departments to ensure comprehensive compliance and risk management. Engage with external stakeholders, including auditors, regulators, and industry bodies, to stay informed of changes and best practices. Provide guidance and support to team members, fostering a culture of compliance and continuous improvement. Core Competencies Functional Knowledge Contribute to strategy formulation&execution; business requirement analysis, Incident Management and Response, Business Threat Identification and Communication; Information Risk Assessment and Management; Regulatory and Legal Frameworks; Change Management and Change Risk; GRC and Security Standards, Policies and Practices; Information Risks within Systems and IT Architecture. Information Risks within people and processes; Infrastructure Risks to business delivery; Enterprise and Security Architecture; Operational Security Practices and Management Information Security Awareness Functional Skills Analytical and investigative; Attention to detail; Communication and Interpretation; Decision making; Problem solving Competencies (Behaviour) Integrity; Assertive; Confident; Initiator; Persuasive; Team Player; Problem Ownership. Thought Leadership: Developing strategies/ Providing insights; Generating ideas; Exploring possibilities; Examining information; Adopting practical approaches Market Leadership: Developing expertise; Challenging ideas; Interacting with people; Understanding people; Seizing opportunities; Managing tasks Business Leadership: Pursuing goals; Taking action; Upholding standards; Managing tasks; Seizing opportunities. People Leadership: Making decisions; Empowering individuals; Challenging ideas; Directing people; Convincing people; Interacting with people Personal Leadership: Embracing change; Thinking positively; Showing composure; Understanding people; Valuing individuals; Team working Values Aligned with Telkom Values Education NQF 7: 3 year Degree Experience 7 Years relevant experience, of which at least 2 years on management level Certifications Special Requirements Valid Drivers license 24 Hours availability Physical Requirements None Key Stakeholders Additional Information Certification, Qualifications and Experience Certification required at least one of: CISA, CoBIT, CRISC or CISSP Bachelor's degree in Information Technology, Computer Science, Information Systems, or a related field. 7 years relevant experience, of which at least 2 years management experience. Practical experience in IT GRC with specialisation in Information Security and IT Audit and Information Risk Management role with strong people management experience. Special Requirements: No Criminal record. No credit judgement. #J-18808-Ljbffr