Key Performance AreasIT Governance FrameworksIT Risk Management AuditIT ComplianceIncident and Response ManagementDocumentation and ReportingSecurity Architecture and ImplementationAd hoc Key Tasks IT Governance FrameworksAssist in the implementation of IT Governance, Risk and Compliance solutions in line with the Affinity Life Limited approved policies and frameworksAssist in the development and implementation IT Governance, Risk Management and Compliance policies, processes, procedures, and IT controls training materials to keep IT colleagues informed of relevant industry, legislative and regulatory requirements, and changesDevelopment and implementation of IT Governance Frameworks, IT Controls, recommendations from various assessments and action plans following an appropriate methodology by managements approval that is aligned with international and financial industry standards (e. g. GOI Standards (PA), Joint Standards (PA & FSCA) COBIT, ITIL, ISO, NIST, PRINCE II, CMM, etc)Support the development of policies, processes, and procedures for the IT DivisionDevelop, implement, and monitor reporting mechanisms for IT Governance, Risk Management, and Audit, to support compliance and highlight areas of exposure to managementAssist in the maintenance of IT alignment activities, including report submissions, across various governance committees and structuresInclude control document reviews, meeting coordination, assessment, finding mediation, assisting control owner with remediation plan development, tracking findings through remediation, progress monitoring, reporting, and escalationAssess the current adequacy of the business continuity / disaster recovery plans in conjunction with Risk Management, potential threats to the systems, and then calculate the impact of potential adverse eventsParticipate in the development, adoption, and compliance of IT governance framework across all areas of businessPerform design and process analysis for IT business processes that impact IT GovernanceFacilitate adoption and continuous improvement of planning practices and processes within IT and the business as a wholeIT Risk Management AuditAct as a risk and compliance champion for the IT DivisionMaintain and monitor the IT risk framework is aligned to the Affinity Life Limited approved enterprise risk management frameworkMaintain the IT Risk Register in collaboration with enterprise risk management and drive implementation of mitigation controls of risks through Managers and business within defined periodsIntegrate Cyber risk into IT Risk Management practices, processes, procedures, and activitiesCo-ordinate periodical internal risk assessments in various IT functions and tracking of application access reviews, active directory review, security, network and vulnerability assessments and IT AuditsFacilitate disaster recovery and business continuity initiatives with relevant stakeholdersReview identified security risks and breaches to ensure the IT assets and information are always appropriately securedVisibility, management, and escalation of IT risks impacting the delivery of IT servicesWork closely with the internal clients and third parties to facilitate IT risk analysis and risk management processes and to identify acceptable levels of residual riskConduct IT risk assessments, and analyse the effectiveness of control activities, and report on them with actionable recommendationsIdentify and monitor IT risks continuouslyKeep IT management up to date on the results IT ComplianceMonitor and review compliance with regulatory requirements and practices to ensure IT-related activities are meeting prescribed standardsManagement of compliance requirements to improve the company’s compliance maturity with legal and regulatory requirements such as GOI and Joint Standards, Insurance Act, PAIA,POPIA, ETC act, Cyber bill, FICA, RICA etc.)Maintain and facilitate data protection activities to ensure full compliance with POPIA and associated regulations on personal identifiable information and business-related sensitive informationAct as compliance champion for the IT DivisionCoordinate and support internal and external compliance audits Incident Response and ManagementDevelop and maintain an incident response plan.Lead and coordinate responses to cyber security incidents to ensure a timely and effective resolutionConduct post-incident reviews to identify lessons learned and areas for improvementAssist in the preparation of stakeholder communications in response to cyber security incidentsAssist in the development of incident response training for employees Documentation and ReportingMaintain accurate and up to date documentation related to IT GRC activitiesGenerate regular reports on the organisation’s security and compliance posture for management and stakeholders  Security Architecture and ImplementationWork with IT and Development teams to integrate security measures into the overall IT and Development architectureImplement and manage security technologies to safeguard the organisation’s assetsCollaborate with system owners to ensure secure configuration and operation of IT systems Ad hocPerform ad-hoc duties as assigned to ensure the smooth functioning of the IT GRC function and maintain a good reputation with Auditors, Compliance and Risk Departments Essential Qualifications MatricNational Diploma in IT /Bachelor or Relevant equivalent to NQF Level 6IT Governance certification or ITIL & COBIT mandatory Desirable Qualifications CRISC, CISSP, CISM, CISA or CGEIT certification Essential ExperienceExperience in IT Governance Risk and Compliance related experienceExperience with GRC methodologies, tools, and enablersHands-on experience with implementation and monitoring of one or more IT Governance frameworks (COBIT, ITIL, ISO, PRINCE II, etc.)Legal or Statutory RequirementsClear Criminal RecordKnowledge and Skills Solid understanding of IT Governance, Risk Management and Compliance FrameworksUnderstanding of security risks and the required preventative controlsExcellent understanding of IT operational processes and controls including projectsKnowledge of the IT frameworks and best practicesExcellent understanding of Regulatory requirements relatively to the IT environment (PCI DSS, POPIA, GDPR)The ability to be persuasive and be able to communicate GRC related concepts to staffSound knowledge, understanding and application of the relevant legislationAbility to map business needs to technology solutionsImplementation of the ICT strategy in the insuranceMust have excellent corporate governance principlesThorough understanding of technical elements  Attributes ResilienceInnovativeDeadline drivenSelf-starterCustomer service orientatedAbility to handle confidential mattersProfessionalismNegotiationConflict ResolutionFairnessConscientiousMeticulousHonest, Hardworking and Humble#J-18808-Ljbffr