Executive: IT Governance, Risk and Compliance (GRC)
Closing Date
2022/11/17
Reference Number
TEL221103-1
JD Attachment: Executive IT Gov Risk and Compl (GRC).pdf (37.48 kb) – 11/3/2022 1:29:56 PM
Core Description
Responsible for the development and implementation of the IT GRC strategy and framework, including supporting processes and procedures. Responsible for the identification and communication of information and cyber security related risks and obstructions to the achievement of business objectives. To establish and monitor functions responsible for the measurement, control and minimisation of loss associated with uncertain risks throughout the ICT, ICT Services and network environments, and to define the direction, strategic alignment, motivation and leadership of the Security management team(s) responsible for: The development, documentation, implementation and monitoring of an Information risk management framework including policies, standards, procedures, and security architectures to ensure delivery and awareness of sound Information Security management practices company wide, including compliance with national legislation and international standards. Establishment, oversight and coordination of an Information Security Management System that is aligned to the delivery of business goals and objectives, can detect and respond to threats, and conduct and deliver effective and measured security incident detection and response. Ensuring directly and indirectly that the Information Security team(s) researches and stays abreast of worldwide best practice and regulations. Provides business strategic direction, support, advisory and consultancy with respect to information and cyber risk management practices and concerns within IT, Enterprise, finance, and business architectures, including applications, changes, solutions and operational processes. Work proactively with the various clients, business units, and internal organizations to implement practices that meet Telkom’s defined policies and standards.
Competencies
FUNCTIONAL KNOWLEDGE:
Business Threat Identification and Communication; Information Risk Assessment and Management; Regulatory and Legal Frameworks; Change Management and Change Risk; GRC and Security Standards, Policies and Practices; Information Risks within Systems and IT Architecture; Information Risks within people and processes; Infrastructure Risks to business delivery; Enterprise and Security Architecture; Operational Security Practices and Management Information Security Awareness; Information Security value
FUNCTIONAL SKILLS:
Strategy formulation & Execution; Incident Management and Response; Analytical and investigative; Communication and Interpretation; Decision making; Problem solving; Project and complex task management; Risk Awareness and explanation
ATTITUDES/LEADERSHIP COMPETENCIES:
Integrity; Assertive; Confident; Initiator; Supportive; Persuasive; Team Player; Problem Ownership Thought Leadership: Developing strategies/ Providing insights; Generating ideas; Exploring possibilities; Examining information; Adopting practical approaches Market Leadership: Developing expertise; Challenging ideas; Interacting with people; Understanding people; Seizing opportunities; Managing tasks Business Leadership: Pursuing goals; Taking action; Upholding standards; Managing tasks; Seizing opportunities People Leadership: Making decisions; Empowering individuals; Challenging ideas; Directing people; Convincing people; Interacting with people Personal Leadership: Embracing change; Thinking positively; Showing composure; Understanding people; Valuing individuals; Team working Values Aligned with Telkom Values (CHART)
Job Responsibilities
IT Governance, IT Risk Management, IT Compliance Management
Information Security Management
- Provide leadership and vision to ensure information security obstacles to achievement of business objectives are identified and addressed
- Effectively Communicate Information Security risk at senior management and strategic levels
- Ensure availability of appropriate skills, technologies, processes and resources
- Ensure all security teams, services, technologies and processes are coordinated throughout the organization
- Ensure production of timely, informative and accurate business and IT metrics relating to information risk – using these metrics prioritise key initiatives
- to reduce or respond to business risk
- Ensure that business systems and information security services and security of customer products and services are aligned and managed
Information Security Governance
- Oversee and coordinate all aspects of alignment of Telkom’s Information Security Management System
- Ensure Appropriate Security Governance Create/ Maintain/ Communicate Information Security Policies and Standards
- Ensure Regulatory and Security Policy Compliance and Business Risk alignment through review and update processes
- Maintain Information Security Strategy ensuring Business Strategy Alignment, development of business cases to support short and long term strategic initiatives
- Ensure delivery of Information Security Awareness activities to communicating behavior, threats, and Business Risks
Information Security Risk Management
- Report to Business on assessment of Enterprise Information threats and Risks, ensure business affecting risks are included on Risk register
- Ensure appropriate Research, Identification and Assessment of Information threats to business (New and existing)
- Ensure and Manage Project and Change Consultation and Assessment of Risk
- Ensure appropriate security systems, tools and resources are made available to protect business initiatives
- Ensure Information Security Governance and Business forums operate and support business risk management
- Monitor, Assess and Report on Operational Security Assurance
- Ensure security operations and incident response capabilities are appropriate for threat environment
Information Security Architecture
- Ensure Enterprise Security Architecture aligns with business requirements and risks
- Advise and recommend Technical Security direction in support of Enterprise Security Architecture
- Define, Assess and Communicate Information Security elements within Business and IT Architecture
- Information Security input to Business cases and projects
- Ensure Information Security Architecture requirements are met within all systems and processes
- Ensure network, technology and security architectures are consistent throughout the company
Required Certification
Required at least one of: CISM, CRISC CISSP, SABSA, CoBIT
Optional: CISA, CoBIT, TOGAF, ITIL
Qualifications
Relevant 3 year Degree in IT or Information Security (NQF level 7).
Post graduate qualification preferred.
Experience
8 Years relevant experience, of which at least 3 years on senior management level. Practical experience in IT GRC with specialisation in Information Security, of which seven years must include an IT, Network or Information Security role, with the last 5 years in a senior Information Risk management role with strong people management experience.
Special Requirements
Prepared to work all hours as required.
Valid driver’s license.
No Criminal record.
No credit judgement.
