Duties & Responsibilities
- Establish an information management and protection framework for an effective enterprise-wide Information Governance Program; serve as a consultant to business-
- Identify, evaluate, and assist with the implementation of an information governance
solution to provide systemic monitoring of the Information Governance program;
- Manage day-to-day activities, including policies, procedures, training, and communication regarding the Information Governance Program.
- In conjunction with Group Legal and Group Compliance identify information management and protection laws and regulations and implement actions to ensure
- Develop, implement, and maintain the policies, systems, and procedures for the management of recorded information throughout its life cycle.
- The purpose of this role will be to support the Head of Cybersecurity and Governance with all governance and control related functions.
- Ensuring that the respective functional heads have the correct IT policies, procedures,
standards, and practices for conformance with the IT Governance Framework and
mandatory legislation and regulations, in place, as defined by Group Compliance.
- Define IT RACI charts defining the acceptance of responsibilities in respect of the supply and demand for IT.
- Manage day-to-day activities related to developing and advising on the IT Functional
Area development of governance documentation such as policies, standards,
procedures, and training.
- Perform regular IT Governance Maturity Assessments for the respective IT Functional Areas.
- Develop a training plan aligned to the IT Governance Program for all IT Functional Areas,
based on the defined current Skills Matrix.
IT Governance Documentation
- Manage of IT Governance policies, standards, processes, and procedures. The development, enhancement, and maintenance across the documentation management lifecycle.
- Exhibit broad knowledge of governance, compliance and auditing frameworks and apply that in reviewing the quality of existing and new documentation.
- Recognize and identify potential areas where existing policies, standards and procedures require change.
- Support additional internal and external compliance activity as part of the Information Security and Governance team
- This position will work directly with technical and business leadership across the organization to select, deploy and validate security controls to ensure security and compliance requirements are maintained.
- Subscribe to information security blogs and sector subscriptions to identify new risks and trends that may need to be address in information security policies, procedures, and standards.
Implement IT Governance Risk and Compliance
Policy, Standards and Procedures:
- Identify, evaluate, and assists with the implementation of an information governance archival solution to provide systemic monitoring of the Information Governance program; serve as a consultant to business-area leaders.
Departmental Compliance Officer:
- Ensure security programs are following relevant laws, regulations and policies to minimize or eliminate risk and audit finding, according to the requirements defined by Group Compliance.
- Ensure that IT staff understand their role in compliance.
- Track and monitor IT Compliance initiatives.
IT Audit Management
- Conducting internal assessments of IT Policies, Standards and Process compliance to IT Audit standards.
- Manage relationships and interactions with internal and external auditors and risk management bodies and reviewing and reporting on open issues both prior to and after issuance.
- Discuss the IT Audit Plan.
- Collaborate with Group IT to define audit scope.
- Facilitate all requests for information from Group IT for audits.
- Follow-up and provide feedback on all IT Audit findings by collaboration with IT Management.
- Lead and manage the process of self-assessment as part of the overall IT Governance Framework.
- Performs other related duties as required.
- A Bachelor’s Degree in a related area such as: Computer Science or Information Technology
- Risk-related industry-standard qualifications such as CISA, CISM or CGEIT would be strong recommendation.
- Experience in compliance framework for Information Security, Compliance & IT Governance Standards: ISO27001, PCI-DSS, COBIT, King III