Snr Specialist: Risk & Compliance

Operating Division: Transnet Rail Infrastructure Manager (TRIM)

Employee Group: Permanent

Department: SP-ICT-Governance, Risk & Compliance-PKT

Location: Parktown

Reporting To: Function Specialist: Info & Cyber Mngt

Grade: E

Reference: req4232

The closing date is on . It is the responsibility of the applicant to ensure that HR has received the application before the closing date of the advertisement.

Toensure that there is a consistent ICT governance approach (Governance, Risk,Audit and Compliance) integrated and aligned with the enterprise governanceframeworks and methodologies by implementing and maintaining effectiveenabling structures, principles, processes and practices in order to achievethe enterprise's strategies, mission, goals and objectives.

1. Direct and control all activities related to Governance, Risk, Audit and Compliance to ensure resilience of the TRIM business and operations environment to support business outcomes and strategies. Direct and control activities to steer ICT with regards to information and technology risk in line with the Group ICT and Enterprise Risk Management Framework.
2. Ensure that the appropriate best practices governance frameworks are implemented, monitored, measured and reported on. (e.g. COBIT, ITIL, IS 20000, TRIM ICT Operational Model, ICT Lifestyle, Project and Portfolio Management (Agile, DevOps, Scrum). Ensure provision of assurance services to all ICT Functional areas in line with King IV and COBIT framework.
3. Review ICT process controls effectiveness. Review the operation of controls, including a review of monitoring and test evidence, to ensure that controls within ICT processes operate effectively. Ensure that the control effectiveness meets the requirements related to business, regulatory and social responsibilities. Monitor internal controls. Continuously monitor, benchmark and improve the IT control environment and control framework to meet organisational objectives.
4. Encourage management and process owners to take positive ownership of control improvement through a continuing programme of self-assessment to evaluate the completeness and effectiveness of management's control over processes, policies and contracts.
5. Identify and report control deficiencies. Identify control deficiencies and analyse and identify their underlying root causes. Escalate control deficiencies and report to stakeholders.
6. Ensure that the entities performing assurance are independent from the function, groups or organisations in scope. The entities performing assurance should demonstrate an appropriate attitude and appearance, competence in the skills and knowledge necessary to perform assurance, and adherence to codes of ethics and professional.
7. Plan, Scope and Execute assurance initiatives. Report on identified findings. Provide positive assurance opinions, where appropriate, and recommendations for improvement relating to identified operational performance, external compliance and internal control system residual risk.
8. Identify external compliance requirements. On a continuous basis, identify and monitor for changes in local and international laws, regulations and other external requirements that must be complied with from an IT perspective. Optimise response to external requirements. Review and adjust policies, principles, standards, procedures and methodologies to ensure that legal, regulatory and contractual requirements are addressed and communicated. Consider industry standards, codes of good practice, and best practice guidance for adoption and adaptation.
9. Confirm external compliance. Confirm compliance of policies, principles, standards, procedures and methodologies with legal, regulatory and contractual requirements. Obtain assurance of external compliance. Obtain and report assurance of compliance and adherence with policies, principles, standards, procedures and methodologies. Confirm that corrective actions to address compliance gaps are closed in a timely manner.
10. Evaluate, Direct and Monitor risk management. Continually examine and ensure that the Risk Register is up to date with mitigating actions by continually identify, assess and reduce IT-related risk within levels of tolerance set by enterprise executive management.
11. Integrate the management of IT-related enterprise risk with overall ERM, and balance the costs and benefits of managing IT-related enterprise risk. Provide tactical governance, risk, audit and compliance guidance for all IT projects, including the evaluation and recommendation of technical controls according to the TRIM ICT Operational Model and the TRIM ICT Lifecycle.
12. Provide monthly Management Reports to the Senior Specialist GRC and Head GRC on the implementation of the Governance, Risk, Compliance, Audits and Change and Quality management in TRIM ICT.
13. Manage Performance, Training and coaching needs to empower GRC team with appropriate skills and attitudes and ensure a high-performance culture of continuous learning. Ensure alignment with HR processes and measurements systems (e.g. performance evaluation, succession planning, talent management, compensation decisions, promoting decisions, recruiting).

• Relevant Bachelor's Degree in Information Systems and/or Computer Science or related.
• A post graduate qualification is advantageous.
• 5 - 8 years' related experience in the ICT environment, with at least 3 years in ICT Governance, Risk and Compliance.
• Following Certifications Required: COBIT and/or ITIL Foundation required.
• ISO27000, and TOGAF Certification preferred.
• Certifications in CRISC, CISA and CGEIT would be advantageous.
• Quality management - ISO and Lean Six Sigma advantageous.
• Requirement of Trust and Honesty in the handling of Finances as per the National Credit Act Amendment 19.
• Drivers license code 08.
• Travel as required and approved.

• Service Change Management - Develops, documents and implements changes based on requests for change. Applies change control procedures.
• Service Design Management - Contributes to the improvement of service design activities.
• Emerging Technology Monitoring - Contributes to the creation of reports, technology road mapping and the sharing of knowledge and insights.
• Innovation - Supports innovation. Shares creative ideas and solutions. Assists with the implementation of innovation process.
• Incident Management - Following agreed procedures, identifies, registers and categorises incidents. Gathers information to enable incident resolution and promptly allocates incidents as appropriate.

• Continuous Service Improvement Management - Implements and contributes to the development of a continuity management plan. Coordinates the assessment of risks to the availability, integrity and confidentiality of systems that support critical business processes. Coordinates the planning, designing, and testing of maintenance procedures and contingency plans.
• Business Continuity & Disaster Recovery - Implements and contributes to the development of a continuity management plan. Coordinates the assessment of risks to the availability, integrity and confidentiality of systems that support critical business processes. Coordinates the planning, designing, and testing of maintenance procedures and contingency plans.

• Adheres to IT Frameworks and Standards.

Preference will be given to suitably qualified Applicants who are members of the designated groups in line with the Employment Equity Plan and Targets of the Organisation/Operating Division.

If you have not heard from Transnet within 90 days, please consider your application as unsuccessful.

Transnet, its employees or representatives never ask for a fee from job seekers. Any such requests are fraudulent. Please report any suspicious activities in this regard to the Transnet anti-fraud line on or email .