- Published on
SOUTH AFRICAN POST OFFICE (SAPO) - HEAD: TECHNOLOGY RISK AND COMPLIANCE (OFFICE OF THE CIO) (PRETORIA)
SOUTH AFRICAN POST OFFICE (SAPO)
INTERNAL & EXTERNAL
Job Title - Head: Technology Risk and Compliance (Office of the CIO)
(Position based in Pretoria, NPC)
Reports to - Chief Information Officer
Summation
Leads the Postbank Technology Risk and compliance function and works closely with the Chief Information Officer in the business technology planning process as well as the analysis of departmental efficiencies and effectiveness by:
Maintaining the Postbank Technology Risk Framework and its associated controls and reporting and partnering with SAPO IT. Evaluation of overall Postbank information technology risk, maintain an active view, and report on the actual, mitigation and residual risk in the technology organization. Postbank technology risk management coordination of policy drafting and scheduling reviews. All compliance closure activities are coordinated through this role, including the control and actual submissions for closure.
Key Responsibilities
Strategic alignment
Risk Identification, Assessment and Evaluation in partnership with SAPO IT.
• Identify, assess and evaluate risk to enable the execution of the enterprise risk management strategy.
• Collect information and review documentation to ensure that risk scenarios are identified and evaluated.
• Identify legal, regulatory and contractual requirements and organizational policies and standards related to information systems to determine their potential impact on the business objectives.
• Identify potential threats and vulnerabilities for business processes, associated data and supporting capabilities to assist in the evaluation of enterprise risk.
• Create and maintain a risk register to ensure that all identified risk factors are accounted for.
• Assemble risk scenarios to estimate the likelihood and impact of significant events to the organization.
• Analyse risk scenarios to determine their impact on business objectives.
Strategic alignment
Risk Identification, Assessment and Evaluation in partnership with SAPO IT.
• Identify, assess and evaluate risk to enable the execution of the enterprise risk management strategy.
• Collect information and review documentation to ensure that risk scenarios are identified and evaluated.
• Identify legal, regulatory and contractual requirements and organizational policies and standards related to information systems to determine their potential impact on the business objectives.
• Identify potential threats and vulnerabilities for business processes, associated data and supporting capabilities to assist in the evaluation of enterprise risk.
• Create and maintain a risk register to ensure that all identified risk factors are accounted for.
• Assemble risk scenarios to estimate the likelihood and impact of significant events to the organization.
• Analyse risk scenarios to determine their impact on business objectives.
• Develop a risk awareness program and conduct training to ensure that stakeholders understand risk and contribute to the risk management process and to promote a risk-aware culture.
• Correlate identified risk scenarios to relevant business processes to assist in identifying risk ownership.
• Validate risk appetite and tolerance with senior leadership and key stakeholders to ensure alignment
• Review risk responses with the relevant stakeholders for validation of efficiency, effectiveness and economy.
• Assist in the development of risk response action plans to address risk factors identified in the organizational risk profile.
• Identify and evaluate risk response options and provide management with information to enable risk response decisions.
• Apply risk criteria to assist in the development of the risk profile for management approval.
Financial
• Develop and implement risk responses to ensure that risk factors and events are addressed in a cost-effective manner and in line with business objectives.
• Ensure the effective and efficient management and control of functions/resources in accordance with the stipulations of the Public Financial Management Act, fraud prevention and risk management principles, legislation, company policies, processes, regulations.
People Management
• Plan and prioritise resource requirements for the IT environment
• Manage performance of direct reportees ensuring agreement of annual goals, measuring performance against agreed goals and dealing with non-performance accordingly
• Talent management of direct reports, in career developments and paths for all staff and succession planning for key positions
• Ensure that the working environment contributes to improving staff morale and increasing productivity
• Alignment to the bank’s transformation objectives through departmental processes
• Correlate identified risk scenarios to relevant business processes to assist in identifying risk ownership.
• Validate risk appetite and tolerance with senior leadership and key stakeholders to ensure alignment
• Review risk responses with the relevant stakeholders for validation of efficiency, effectiveness and economy.
• Assist in the development of risk response action plans to address risk factors identified in the organizational risk profile.
• Identify and evaluate risk response options and provide management with information to enable risk response decisions.
• Apply risk criteria to assist in the development of the risk profile for management approval.
Financial
• Develop and implement risk responses to ensure that risk factors and events are addressed in a cost-effective manner and in line with business objectives.
• Ensure the effective and efficient management and control of functions/resources in accordance with the stipulations of the Public Financial Management Act, fraud prevention and risk management principles, legislation, company policies, processes, regulations.
People Management
• Plan and prioritise resource requirements for the IT environment
• Manage performance of direct reportees ensuring agreement of annual goals, measuring performance against agreed goals and dealing with non-performance accordingly
• Talent management of direct reports, in career developments and paths for all staff and succession planning for key positions
• Ensure that the working environment contributes to improving staff morale and increasing productivity
• Alignment to the bank’s transformation objectives through departmental processes
Operational
• Information Systems Control Design and Implementation
• Design and implement information systems controls in alignment with the organization’s risk appetite and tolerance levels to support business objectives.
• Review process design documentation to gain an understanding of the business process objectives.
• Analyse and document business process objectives and design to identify required information systems controls.
• Design information systems controls in consultation with process owners to ensure alignment with business needs and objectives.
• Facilitate the identification of resources (e.g. people, infrastructure, information, architecture) required to implement and operate information systems controls at an optimal level.
• Monitor the information systems control design and implementation process to ensure that it is implemented effectively and within time, budget and scope.
• Provide progress reports on the implementation of information systems controls to inform stakeholders and to ensure that deviations are promptly addressed.
• Test information systems controls to verify effectiveness and efficiency prior to implementation.
• Implement information systems controls to mitigate risk.
• Facilitate the identification of metrics and key performance indicators (KPIs) to enable the measurement of information systems control performance in meeting business objectives.
• Assess and recommend tools to automate information systems control processes.
• Information Systems Control Monitoring and Maintenance
• Monitor and maintain information systems controls to ensure they function effectively and efficiently.
• Plan, supervise and conduct testing to confirm continuous efficiency and effectiveness of information systems controls.
• Collect information and review documentation to identify information systems control deficiencies.
• Review information systems policies, standards and procedures to verify that they address the organization's internal and external requirements.
• Assess and recommend tools and techniques to automate information systems control verification processes.
• Evaluate the current state of information systems processes using a maturity model to identify the gaps between current and targeted process maturity.
• Determine the approach to correct information systems control deficiencies and maturity gaps to ensure that deficiencies are appropriately considered and remediated.
• Maintain sufficient, adequate evidence to support conclusions on the existence and operating effectiveness of information systems controls.
• Provide information systems control status reporting to relevant stakeholders to enable informed decision making Postbank Disaster Recovery and BCM
• Maintain the Disaster Recovery and BCM Plans including annual reviews.
• Oversee the regular testing of the plan and update for major changes in hardware, applications, business and regulatory requirements accordingly.
• Coordinate testing and reporting of data backup restorations in accordance with Key Performance Indicators (KPIs).
Risk Monitoring
• Monitor risk and communicate information to the relevant stakeholders to ensure the continued effectiveness of the enterprise’s risk management strategy.
• Collect and validate data that measure key risk indicators (KRIs) to monitor and communicate their status to relevant stakeholders.
• Monitor and communicate key risk indicators (KRIs) and management activities to assist relevant stakeholders in their decision-making process.
• Facilitate independent risk assessments and risk management process reviews to ensure they are performed efficiently and effectively.
• Identify and report on risk, including compliance, to initiate corrective action and meet business and regulatory requirements
Governance
• Coordinate the development and ongoing maintenance of other IT policies and procedures.
• Ensure that all IT policies and procedures are compliant with regulatory requirements.
• Maintain a schedule of policy review and submission to the board for approval
Minimum Requirements
• Bachelor’s degree or equivalent from an accredited college or university. (NQF level 7/8)
• Relevant industry qualifications –Certified in Risk and Information Systems Control™ (CRISC™) will be an added advantage
• 7 years and above management experience in information technology functions
• 3 to 5 years work experience as a compliance manager, information risk specialist, or information technology auditor.
Knowledge and understanding of:
• In-depth experience in driving enterprise-level programs in risk assessment, risk reduction initiatives, risk & awareness, governance over IT policies and standards
• In-depth knowledge and experience with Technology Risk Management, IT Governance and Info Security management
• Good knowledge and experience with regulatory requirements
• Leadership experience in coordination of entity-wide IT functions during regulatory inspections
Skills and Attributes
• Strong leadership skills with ability to interact and influence at all levels
• Good process evaluation skills
• Good analytical skills
• Good strategic thinking ability
• Lateral thinker
• High attention to detail
• Decisive
• Results driven
• Resilient
• Able to work under pressure
Contacts
The South African Postbank SOC Limited is committed to achieving and maintaining of diversity and equity in employment, especially with regard to race, gender and disability. In compliance with the banks employment equity plans, first preference will be given to candidates from designated groups. Correspondence will be limited to short listed candidates only.
If you wish to apply, please forward your Curriculum Vitae (CV) to recruitment@postbank.co.za.
Please indicate in the subject line the position you are applying for.
Closing Date: 27 May 2020
Position Number: 60052295
Cost Centre: 50800
Correspondence will be limited to short-listed candidates only. If you do not hear from the South African Postbank within 3 months of this advertisement, please accept that your application has been unsuccessful. The South African Post Office Limited reserves the right not to fill this position or to re-advertise the positions at any time.