Duties and Responsibilities
- Reviews the Frameworks in place for IT Governance, Information Security, Data Privacy and IT Service Continuity for sustained effectiveness and alignment to leading practices.
- Participate in the development and implementation of Information and Technology governance frameworks and policies to ensure alignment with business objectives and regulatory requirements.
- Ensure continuous compliance with international Information Security, Information & Technology Governance standards and local regulatory requirements (ISO 27001, National Institute of Standards and Technology, the Data Protection Act) through policy updates and periodic reviews.
- Monitor compliance adherence across the Software Development Life Cycle (SDLC) through onsite reviews and automated compliance checks in DevOps pipelines.
- Ensure that outstanding IT Audit findings (internal and external audit findings) are constantly followed up on and driven to resolution.
- Oversee the reporting and analysis of IT risk incidents and investigate root causes of incidents and ensure corrective actions are implemented.
- Perform continuous, and independent, risk analysis using automated tools to detect security misconfigurations or non-compliance in cloud, on-prem, and hybrid IT environments.
- Evaluate the effectiveness of Security risk assessments being executed by the Information and Cyber Security function, perform gap-analysis, and ensure remediation in liaison with the IT and Cyber Security Services team.
- Perform third-party vendor risk assessments and drive security improvements across partnerships.
- Enhance resilience by providing oversight on business continuity and disaster recovery plans and ensure regular testing is conducted.
- Evaluate the adequacy and effectiveness of safeguards protecting sensitive Company information and drive information security awareness initiatives.
- Collaborate with IT architects to design resilient security frameworks that align with best practices.
- Conduct regular training and awareness sessions (in person, virtual or training material) regarding IT risk management and the roles the various parties play in the management of IT Risk.
- Prepare Risk Management Reports, dashboards and presentations for Board and Executive Committees.
Academic Qualification, Experience and Attributes
- Bachelor’s degree in relevant disciplines such as Computer Science, Information Systems and Computer Engineering.
- A master’s degree in a relevant discipline will be an added advantage.
- Relevant professional certification in CISA, CRISC CISM, CISSP and CIA is a must.
- Minimum of 6 years’ experience in IT Risk and Governance with experience in ISO 27001:2022 audits, security risk assessments, information governance, data privacy, security awareness, or cybersecurity maturity assessments.
- Experience in governing internal controls in technology governance for any large enterprise.
- Excellent managerial skills.
- The ability to think critically, assess and quantify technology risk, document complex processes and collaborate effectively with cross-functional stakeholders is required.