Risk and Compliance Specialist at Transnet

Position Purpose

• Ensure the implementation and compliance of Legislative and Organisational policies, procedures, standards, and frameworks across the IT landscape.
• Manage the ICT related risks for TPT in accordance with the ERM framework, by constantly assessing the ICT environment for emerging risks and putting in place preventative and mitigating measures to reduce the likelihood and impact of the risks
• Ensuring greater success of business goals and objectives by reducing the likelihood and impact of potential risks

Position Outputs

• RISKS Provide guidance, feedback, and support across ICT regarding identification of risk, risk mitigation and management. Create an appropriate metrics to quantify, track and report on identified risk across ICT. Perform risk management for ICT projects and initiatives and ensure risks are properly assessed, evaluated and assigned to the relevant owners for risk treatment. Conduct ICT risk awareness and training – design and publish communications which develop awareness and accountabilities for risk management activities. Keeps abreast of developments by identifying emerging risks and creation of associated risks registers within the organization. Identify process improvement opportunities and develop and communicate recommendations for implementation.
• Keeps abreast of developments in the areas of legal, regulatory, corporate requirements. Ensure vendor and stakeholder compliance to Transnet’s Governance frameworks and adherence to SLA’s Weekly, monthly, and quarterly reporting on the compliance across the various application systems in the organisation. Take appropriate steps to identify trends and improve compliance effectiveness. Assist in executing other tasks of the Information Security, Governance, Risk and Compliance function, as and when required.
• Work with internal control, audit, information security and compliance to manage the end-to- end processes for regular internal as well as any statutory reporting of risks in manner that provides a complete view of all ICT risks and that also guides management decision making. Provide feedback to related governance forums such as MANCO and RISKCO, regarding latest risk posture of TPT ICT

Qualifications and Experience

• Degree (NQF 7) in Information Technology/ Computer Science/ Internal Auditing/Financial Information Systems (FIS) At least 5 years’ relevant experience in any of the following ICT disciplines in a large enterprise including but not limited to, o ICT Risk Management, o ICT Audit, o ICT Compliance, o ICT Governance Minimum 1 year in a supervisory level or specialist position. Further qualifications preferred: o Certified in Risk and Information Systems Controls (CRISC) o Certified Information Systems Auditor (CISA) o Certified in the Governance of Enterprise IT (CGEIT) Further professional memberships preferred: o Information Systems Audit and Control Association (ISACA) o Compliance Institute of South Africa (CISA) o Institute of Internal Auditors (IIA) Recognition of competence Relevant qualification (NQF 5) 6 yrs relevant and solid experience with at least 2 yrs at managerial level or specialist experience.