ICT Risk & Projects Officer

SUMMARY:
On site position POSITION INFO:
Responsible for maintaining acceptable levels of ICT Risk, executing and overseeing implementation projects to continuously keep the ICT department prepared and in line with audit and corporate governance expectations, and applicable legislation. Effecting ICT Risk mitigation strategies based on contemporary research, best practice principles and best of breed solutions. Participating and facilitating information collation and flow for the ICT team year-round and through audit engagements, practical effectiveness through managing sub-projects, working with all stakeholders through to successful implementation, and sustained adoption.

• Tertiary Qualification (NQF Level 7) with Business Administration and ICT as majors 
• CISA, CGEIT, cORCM and Prince 2 Certification in Project Management 

1.
Strategy and Operational Plan Implementation
Develop operational plan that delivers on the ICT strategic plan.
Monitor team performance against strategic and operational objectives
Report on project progress against deliverables
Management of all compliance with applicable legislation as amended from time to time
Ownership of ICT Maturity assessments and formulating roadmaps, guiding ICT department to move key deliverables into matured states
Leading initiatives such as data classifications, POPIA compliance. 2.
Management of Governance and  Compliance
Ensure that each ICT area has agreed KPIs that are aligned to the ICT
strategic objectives and ICT operational plan.
Continuously monitor performance and actions of the ICT department are
aligned to supporting key business objectives.
Manage roles in the department ensuring that they remain up to date
covering all new developments in the governance and security space.
Maintain ICT services schedule of providers, systems, assets, etc. for
renewal.
Ongoing engagement with all ICT team members to sustain the required
generating and flow of reporting information for management, audit, and
governance reporting purposes to ensure compliance. 3. Financial & Project Management
Manage project and expenditure budgets for Risk mitigation and audit
objective implementations, ensuring tight budgetary control.
Manage project and operational expenditure for specialist area through
control of invoices through signoff procedures.
Manage compliance with procurement policy, processes and systems.
Provide project management office oversight focused on ICT
department’s risk mitigation and implementations of audit
recommendations, governance and compliance initiatives, and provide
assistance to other business projects where capacity and or criticality
permits.
Project management functions including liaison with stakeholders,
scoping and detailing work breakdown structures, costing and resource
estimation and scheduling, monitoring progress, intervention and
assistance, alleviating deadlocks, feedback to stakeholders. Provide procurement input and oversight to the ICT team to ensure their compliance with all Fund purchasing policies and practices. 4. Governance and Compliance Monitor the Fund’s use of ICT resources to advance delivery of Fund
strategy ensuring compliance in achieving organisational, audit,
governance and legislative directives.
Develop, implement and or mature ICT structures, policies, procedures
and documentation, in conjunction with emerging trends and technology,
audit recommendations and governance requirements to ensure
compliance objectives are met.
Develop and manage the ICT rights and accountability framework to
reinforce desirable behaviour in the use of ICT infrastructure
Promote ethical conduct and compliance with Fund policy, rules and
processes that guide the use of ICT resources.
Manage real-time monitoring, and ensure corrective action where
appropriate, to ensure desired behaviour in the use of ICT infrastructure
and systems.
Ensure that the Fund conducts its business in full compliance with
national and international laws and standards for financial services
sector.
5. Controls and Mitigations Assist in creation of true and accurate system change controls requests
for execution by the respective ICT team members, and perform post
implementation validation.
Perform user system access reviews, liaise with business units for
approvals, identifying any gaps and seeing through to resolution.
Manage the monitoring and controlling access to confidential information
through assignment of uniquely identifiable accounts and user rights
authorisations for non-repudiation.
Manage the safe transmission of data through secure internet gateways
and encryption of electronic data
Manage the secure storage and disposal of data through assigning
responsibility for ongoing storage and disposal of data in accordance with
policy, procedures, protocols and sector best practice.
Management of personnel security through implementation of “need to
know” principle and applicable policies and legislation as well as
confidentiality agreements. Management of physical security through the use of access control,
security surveillance and alarm systems as well as secure storage for
assets.