Manager: Information Security, Governance, Risk

**_ Equity Statement :
Preference will be given to suitably qualified Applicants who are members of the_**
**_designated groups in line with the Employment Equity Plan and Targets of the Organisation/Operating_**
**_Division._**
**_ Alternative Application Methods:
(Completed Curriculum Vitae to be submitted)_**
Post:
E-mail:
Fax:
Before the closing date of the advertisement.
Note:
if you have not been contacted within 30 days of the closing date of this advertisement please consider your
We urge all our employees, clients, members of the public and our suppliers to report any kind of fraud or corruption at
**_ Operating Division :
Transnet Pipelines_**
**_ Position Title :
Manager:
Information Security, Governance, Risk, Compliance_**
**_ Employee Group :
Permanent_**
**_ Department :
ICT_**
**_ Location :
Durban Central_**
**_ Reporting To :
Head:
ICT_**
**_ Grade Level :
E_**
**_ Reference Number :
40001320_**
**_ Position Purpose:
_**
The position holder must lead the design and provide assurance to the CIO on the sustainability of IT general controls,
Information and technology risks, security of information assets and regulatory compliance (i.E., King 111, etc.) Cob IT.
The position holder must advocate Information Security, IT risk and compliance to the relevant laws and regulations, to
Transnet employees as well as to senior management, to ensure risks relating to the above are mitigated. (e.G., reputational,
And non-compliance).
The position focuses on the provision of leadership and direction in the area of IT Risk, Information Security, IT Governance,
And IT Compliance across TPL.
**_ Position outputs:
_**
1. Governance Strategy
Review current and proposed information systems for compliance with the organisation's obligations (including legislation,
Regulatory, contractual, and agreed standards/policies) and adherence to overall strategy.
Provide advice to those accountable for governance to correct compliance issues.
2. Risk Management
Maintain the IT risk register within the approved risk management system.
Carry out risk assessment within a defined functional or technical area of business.
Use consistent processes for identifying potential risk events, quantifying and documenting the probability of occurrence and
The impact on the business.
Refer to domain experts for guidance on specialised areas of risk, such as architecture and environment.
Co-ordinate the development of countermeasures and contingency plans.
Research and advise on risks related to new and existing technologies.
3. Manage Regulatory and Internal Compliance
Manage the organisation’s IT regulatory universe.
Carry out regulatory and compliance risk assessment of relevant ICT laws and regulations.
Use consistent processes for identifying potential regulatory and legal risk events, quantifying and documenting the
Probability of occurrence and the impact on the business.
Refer to domain experts for guidance on specialised areas of regulatory and legal risk, such as legal and regulatory
Compliance.
Co-ordinate the development of compliance control plans.
Manage the IT audit function by liaising with internal and external audit
Provide a consulting service to TPL IT functional areas on compliance matters (regulatory universe, compliance control
Plans), risk framework, and IT policies.
Ensure adherence to standards where appropriate (for e.G., ITIL, COBIT, ISO, etc.)
4. Manage Business Continuity and Disaster Recovery
Implement and contribute to the development of a continuity management plan.
Coordinate the assessment of risks to the availability, integrity and confidentiality of systems that support critical business
Processes.
Coordinate the planning, designing, and testing of maintenance procedures and contingency plans.
Lead and manage the organisation’s IT BCM and DR strategy
INFORMATION SECURITY
1. Information and Cyber Security Strategy
Define, present, and promote an information security policy for approval by the senior management of the organisation.
2. Manage Information Security
Evaluate security management measures and indicators and decides if compliant to information security policy.
Investigate and instigate remedial measures to address any security breaches.
Provide guidance in defining access rights and privileges. Investigate security breaches in accordance with established
Procedures and recommend required actions and support/follow up to ensure these are implemented.
Helping project teams comply with enterprise and IT security policies, industry regulations, and best practices.
Research and advocate new technologies, architectures, and security products that will support security requirements for the
Enterprise and its customers.
Work with the IT team to ensure adequate security solutions are in place throughout all IT systems and platforms.
Establish relationships with key external information security bodies to stay abreast with information secur