Senior IT Governance Facilitator Vacancies 2020

An IT solutions company are looking to add a Senior IT Governance Facilitator to join their team. The IT Governance Facilitator must ensure that the company’s Management Systems (ISO 27001, ISO 20 000) are maintained and improved.
The successful candidate must ensure that all staff adherence complies to policies,
procedures, guidelines and standards used to support the effectiveness of the Management Systems.

DUTIES WILL INCLUDE, BUT ARE NOT LIMITED TO:

30% Information Security Management System – ISO 27001

• Maintenance of all ISMS Policies, Procedures and relevant standards and supporting documentation
• as directed.
• Provide communication as and when needed of changes affecting ISMS.
• Scheduling and documentation of all Management Review Meetings (e.g. Agenda and Minutes).
• Help with the production of all relevant reports and statistical analysis required for Annual ISMS
• Management Review meetings.
• Maintain and update content of ISMS Action Logs (e.g. Security Incident Log, Security Corrective and Preventative Action Logs, Documentation Reviews).
• Help the business during external audit preparation.
• Maintain and Improve the ISMS.
• Assist with migrations to newer standard versions.
• Assist with necessary scope extensions as part of business acquisitions.

30% IT Service Management System – ISO 20 000

• Maintenance of all ITSMS Policies, Procedures and relevant standards and supporting documentation
• as directed.
• Provide communication as and when needed of changes affecting ITSMS.
• Scheduling and documentation of all MR Meetings (e.g. Agenda and Minutes).
• Help with the production of all relevant reports and statistical analysis required for Annual ITSMS Management Review meetings.
• Maintain and coordinate Documentation Review schedules with Process and Function owners.
• Help the business during external audit preparation.
• Maintain and Improve the ITSMS.

15% Risk Assessment

• Undertake annual risk assessments within scope of the ISMS and ITSMS based on the documented
• risk methodology.
• Manage treatment plans of both ISMS and ITSMS risk treatment plans.
• Identify and agree mitigation with teams and stakeholders within the scope of the ISMS and ITSMS as a result of risks identified.
• Identify, document and agree acceptance of risks where appropriate with the risk owner.
• Identify, document and agree transfer or avoidance of risks where appropriate with the risk owner.

15% Audit Activity

• Manage Internal and External audit schedules.
• Plan and Conduct Internal audits in a timely manner.
• Assist during planning and scheduling of External Audits – BSI.
• Coordinate and ensure successful completion of all corrective and preventative activities.

5% Awareness

• Drive Awareness campaigns – ISMS, ITSMS, POPI and GDPR.
• Generate and distribute Quarterly Newsletters.
• Managing the training platforms and Compliance reports.

5% Compliance Management – GDPR / POPI

• Support manager as 2IC for Data Protection liaison for LSA.
• Ensure compliance risks are identified, monitored and managed within Privacy Engine.
• Assist with business on compliance queries.

REQUIREMENTS:

• Grade 12
• IT or Quality Related Diploma / Degree.
• Lead Auditor ISO 27001 Certification.
• Foundation / Practitioner ISO 20 000 Certification.
• Foundation ISO 31000 / Risk Management Framework.
• Compliance Management – GDPR / POPIA / King IV.

EXPERIENCE:

• 3-5 years’ experience ISO Implementation/Auditing/Assessments.
• Excellent communication Skills both written and verbal.
• Excellent understanding of ISO27001 and ISO27002 Information Security Standard and
• Implementation.
• Excellent understanding of ISO 20 000 IT Service Management Standard and Implementation.
• Good working knowledge of Security and Service Management principles.
• Good working knowledge of IT Governance related legal and regulatory requirements.
• Good working knowledge of data protection regulations – GDPR and POPIA.
• 3rd Party Supplier Evaluation and Compliance experience.
• Ability to manage and deliver risk assessments through to successful conclusion.
• Excellent Knowledge of using Microsoft Office, Visio and MS Project. E.g. Word processing,
• Spreadsheets, Presentations, flow diagrams and Project Plans.
• IT Corporate Governance Principles.

PERSONAL REQUIREMENTS/SKILLS/ATTRIBUTES:

• Meticulous attention to detail.
• Ability to work under pressure to strict deadlines.
• Protecting the company by recognising potential issues/risks.
• Good written and spoken communications at all levels of business.
• Understanding of role and dealing with possible conflicts of interest within the division & customers.
• Ability to works towards team and individual targets.
• Building and maintaining effective working relationships, both internal and external.
• Ability to travel if required to various company offices in and around South Africa.
• Valid driver’s license and own transport.

Desired Skills

Desired Qualification Accreditation