PRINCIPAL IT GOVERNANCE OFFICER (1)
Report to: Systems and Application Manager
Job Purpose
Accountable for reducing to a minimum the required Capital Allocation Risk for all function units under DIT which includes but not limited to Technology, Fund Operations Risk, Change, Projects, business interface, innovation, etc. 5
Ensuring that Operational Risk policies, standards, processes and procedures are embedded within the Directorate.
Coordinating the improvement of the control environment so as to reduce operational risk exposure.
Key Duties and Responsibilities
1. In line with Enterprise Risk Management (ERM) framework, develop a control framework for each of the key functions under the DIT area.
2. Develop an implementation and embedment plan, execute and deliver the plan within agreed timeframe in line with the approved Control framework
3. In line with best practice and international framework related to data, information security and overall systems security, develop an enterprise wise Security Strategy to ensure protection of Fund's data and information with focus on confidentiality, integrity, availability of both data and systems.
4. Maintain the Risk and controls policy frameworks within the DIT area and ensure that it is updated on an annual basis
5. Define an implementation plan of Operational risks policy by translating policy statements and concepts into action-able requirements and assigning roles and responsibilities amongst staff
6. Engage staff in Risk policy implementation by communicating expectations, providing coaching and support
7. Monitor compliance to Operational Risk policy requirements and advise management of any gaps by conducting periodic reviews
8. Coordinate the closure of policy gaps by engaging management to define, agree and monitor progress
9. Ensure the effective quantification of all risks under DIT area by maintaining a framework for financial quantification and applying it across Risk incident reporting
10. Ensure the effective communication of DIT Risk profile to all NSSF risk forums by preparing the relevant reports as per NSSF standards
11. Review and ensure necessary security, availability, change management controls are built in all projects, review all systems related project before implementation to verify that all necessary standards controls are in place.
12. Identify and assess operational risks and Controls through the use of NSSF defined standard frameworks and Industry standard frameworks.
13. Coordinate risk assessments by engaging function risk and control owners on risk control assessment and ensuring that data is updated to relevant risk management systems.
14. Reduce risk exposure by identifying and /or validating control improvement plans as well as opportunities for risk transfer and avoidance
15. Perform Assurance on Audit/Examination issues pending Issues assurance and identify any embedment weaknesses and/or implementation gaps by applying appropriate assurance frameworks.
16. Establish relevant and implement-able action plans for pre- audit/audit
/examination/pre-issues assurance remediation through applying appropriate industry best practice frameworks (e.g. ITIL, COBIT, PCI) and engaging with Risk/Control owners.
17. Perform any other duty as may be assigned by supervisor
Job Qualifications and Skills
a) Qualifications and Experience
• Graduate – Computer science/Computer engineering/CISA, preferably Post-graduate – Computer science/Computer engineering
• 5 years’ experience in audit/security/controls Industry, with experience in the Risk/Controls/IT/Operations Industry
• Experience in operational Risk management and Assurance
• Experience in operations, process and controls design and IT Governance
• Demonstrated ability to communicate complex issues and concepts in a simple manner
• Demonstrated ability and experience to develop and defend technical recommendations and budgetary plans
• Demonstrated experience working in a deadline-oriented environment managing multiple projects simultaneously
• Demonstrated experience and ability to work effectively in a dynamic, collaborative and fast-paced atmosphere
b) Skills and Competencies
Project management
Process/Operations design and management
Risk management
Report writing and Presentation skills
Systems implementation
Systems architecture and design
Systems administration
Back up/Recovery and Systems continuity
Understanding of financial sector operational risk management
Report to: Systems and Application Manager
Job Purpose
Accountable for reducing to a minimum the required Capital Allocation Risk for all function units under DIT which includes but not limited to Technology, Fund Operations Risk, Change, Projects, business interface, innovation, etc. 5
Ensuring that Operational Risk policies, standards, processes and procedures are embedded within the Directorate.
Coordinating the improvement of the control environment so as to reduce operational risk exposure.
Key Duties and Responsibilities
1. In line with Enterprise Risk Management (ERM) framework, develop a control framework for each of the key functions under the DIT area.
2. Develop an implementation and embedment plan, execute and deliver the plan within agreed timeframe in line with the approved Control framework
3. In line with best practice and international framework related to data, information security and overall systems security, develop an enterprise wise Security Strategy to ensure protection of Fund's data and information with focus on confidentiality, integrity, availability of both data and systems.
4. Maintain the Risk and controls policy frameworks within the DIT area and ensure that it is updated on an annual basis
5. Define an implementation plan of Operational risks policy by translating policy statements and concepts into action-able requirements and assigning roles and responsibilities amongst staff
6. Engage staff in Risk policy implementation by communicating expectations, providing coaching and support
7. Monitor compliance to Operational Risk policy requirements and advise management of any gaps by conducting periodic reviews
8. Coordinate the closure of policy gaps by engaging management to define, agree and monitor progress
9. Ensure the effective quantification of all risks under DIT area by maintaining a framework for financial quantification and applying it across Risk incident reporting
10. Ensure the effective communication of DIT Risk profile to all NSSF risk forums by preparing the relevant reports as per NSSF standards
11. Review and ensure necessary security, availability, change management controls are built in all projects, review all systems related project before implementation to verify that all necessary standards controls are in place.
12. Identify and assess operational risks and Controls through the use of NSSF defined standard frameworks and Industry standard frameworks.
13. Coordinate risk assessments by engaging function risk and control owners on risk control assessment and ensuring that data is updated to relevant risk management systems.
14. Reduce risk exposure by identifying and /or validating control improvement plans as well as opportunities for risk transfer and avoidance
15. Perform Assurance on Audit/Examination issues pending Issues assurance and identify any embedment weaknesses and/or implementation gaps by applying appropriate assurance frameworks.
16. Establish relevant and implement-able action plans for pre- audit/audit
/examination/pre-issues assurance remediation through applying appropriate industry best practice frameworks (e.g. ITIL, COBIT, PCI) and engaging with Risk/Control owners.
17. Perform any other duty as may be assigned by supervisor
Job Qualifications and Skills
a) Qualifications and Experience
• Graduate – Computer science/Computer engineering/CISA, preferably Post-graduate – Computer science/Computer engineering
• 5 years’ experience in audit/security/controls Industry, with experience in the Risk/Controls/IT/Operations Industry
• Experience in operational Risk management and Assurance
• Experience in operations, process and controls design and IT Governance
• Demonstrated ability to communicate complex issues and concepts in a simple manner
• Demonstrated ability and experience to develop and defend technical recommendations and budgetary plans
• Demonstrated experience working in a deadline-oriented environment managing multiple projects simultaneously
• Demonstrated experience and ability to work effectively in a dynamic, collaborative and fast-paced atmosphere
b) Skills and Competencies
Project management
Process/Operations design and management
Risk management
Report writing and Presentation skills
Systems implementation
Systems architecture and design
Systems administration
Back up/Recovery and Systems continuity
Understanding of financial sector operational risk management
Mode of application:
Applications in writing enclosing detailed curriculum vitae, certified copies of relevant certificates, contact address including telephone numbers, email address and names and addresses of three referees to be addressed to the undersigned. 19
Please take note of the following;
1. Applications without latest CVs will not be considered;
Director, Human Resources and Administration
National Social Security Fund,
P.O. Box 1322,
DAR ES SALAAM
The closing date for submission will be on 15th December, 2014. Only short listed candidates will be contacted.
Applications in writing enclosing detailed curriculum vitae, certified copies of relevant certificates, contact address including telephone numbers, email address and names and addresses of three referees to be addressed to the undersigned. 19
Please take note of the following;
1. Applications without latest CVs will not be considered;
Director, Human Resources and Administration
National Social Security Fund,
P.O. Box 1322,
DAR ES SALAAM
The closing date for submission will be on 15th December, 2014. Only short listed candidates will be contacted.
PRINCIPAL IT GOVERNANCE OFFICER
Reviewed by Unknown
on
7:26:00 AM
Rating: