Job Hunter

KwaZulu-Natal

durban

N/A

13-11-17

16 Hits




Applicants that are interested in applying for any of the advertised positions must apply by registering on the Careers section
of the Transnet Internet. Please take care in completing all required details on the profile, and then apply for the position.

Alternative Application Methods: (Completed Curriculum Vitae to be submitted)

Post :
E-mail : Recruitment3@Transnet.net

Fax :
The closing date is on 21.11.2017. 
It is the responsibility of the applicant to ensure that HR has received the application
before the closing date of the advertisement.

Note: if you have not been contacted within 30 days of the closing date of this advertisement please consider your
application as unsuccessful.

Any questions regarding the application or recruitment process should be sent in writing to
NELISWA.XABA@TRANSNET.NET

We urge all our employees, clients, members of the public and our suppliers to report any kind of fraud or corruption at
Transnet. Call the hotline toll free number: 0800 003 056 or email Transnet@tip-offs.com

Operating Division : Transnet Pipelines

Position Title : IT Risk Security Governance & Compliance Specialist

Employee Group : Permanent

Department : STRAT, ICT, IRSGC, DNR

Location : Durban Central

Reporting To : Manager: IRSGC

Grade Level : G

Reference Number : 40000791

Position Purpose :

    To develop policies, standards and guidelines for IT general controls, IT laws and regulations and IT security.
    Liaise with internal / external audit to recommend and ensure resolution of identified weaknesses in IT controls.
    Ensure implementation of Transnet IT policies, procedures, standards and frameworks across the IT landscape.
    Ensure compliance with IT legislation requirements.
    Ensure TPL DRPs and BCPs are in line with business requirements.
    Provide risk identification, assessment, and consulting services to the TPL ICT function.
    Ensure that key IT risks at TPL are appropriately managed and mitigated.
    Deliver IT risk and information security assessments on applications and infrastructure.
    Research and advice on risks related to new and existing technologies within the IT environment.
    Maintain the TPL risk register within the approved risk management system.
    Research and provide input into the enhancement of technology related internal controls awareness and training across IT;

Position outputs :

    Assist in the development of IT Governance, Risk, - Compliance and Security related policies, procedures, standards and

frameworks.

    Ensure compliance to Transnet IT policies, procedures, standards and frameworks incl. ITGC and CFRC.
    Ensure that IT DRP and BCP solutions are in place and in line with business requirements.
    Develop and implement the IT compliance plan.
    Conduct compliance monitoring within the TPL IT environment.
    Conduct information security awareness, IT risk management, IT regulatory universe and compliance user training.
    Conducting, and/or coordinating risk and information security assessment and risk opinion engagements at TPL;
    Interfacing with the key ICT vendors/clients at TPL and ensuring adequate IT risk coverage;
    Serving as a contact point in relation to IT risk matters affecting TPL;
    Tracking and monitoring of Audit Findings, and report on finding resolution status to the relevant bodies. Maintain audit

status on SAP GRC;

    Tracking and monitoring of Risks and report on risk resolution status to the relevant bodies. Maintain risk status on CURA;
    Tracking and monitoring of implementation of Compliance Control Plans, and report on status thereof to the relevant bodies.
    Maintain the TPL IT Minimum Control Framework;

Interfacing with clients to collect information as required for assessments, concepts and reporting requirements;

    Implementing standard Risk Assessment, and ensure that risks identified are managed in accordance with the defined

Transnet Board risk appetite, and risk tolerance;

    Engaging with IT & the business on controls to be implemented to ensure a secure, controlled and manageable risk

environment;

    Managing the TPL ICT risk register, including reporting and follow-up;
    Ensuring that the business is being kept updated on any new IT risk management developments, such as new

methodologies, policies, tools and/or services;

    Communicating IT risk requirements and best practices to TPL ICT staff, consultants and vendors via presentations, training

programs, memos, websites, and other relevant media;

    Research and report on potential practices relating to the design and implementation of audit, risk assessment and

regulatory compliance practices for ICT;

    Escalate and remediate IT risk and compliance related issues;
    Compile reports on the status of technology risk and compliance issues based on assessment results and information from

various monitoring and control systems;

    Research and advise on appropriate mitigation strategies and approaches which can be applied by TPL ICT;
    Propose solutions to mitigate risks under the established risk management strategies
    Assist in identifying, assessing and managing the regulatory universe that applies to TPL IT.
    Analyse applicable new regulatory developments or requirements with a view of preparing appropriate communications or

responses.

    Provide support regarding audit, regulatory and risk management activities across IT functional areas, such as the

development and maintenance of regulatory documentation (e.g. RICA, ECTA and POPI);

Qualifications & Experience :
National Diploma in Information Technology and Systems with 3 – 5 years’ IT relevant experience or a National Certificate
(12 months) with 6 – 8 years’ IT relevant experience and training in the following areas:

    Information risk, IT audit, governance, compliance and security.
    Development and deployment of Information Security Programmes
    Process Control/SCADA/PLC environments

Further qualifications required:

    Certified Information Systems Auditor (CISA)
    Certified in Risk and Information Systems Controls (CRISC)
    Certified in Governance of Enterprise IT (CGEIT)
    Certified Information System Security Professional (CISSP) advantageous
    SAP Security Certification advantageous

Advantageous:

    Honours Degree.

Knowledge Required:

    Knowledge / application of COBIT , ITIL and or BS25999 / ISO 22301, ISO 27000/1/2 , ISO 27031
    ISO 31000 / 31010
    Business Continuity Management
    Project management
    Risk Management
    Basic understanding of King III
    Understanding of the political climate of the enterprise and how to navigate the politics.
    IT Risk, Compliance and Governance frameworks.
    Relevant South Africa Legislation (Security and Privacy).
    Exceptional interpersonal skills, including teamwork, facilitation, and negotiation.
    Ability to execute on multiple projects simultaneously.
    Excellent written and verbal communications skills, including preparation of and delivery of reports and presentations.
    Ability to facilitate working groups and workshops.
    Excellent planning and organising skills.
    Ability to balance the long-term (“big picture”) and short-term implications of individual decisions.
    Network and server security, including firewalls, VPN, IDS/IPS, anti-virus, patch management, vulnerability management.
    Business applications including SAP ERP.
    Domain structures, user authentication, and digital signatures and PKI.
    Intranet, Extranet, Internet, eCommerce, EDI links with parties within and outside of the organization.
    Common information security management frameworks, such as International Standards Organization (ISO) 17799/27001,

the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (COBIT) frameworks.

    Requires expert knowledge of security issues, techniques and implications across all of the key platforms within the TPL

environment, including:
o Microsoft Windows Server and Desktop,
o Microsoft SQL Server, SharePoint,
o UNIX (AIX)
o Oracle,
o MaxDB,
o VPN and remote access technologies,
o CISCO networking platforms,
o Palo Alto firewall technology,
o Data leakage prevention,
o Cryptography,
o BCM/DRP,
o Access Control,
o Wireless Security,
o Ethical hacking skills,
o Application Security,
o IT Auditing techniques

Competencies :
Anchoring the Transnet Way
Is a conceptual and analytical thinker
Is results focused
Is courageous
Is resilient
Is emotionally intelligent
Is an excellent communicator

Leading the Transnet Way

Is visionary and inspiring
Is strategic
Is collaborative
Is innovative and entrepreneurial
Has impact and influence
Is a change agent

Managing the Transnet Way
Optimises business performance
Manages finances
Manages people & teams
Delights customers
Manages programs, projects & contracts
Manages risk and compliance

Equity Statement : Preference will be given to suitably qualified Applicants who are members of the
designated groups in line with the Employment Equity Plan and Targets of the Organisation/Operating
Division.

Sustaining the Transnet Way
Empowers and develops others
Is inquisitive and develops self
Manages and shares information
Role models the culture and values
Embraces diversity
Has the right skills

Sorry, comments are unavailable..

Share