Manager: IT Risk and Governance

The Road Accident Fund’s mission is to provide appropriate cover to all road users within the borders of South Africa; to rehabilitate and compensate persons injured as a result of motor vehicle accidents in a timely and caring manner; and to actively promote safe use of our roads.

Purpose of the Job: Reporting to the Senior Manager: Technology Governance, Risk and Compliance, the successful incumbent is responsible to manage ICT Risk, Governance and Compliance objectives.

Key Performance Areas

IT Governance

• Develop and implement IT governance frameworks and strategies aligned with organisational goals and industry best practices.
• Establish policies, procedures, and controls to ensure compliance with regulatory requirements and internal standards.
• Develop and maintain a complete controls library for ICT controls in line with best practice recommendations.
• Monitor and evaluate the effectiveness of governance processes and recommend improvements as needed.

IT Risk Management

• Design, develop and implement the Information Technology (IT) Risk Management Framework that is aligned to the RAF’s Enterprise Risk Management (ERM) framework.
• Develop risk mitigation plans and strategies to minimise potential impacts on IT operations and data integrity.
• Conduct regular risk assessments and audits to ensure ongoing compliance and risk readiness.
• Drive the creation of an understanding of ICT policies, processes, risk and controls’ in line with the RAF’s Policy Framework.

• Proactively ensure that all new projects have correct levels of assurance controls by conducting internal risk reviews before and during projects implemention.

Compliance and Assurance Across IT Environment

• Design, develop and implement the Information Technology (IT) Risk Management Framework that is aligned to the RAF’s Enterprise Risk Management (ERM) framework.
• Identify, assess, and prioritise IT-related risks across the organisation.
• Develop risk mitigation plans and strategies to minimise potential impacts on IT operations and data integrity.
• Conduct regular risk assessments and audits to ensure ongoing compliance and risk readiness.
• Drive the creation of an understanding of ICT policies, processes, risk and controls’ in line with the RAF’s Policy Framework.
• Act as a liaison between ICT and all relevant stakeholders to ensure that IT risks are adequately considered in the overall risk profile of the RAF.
• Proactively ensure that all new projects have correct levels of assurance controls by conducting internal risk reviews before and during projects implemention.

Training and Awareness

• Oversee the develop and delivery of training programs on IT governance, risk management, and compliance for employees.
• Promote a culture of compliance and awareness across the organisation through workshops, seminars, and informational materials, e.g. Cybersecurity awareness, Policy Compliance, POPIA Compliance etc.

Track Remediation of all Observations

• Oversee the develop and delivery of training programs on IT governance, risk management, and compliance for employees.
• Promote a culture of compliance and awareness across the organisation through workshops, seminars, and informational materials, e.g. Cybersecurity awareness, Policy Compliance, POPIA Compliance etc.

Policy Review and Implementation

• Lead the development and implementation of departmental policy, procedures and processes.
• Keep up to date with effective policy and practice execution strategies.

Reporting

• Prepare regular reports and updates for senior management and stakeholders on IT governance, risk, and compliance activities on a monthly basis or as and when required.
• Communicate risks, compliance issues, and recommendations clearly and effectively to key stakeholders.
• Collaborate with IT teams, legal counsel, and business units to address compliance concerns and implement solutions.

Stakeholder Management

• Facilitate and manage communication with relevant internal and external stakeholders about investments and proactively and progressively manage the relationships.
• Represent the Fund in relevant external activities and events.

People Management

• Ensure the sourcing, development and retention of a high-performance team.
• Manage the recruitment of the operational workforce in line with employment equity targets.
• Manage staff in the department to ensure that they achieve their objectives in line with the strategic objectives of the RAF.
• Manage the implementation of human capital processes and procedures to control/regulate workplace conflict and/or institute corrective measures and consultation processes to address deviations from standards.
• Allocate, direct, motivate and evaluate subordinates to help them achieve their individual goals.

Qualifications and Experience

• Bachelor’s Degree/ Advanced Diploma in IT/ Risk Management/ Audit/ IT Governance related qualification.
• Postgraduate in IT/ Risk Management/ Audit/ IT Governance related qualification will be advantageous.
• Certification in CISA, COBIT and ITIL.
• ISO 27001 certification will be an added advantage.
• Relevant 6 - 8 years’ experience in IT Governance, Risk and Compliance environment of which 2 years must have been on management/supervisory level/area of expertise.

NB: “RAF offers Total Employment Cost packages with no additional contributions from the Employer, successful candidates are required to structure their packages in a manner that will suit their needs”.

The Road Accident Fund subscribes to the principles of employment equity and preference will be given to People with Disabilities.

Applicants who have not received any correspondence from us within six weeks from the closing date can consider themselves unsuccessful

Security Vetting shall be conducted on all prospective employees

It is the applicants’ responsibility to have foreign qualification evaluated by the South African Qualification Authority (SAQA) and to provide proof of such evaluation.