Lead IT GRC

Purpose:

This role leads IT Governance function, ensuring all IT initiatives and objectives are tightly aligned with corporate strategy and enterprise goals, drives the creation of measurable business value from IT-enabled investments, focusing on realizing benefits at an optimal resource cost while effectively optimizing risk. Leading the implementation of organizational structures, policies, and procedures, benchmarked against global standards, to achieve enterprise-wide digital maturity and standardization across the IT landscape.

Eduacation & Experience:

•    Bachelor’s/Master’s in computer science / Engineering / Information Security or related domains from reputable local/foreign universities. 
•    8 – 10 Years of relevant experience in the related field of work with Utilities, banking, or multinational companies.

•    International certifications such as ITIL, CISM, COBIT or related certifications.

Core Competencies:

• IT Governance
• Digital & IT Strategy
• IT Service Management (ITIL)
• Audit & Compliance
• Stakeholder Management
• Leadership and Decision Making

Areas of Responsibility:

1    Oversee IT Governance Framework
•    Lead and steer the overarching IT governance framework, ensuring all IT policies, strategies, and processes are in full alignment with overarching business objectives.
•    Leverage industry best practices, including COBIT for governance, ITIL for service management, and relevant ISO standards for quality and security, to build a robust foundation for technology operations.
•    Guide the IT Governance team in the continuous monitoring of the framework's deployment, proactively identifying and mitigating any control deficiencies, operational gaps, or weaknesses.
•    Prepare and deliver compelling, executive-level reports and dashboards to IT leadership, providing data-driven visibility into framework adoption and critical control deficiencies.
•    Ensure that IT's goals and direction are fully integrated with enterprise objectives, thus transforming IT into a strategic business partner.

2    IT Audit(s) Management and Controls Assurance
•    Serve as the primary liaison and point of contact between internal and external audit teams and all internal ITG departments.
•    Lead the IT Audit Management strategy, coordinating all audit activities from planning and evidence gathering to overseeing IT team participation.
•    Drive the remediation of all audit observations and findings, ensuring the timely and effective implementation of corrective action plans.
•    Prepare formal management comments to articulate IT's official position on audit findings for review and approval by the IT Leadership team.
•    Provide critical Controls Assurance, guaranteeing the integrity and reliability of IT systems and operations to both auditors and senior management.

3    Technology Compliance and Governance 
•    Lead a comprehensive technology Compliance Program across the entire IT enterprise.
•    Drive continuous research into emerging compliance issues and advise IT Leadership on best-practice implementation.
•    Enforce rigorous regulatory governance, ensuring timely action on requirements from company regulators and providing accurate status updates.
•    Direct periodic internal reviews against IT and ISMS/ISO 27001 policies to identify and mandate remedial actions.
•    Oversee license evaluation and optimization for the entire SAP landscape to ensure cost efficiency and compliance across all technology assets.
•    Develop and execute continuous compliance training programs for employees.
•    Align the IT Risk Management (ITRM) program roadmap with the company’s overall enterprise risk vision.
•    Lead the identification, assessment, and mitigation of IT-related risks across all business applications and infrastructure, adhering to international standards.
•    Direct timely risk assessments and ensure the risk register is accurately maintained and presented to IT Leadership for monitoring.
•    Coordinate closely with the Cyber Security Function to oversee technical controls, including vulnerability assessment, penetration testing, and configuration reviews, to assure a robust control environment.

4    IT Continuity & Disaster Recovery Management
•    Lead the IT Continuity and Disaster Recovery (DR) program, defining its strategic vision and operational readiness as a crucial part of the Business Continuity Plan.
•    Establish and continually improve the IT Continuity and DR policies, plans, and procedures.
•    Ensure meticulous alignment with management-approved Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) for all critical IT systems.
•    Champion strategic program initiatives, guide IT and business teams in conducting Technology Impact Analysis and develop comprehensive recovery strategies.
•    Oversee the entire DR lifecycle, including leading regular DR drills and leveraging lessons learned for continuous plan improvement.
•    Collaborate with internal teams and third-party vendors to assess and integrate their disaster recovery capabilities, ensuring a robust, end-to-end plan.

5    SAP Signavio Governance
•    Lead the planned oversight and governance for the SAP Signavio platform, ensuring its use is fully aligned with business-critical functional processes.
•    Champion a culture of operational excellence and continuous improvement by directing the establishment and refinement of the Signavio governance framework.
•    Establish standards, procedures, and best practices for process management and analysis within the platform.
•    Direct initiatives that leverage Signavio to enhance quality, increase agility, and optimize core business processes.
•    Oversee the effectiveness of the governance model, ensuring compliance with established standards and validating the accuracy of performance metrics and valuable insights delivered to leadership.
•    Govern all aspects of license and resource optimization for Signavio, guaranteeing the investment is maximized and drives tangible business value.