Information Risk and Privacy Manager at PnP

Role Summary

Responsible for supporting and executing the strategic direction and roadmap for improvement of IT Governance, Risk, and Compliance in line with the overall Pick n Pay Information Security Charter and key Information Security principles. This extends to leading, implementing, and supporting the related programs of work to implement related policies, frameworks, structures, processes, controls, and technology. It also requires managing and executing various risk management and control improvement activities in support of our business and Information and Technology Services.

This includes ensuring compliance with relevant external and internal requirements, legislation, and regulations. This role also includes supporting and driving the ascription to relevant frameworks and related processes for the ongoing management of the IT GRC activities.

• Relevant professional certification(s) such as CRISC, CISA, CISM and/or CGEIT (or similar)
• Minimum of 5 years' work experience in the GRC space
• Understanding of relevant frameworks, guidelines, and standards (specifically NIST CSF and PCI-DSS)
• Understanding of relevant regulatory requirements and standards such as PCI, POPI, KING, EMV, etc.
• Experience PCI-DSS Assessments
• Experience in and strong understanding of IT Governance, Information Security, Privacy, IT Risk, Internal/External Audit related concepts
• Experience working in a multi-vendor and outsourced IT environment (preferred)

• Maintain the overarching GRC Framework linking to the Info-Risk, Security and Privacy control frameworks, driven by the overall GRC and Information Security strategies
• Establish and maintain a common language with senior management and executives to ensure that GRC exposures are accurate, clear, understood, and communicated to relevant stakeholders
• Develop, review and support the roll-out of the relevant frameworks, policies, standards, and guidelines as well as key security and privacy controls, while ensuring alignment with the supporting IT operational processes
• Coordinate with Internal/External Audit and Regulatory Reviews to ensure good quality, and that actionable management comments are agreed as output from such reviews
• Benchmark and mature the IT control environment aligned with industry best practices to achieve agreed maturity levels
• Establish and oversee processes to ensure that IT operations are monitored for compliance to the applicable policies
• Develop, monitor, and support the reporting on Key Risk Indicators (KRIs) for each IT HOD relating to information risk, security, privacy, and compliance matters
• Provide support and participate in business impact analyses performed to enhance the IT Business Continuity and Disaster Recovery Plans in alignment with the overall Business Continuity efforts for the enterprise
• Actively promote the importance and value of good Governance, Risk and Security practices and a risk aware culture as well as support the corporate-wide User Awareness campaign, which includes developing relevant training material content as needed
• Be a trusted adviser to both business and IT for technology and information-related decisions
• Participate and provide input in various forums (such as regular Management meetings, Information Security and Risk forums, etc.), both to support oversight of operating control effectiveness and to facilitate the continuous improvement of key control measures and practices
• Drive operational process and performance improvements to reduce cost of failure or rework
• Mature and deliver Management Information Systems reporting tailored to the relevant audience (IT and business related.)
• Maintain up to date knowledge of GRC, Information Security and Privacy best practices, including the evaluation of relevant emerging technologies, opportunities, and threats
• Assist Pick n Pay subsidiaries as needed through training, consultative advice and sharing of material
• Provide SME support for projects and business-as-usual activities, with a specific focus on the IT Governance, Information Risk, Information Security, Privacy and Compliance related matters

• Mature the…