Job Description

Position summary
Industry: Wholesale & Retail Trade
Job category: Others: IT and Telecommunication
Location: Cape Town
Contract: Permanent
Remuneration: Market Related
EE position: Yes
About our company
Clicks Group
Introduction
We are seeking an experienced IT Governance Manager to lead, implement, and maintain an integrated IT Governance, Risk, and Compliance (GRC) framework that safeguards the Group's information technology assets and data. Key focus areas include IT risk management, data governance and security, audit and compliance, change and release management, service continuity, disaster recovery, and third-party/vendor risk management. The role will be based at Clicks Head Office in Cape Town and will report to the IT Governance & Security Executive.
Job description
JOB PURPOSE
To design, implement, and manage the Group's IT governance strategy, framework, and policies that protect IT assets and information, ensure regulatory compliance, and support proactive responses to governance and cybersecurity risks and incidents. The role will drive the establishment of IT standards, controls, and processes that enable the Group to manage IT risks effectively and align IT operations with business strategic objectives and regulatory expectations.

• Develop and implement IT governance strategies, policies, and guidelines aligned with business goals, risk appetite, and regulatory standards.
• Lead the implementation of ISMS and GRC frameworks (e.g., NIST) and manage IT risk, service continuity, disaster recovery, and third-party / supplier risk.
• Establish and manage IT risk forums to identify, assess, and mitigate IT risks, maintaining an up-to-date risk and issues register with appropriate mitigation plans.
• Collaborate with IT leadership and stakeholders to define IT standards for contracts, licensing, procurement, and to maintain and review IT policies and procedures.
• Oversee IT procurement processes including RFP/RFQ/RFI activities, ensuring transparent evaluation, scoring, and selection of vendors and solutions.
• Lead IT Change, Release, Service Continuity, and Disaster Recovery functions, driving process improvements and resilience to enhance business continuity.
• Coordinate and manage all IT audits and compliance activities (e.g., COBIT, ISAE3402, PCI DSS, SOC2), ensuring audit findings are remediated and reported within deadlines.
• Monitor and drive IT General Controls (ITGC) evidence collection, ensuring regulatory and internal control effectiveness.
• Manage vendor contracts and relationships, conducting regular performance and risk reviews to ensure alignment with business needs and cost optimization.
• Define and track IT Governance KPIs, prepare governance reports, and present updates to senior management, including the Board and Audit & Risk Committees.
• Support IT Governance budgeting processes and ensure proper financial oversight of governance and security management initiatives.
• Develop and deliver IT governance and security awareness training, ensuring staff is knowledgeable on best practices and compliance requirements.

Minimum requirements
QUALIFICATIONS

• Business Commerce / Risk Management / Information Studies / Information Technology or a relevant equivalent qualification or certification.
• Relevant certificate i.e. Certified in Governance of Enterprise IT (CGEIT), ITIL, Certified Data Management Professional (CDMP), Certified Information Systems Auditor (CISA), etc. will be an added advantage.

JOB-RELATED KNOWLEDGE & EXPERIENCE

• 5-7 years of IT experience, with 2 years or more in a supervisory role, or equivalent proven IT governance related experience in an enterprise
• Strong knowledge of IT governance frameworks e.g. COBIT, ITIL, ISO, NIST, etc. and data governance and security principles, tools, and best practices.
• Strong understanding of regulatory requirements e.g. POPIA and data privacy.
• Proven track record in selecting, designing, implementing and testing IT Controls.
• Strong knowledge and understanding of risk and compliance management.

JOB-RELATED SKILLS

• In-depth knowledge of relevant IT Governance and Risk Management standards and frameworks including information security standards and principles (e.g. NIST, ISO 27001)
• Excellent written and verbal communication and presentation skills (including report-writing)
• Ability to manage ambiguity / complexity
• Ability to collaborate cross-functionally and cultivate innovation
• Ability to establish and maintain strong relationships with diverse stakeholders
• Experience with IT strategy, planning and governance, IT risk management and control monitoring
• Experience in facilitating compliance audits / internal self-assessments.
• Experience in project management techniques

JOB-RELATED COMPETENCIES

• Leading and Supervising
• Delivering Results and Meeting Customer Expectations
• Relating and Networking
• Applying Expertise and Technology
• Adapting and Responding to change
• Deciding and Initiating Action
• Presenting and Communicating Information