Job Description

PURPOSE OF THE ROLE



To effectively manage Quality Management System, Environmental Management System, Energy Efficiency Management System, OHS Management System & Information Security, Data Protection & Cybersecurity Management System to retain current and new clients, minimise operational risk as well as reputational risk for Teraco. Overall responsibility to ensure that the Management System is effective, by ensuring that all the programmes/ system are aligned, cohesive and do not have duplication or conflicting systems. Overseeing Teraco's risk and BCP programmes and accurate reporting thereof. Manage the Risk & Assurance team.



MAIN FUNCTIONS OF THE JOB


The evaluation, motivation and implementation of any new standards or certifications; Maintenance of existing certifications and attestations, including but not limited to ISO 9001, ISO 27001, ISO 14001, ISO 50001, ISO 45001, ISAE 3402 Type II, SOC2 Type II, PCI DSS 4.0; Overall responsibility to ensure that the Management System is effective, by ensuring that all the programmes/ system are aligned, cohesive and do not have duplication or conflicting systems. Management Representative of Teraco's Quality Management and Information Security Management programmes. Support to the management representatives of the Energy, Environmental and OHS programmes. Responsible for the ISO Management System (clauses 1-5), policy and documented records/ evidence. Assist with performance reporting of the Management Systems and where required, client report dissemination. Support the Head of Operations in preparing for the annual Strategic Planning/ Management Review meeting. Responsible for the Teraco Risk Management program & procedure and implementation/ maintenance thereof. Responsible for supporting the CEO and Head of Operations in maintaining the business continuity program and for ensuring the simulations are executed as planned. Responsible for the Operational Risk meeting, and monthly collation and presentation of the ESG report Oversight to ensure there is planning and execution of the internal audit and self assessment audit schedule. Ownership and oversight of internal & external audits/attestations for ISEA3402, SOC2, ISO9001, ISO27001, ISO14001, ISO45001, ISO50001 and PCI, including site additions and transitions. Compile responses to client audits, as per delegated area of responsibility. Lead 3rd party client audits and ensure closure of audit findings e.g. Trusight, SSPA etc. When requested, attend client audits and/or quarterly reviews, where required to present evidence on audit, certification etc. Compile and lead action plan to address any deficiencies identified in client audits and SLA review. Identify audit trends and / or emerging client needs to guide the business to have the required process defined and implemented proactively. Accountability and responsibility for the quality and accuracy of MyZone Policies, Procedures, EOP etc documentation, including compliance to CI and brand. Assist functional areas with or compile new procedures, policies, work instructions and forms as and when required. Where required, lead the development of new policies, and drive alignment between the interested parties. KnowBe4 platform owner, including oversight of the KnowBe4 training schedule (all subject areas), and compliance. Ensure that training is scheduled and implemented as per policies, in consultation with the relevant owners. Support the CISO in information security awareness, education and training. KnowBe4 champion and owner of KnowBe4 information security training program. Conduct independent quarterly audits of system access rights. Oversight to ensure that all access audits are occurring including client access audits, service/provider contractor access audits and all physical security configuration and data integrity audits. Develop and implement an audit program to measure compliance to client contracted SLA's, and track correctives for effective implementation. Management and development of the Risk and Assurance team member(s).


SKILLS REQUIREMENT


Excellent written and verbal communication skills: + Listens to others and accepts input from team members
+ Clearly articulates ideas and thoughts
+ Accurately prepares written business correspondence that is coherent, grammatically correct, effective and professional
+ High quality output



Proactive problem solver: + Proposes solutions to problems and considers timeliness, effectiveness, and practicality in addressing requirements
+ Generates innovative solutions by approaching problems with curiosity and open mindedness, using existing information to its fullest potential
+ A honed alertness and vigilance to potential breaches in compliance. This means actively enforcing a mandatory reporting policy and seeking out any weakness in company dealings.
Ability to work independently & a positive team player Self-motivated and displays leadership skills Demonstrates flexibility in day-to-day work. Establishes harmonious working relationships with team members Appreciates each team member's contributions and values each individual member Sets high standards of performance for oneself Attention to detail and accuracy Good prioritisation and organisation skills Conducts self professionally, exhibits high levels of tolerance and patience Responsible for continued learning and self-development. Intelligent and willing to keep learning. Complies with policies and procedures. Ethical and principled: These are the single most important qualities of a compliance manager. Fair and modest: Willing to scrutinize all the facts without making a snap judgment, and interview any relevant employees for their perspective. Diligent: Even when it becomes a hassle, a Business Analyst, Risk and Compliance officer must be willing to see an issue through to resolution. A strong constitution and extra conviction: Solid backbone and the strength to stand by difficult decisions and be more influenced by right versus wrong than by relationships. Willing to take the lead in setting the tone for corporate integrity. Demonstrates ability to coach and develop others skills.

QUALIFICATIONS AND EXPERIENCE

Minimum of 15 years working experience in quality management or information security management roles; Tertiary degree; Minimum of 15 years experience in Information Technology Industry. Certified for ISO 9001 and ISO 27001 Implementation mandatory; Certification for Implementation and Auditing of ISO 14001, 50001 & 45001 & PCI DSS preferred, but not mandatory. Note, certificate must be provided as part of job application/ CV upload. Experience in implementation of SOC2 or ISAE3402 attestation. Willing and able to travel to Durban and Cape Town when required. * Drivers licence mandatory