Key Purpose

The Information Governance Officer (IGO) supports the Group Chief Information Security Officer through the Deputy CISO, with all IT governance and control related functions.  Responsible for ensuring that the appropriate policies, procedures, standards, RACI charts and practices for conformance with the respective governance frameworks and mandatory legislation and regulations, are in place as defined.

Work closely with information technology, privacy and security personnel to establish and conduct oversight on approach to the use of information and associated technologies.

Areas of responsibility may include but not limited

• Establish and assist in the development of appropriate policies, procedures and practices in relation to IT, Privacy and Security governance and planning functions;
• Ensure and monitor the effective implementation of and drive awareness for policies, procedures and standards;
• Manage day-to-day activities – maintaining policies, standards, procedures, training and communication regarding Information Governance;
• In conjunction with Group Legal and Group Compliance, assist in the identification of applicable laws and regulations and assist with the implementation of actions to ensure compliance;
• Exhibit knowledge of governance, legal, compliance and auditing frameworks and apply that in reviewing the quality of existing and new documentation;
• Recognise and identify potential areas where existing policies, standards and procedures require change;
• Support additional internal and external compliance activities as part of the Information Governance and Security department;
• Support key stakeholders and management with governance planning, reporting, advice

Personal Attributes and Skills

• Strong negotiation skills
• Excellent knowledge of Risk, Legal and technology environments
• The ability to articulate security in non-technical business impact terms
• Excellent written and oral presentation skills, ability to lead discussions
• Business Writing Skills, Presentation and Facilitation Skills
• Customer Service Orientation, Result Orientation, Negotiation skills
• Personal organisation and time management skills
• Professional Communication (written, verbal/presenting and listening)
• Interpersonal skills – Ability to build relationships with people from all different backgrounds and at different job levels

Qualifications & Experience

• Basic IT qualifications (A+, N+ or equivalent)
• proven experience
• Documentation and business writing skill
• Risk-related industry-standard qualifications such as CISA, CISM or CGEIT would be a strong recommendation.
• IT related Diploma / Degree
• NIST, COBIT, ISO2700X, and ITIL
• CRISC, CGEIT (understanding of or experience in)
• 5+ Years experience in information technology
• Working knowledge of and/or experience with Risk and compliance
• Working knowledge of applicable industry standards, legislations, etc
• Experience in compliance frameworks for Information Security, Compliance & IT Governance Standards: ISO27001, PCI-DSS, COBIT, King III/IV, NIST
• Strong risk assessment/audit capabilities with hands on experience in many technologies and platforms across a broad range of industries.