IT Governance & Risk Manager Job at Sun International

Job Description

• The IT Governance & Risk Manager is responsible for establishing, maintaining, and implementing an enterprise-wide IT Governance Framework that embeds regulatory compliance, risk mitigation, and business continuity across Sun International.
• The role leads the development and execution of technology risk management, IT Business Continuity Management (BCM), and Disaster Recovery (DR) programmes, ensuring alignment with business objectives, regulatory standards, and industry best practices.
• By fostering a risk-aware culture and enabling proactive resilience, this role safeguards the organisation against disruptions and supports sustained operational integrity. (This role is based in JHB/CPT/DBN)

Governance Framework & Policy Management:

• Establish and embed a documented IT Governance Management Framework aligned with business and IT strategies
• Create and maintain a library of IT policies, standards, and SOPs compliant with gaming regulations and legislative requirements
• Communicate governance activities and decisions to IT and business leadership

Risk Management & Compliance:

• Integrate Group Risk ERM methodologies into the IT operational risk register and implement sufficient control measures
• Facilitate risk workshops to identify, categorise, assess, and rate IT-related risks
• Maintain the risk register and monitor key risk indicators (KRIs) and control effectiveness
• Undertake risk reviews and lead end-to-end remediation planning and monitoring

Business Continuity & Disaster Recovery

• Develop and execute BCM and DR policies, roadmaps, and strategic priorities
• Facilitate Business Impact Assessments (BIAs) for critical functions and business units
• Coordinate regular DR testing, design annual Group DR exercises, and document lessons learned
• Develop and maintain the crisis management plan and support crisis management teams

Security & Incident Coordination

• Provide technical security expertise and oversee the response to cyber incidents and technology disruptions
• Ensure incident response plans align with ISO standards and best practices
• Track and remediate gaps from DR failover tests for key applications and critical business areas

Reporting & Continuous Improvement

• Develop dashboards and meaningful metrics to track BCM objectives, emergency capability, and risk exposure
• Perform gap analyses on existing processes and technologies to identify improvement opportunities
• Stay current with incident response, digital forensics, and legal requirements relevant to South Africa

Job Requirements

• Degree in Information Systems, Computer Science, or related field
• ISO 22301 Lead Implementor Certification
• BCI Certification (Member or Associate of BCI Institute)
• 12+ years in IT governance, risk management, business continuity, or IT audit roles
• Experience in IT architecture and control assessments
• Knowledge of IT governance frameworks (COBIT, COSO, ITIL, King IV) and BCM standards (ISO 22301)
• Understanding of data environments, threat vectors, and mitigating controls