Ict Governance & Assurance Lead

Job Summary

The ICT Governance & Assurance Lead is tasked with monitoring Technology delivery execution across all IT functions applying established frameworks i.e. TOGAF, ITIL, COBIT, ISO to ensure effective execution and delivery. This role will drive the governance and compliance roles within Information Technology department, by establishing the appropriate information technology policy frameworks, driving compliance, service assurance and best practice standards, and ensuring that risk management is well managed and enshrined within the Information Technology department across the I&M Tanzania.

This role will also manage the Business Continuity program for Information Technology, ensuring that IT services are available to the business and customers in the event of any unforeseen disruption, within the agreed service levels.

Responsibilities

Governance, Assurance and Audit:

• Oversee remediation of risk, compliance, and audit gaps, ensuring certification and adherence to standards.
• Implement the Audit Issue Management Framework, emphasizing effective exit meetings, root cause analysis, and corrective actions.
• Manage third-party engagements in compliance reviews and audits.
• Lead the development of IT governance models, ensuring flexibility and alignment with group governance.
• Implement and enhance assurance processes to verify the effectiveness of technology governance controls.
• Collaborate with internal and external stakeholders to ensure compliance with standards and policies.

Technology Change Management:

• Ensure change management activities align with diverse team needs across the IT function.
• Own the change management policy, coordinating the Technology Change Advisory Board (TCAB) sessions.
• Lead, influence, and develop recommendations for complex organizational and process-specific changes.
• Monitor key performance and risk indicators, applying corrective and preventative actions.
• Govern the operational estate, ensuring compliance with change controls, ITSM processes, and security controls.

Technology Standards and Policies:

• Develop standards, policies, and guidelines to meet regulatory requirements.
• Implement adopted technology, security, and operational standards and frameworks.
• Ensure day-to-day implementation of adopted standards, processes, and controls.
• Translate adopted standards into bank policies, processes, and procedures.
• Lead compliance reviews and assessments, recommending applicable standards for improvement.
• Advise on performance against established risk tolerance and objectives.

Vendor Management:

• Oversee vendor relationships, ensuring compliance with contractual agreements and assessing performance.
• Develop and implement vendor management processes and controls to optimize partnerships.

Technology Asset Management:

• Establish and maintain processes for tracking and managing technology assets throughout their lifecycle.
• Ensure compliance with asset management policies and contribute to cost optimization strategies.

Business Continuity Management:

• Lead the development of business continuity plans for technology functions.
• In liaison with the other IT stakeholders, maintain up-to-date disaster recovery plans and ensure recovery procedures are effective for restoration of key IT systems and therefore resumption of critical business processes
• Coordinate and conduct regular drills to test the effectiveness of business continuity measures
• Manage the Business Continuity Program (including IT Business Impact Analysis) within IT.
• Manage Disaster Recovery and backup testing schedules, reporting and remedial actions.
• Regular monitoring and reporting on any significant gaps on IT business continuity practices, including data replication and backups.

Educational Qualifications & Experience:

• Total Minimum of Years of Experience Required – 8 Years, with 3 years in a managerial role within a highly digitized organization.
• 5 Years Experience in at least one IT disciplines such as (IT Governance, IT Security, IT/IS Audit, IT/IS Risk)
• 5 Years Exposure to multiple, diverse technologies and processing environments
• 3+ years’ experience conducting IT compliance assessments or IT governance and assurance/compliance assessments in an organization.
• Knowledge of information security best practice & compliance standards. Knowledge and experience in audit management and reporting
• Prior experience working within a financial service organization will be an added advantage
• 3 Years Prior working experience in a leading formal IT General Controls.
• 3 Years Experience in Operating systems (windows, Unix), Network Services and protocols
• 3 Years experience in Active Directory Domain Services
• 3 Years experience in Database management systems

Skillsets:

• Bachelor’s degree in computer science, Software Engineering, MIS, IT or Related Field
• At least one Professional Qualification in either CISM, CGEIT, COBIT, ITIL or TOGAF
• Relevant certifications in information security knowledge areas, such as Information Systems Audit, Information Security Management or Business Continuity/Disaster Recovery. e.g. CISSP & CISM is an Added Advantage
• Master’s degree in technology or any other relevant field is an Added advantage

Other Preferred Qualifications:

• Strong interpersonal and communication skills - both written and oral.
• Comfortable communicating cross-functionally and across management levels in formal and informal settings