About the job

Our client is seeking a highly experienced and results-driven ICT Manager to align and drive the Technology strategy including the implementation of all IT Governance, Risk, and Compliance and Security architecture. Take overall ownership of all direction, vision, standards and strategic objectives for GRC and IT Operations. Take full ownership and control of all IT Service Providers, Vendors and Suppliers and ensure effective coordination, management and service level compliance for IT outsourced services. Also, the ICT Manager shall direct and control the development, implementation and maintenance of the Information Technology services for the company, including the lottery and general IT technology systems and services. To manage all aspects of technology services including: Infrastructure (Compute, servers, storage, backups, desktop, networks and operating software. Data Centre Operations, monitoring and compliance including Draw Operational support. Software Management (MIS, application support, development, development support and MI/BI reporting). ICT Governance, Compliance and Information Security including ISO27001, and IT governance (ITSM, Service Desk, WLA-SCS, ISO27001, COBIT & ITIL). Responsible for service delivery, service level agreements, third-party suppliers and coordination of all implementations, testing, support and service delivery

Responsibilities

• Oversee the development and implementation of information security standards for all part of the lottery division – lotto specific data and information as well as generic systems such as accounting and payroll systems
• Undertake period reviews of the information security strategy, procedures, policies standards and guidelines to keep up with the prevailing best practices
• Define and implement the standards for logical access management including user ID creation, password/authentication standards, monitoring and access lock-down
• Conduct information security related investigations, monitor and report to ensure conformity to the set IT standards
• Monitor adherence to information security standards by conducting monthly dipstick audits Commission formal external audit reviews (such as testing for hacking/unauthorised access) once approval for these activities is obtained from the Chief Operating Officer
• Drive the creation of awareness communication materials as well as more in-depth training for employees on information security
• Review requests for whitelisted websites and email addresses and assess whether they meet the standards to be included. Authorise the firewall changes
• Participate in the creation of standards to ensure the separation of duties to ensure protection against collusion and processing of incorrect or fraudulent transactions
• Participate in the creation of policies and process for the destruction of data or removal of confidential information from hardware used in the organisation. Ensure that the correct hardware and software applications are in use to protect confidential information from accidentally being recovered from unused equipment
• Deploy software and tools to monitor the appropriate use of data and information. Highlight breaches including the severity of the breaches. Work with Human Resources to run disciplinary processes to address the breaches
• Be accountable for the design and deployment of appropriate processes, tools and technologies
• Ensure that Security Management is engaged with regards to service assurance
• Ensure compliance with its regulatory obligations in regards to IT assets, where operational processes depend on IT performance, keeping abreast of regulations on third party risk, maintaining external networks for the purpose of identifying best practice
• Lead the completion of Service Introduction Assessments
• Create and manage a risk governance framework
• Work closely with data governance and internal audit/risk teams to define the systems access levels for different roles in the organisation
• Work closely with Human Resources to ensure that employees who exit the organisation have their access revoked on their last day in the office. Regularly obtain exit reports and cross check to ensure that the user access has been removed
• Define and establish an IT governance framework in line with the corporate governance
• Define and communicate an IT governance maturity roadmap
• Monitor and report on IT governance initiatives
• Prepare reports on IT strategy, performance and risks
• Assess the IT infrastructure on a periodic basis to ensure that it is standardised wherever possible
• Develop and adhere to IT processes, procedures and standards
• IT policy creation, review, update awareness and monitoring
• IT process analysis and improvement
• IT governance reporting
• Internal and external audit liaison
• Administration of key IT processes
• Change Management
• Incident Management
• Policy exception management
• Measure and report on the alignment of IT with the business direction for the achievement of IT strategic objectives
• Measure and report on optimization and the availability of suitable IT resources, skills and infrastructure to meet the strategic objectives
• Report on relevant portfolio, programme and IT performance in a timely and accurate manner
• Establish an IT risk management framework in line with the risk management framework
• Identify, assess, monitor and recommend on the management of IT risks
• Ensuring that the business and IT regularly assess and report IT-related risks and the impact on the business
• Identify, develop, document, communicate and maintain data quality requirements and standards
• Monitor compliance of information flows and data stores against data quality standards
• Identify areas for data quality improvement and help to resolve data quality problems to enhance data integrity
• Measure and report to management on the progress of data quality improvement
• Provide monthly and quarterly reports on implementation of initiatives for accountability and performance monitoring
• Plan, organize, direct, control and evaluate the operations of Information Technology department.
• Develop and implement policies and procedures for IT processing, operations and development.
• Oversee the development and implementation technology service
• Operational Level and Service Level agreements and ensure efficient and effective delivery of IT services within these parameters.
• Personally engage with the organisation’s key technology vendors during normal service level reviews and during outages. Closely monitor their performance against contracted delivery. Negotiate corrective measures where needed. Ensure that service penalties are applied if they don’t meet the contracted service levels.
• Review the technology asset register on at least a quarterly basis including hardware and software assets. If needed, commission formal reviews of adherence to licensing conditions for third party applications.
• Ensure that redundant hardware or applications are removed from use and the licenses and other related items are closed out.
• Oversee the review of technology specific policies and procedures annually

Requirements

• Management, or related disciplines.
• 5+ -10+ years’ experience and proven track record in security and IT security, IT Risk and IT audit field
• In depth exposure to and experience with application of industry accepted IT governance standards (e.g., COBIT, ITIL, TOGAF, King III or similar)

Experience Preferred:

• Industry experience in the gaming and lottery sector o Knowledge of ISO 27001, ISO22301, WLA SCS
• Professional certifications such as CISA, CISM, CISSP, or equivalent.
• ITIL Foundation Certification.
• Experience of preparing and delivering of reports for senior management
• Strong communication skills with the ability to convey complex information clearly and concisely
• Able to plan and prioritise own work in line with tight deadlines
• Ability to engage stakeholders in operational and strategic areas
• Working knowledge of relevant Information Technology / Business governance, risk and compliance issues
• Knowledge of IT governance and IT operational processes and procedures
• Project management principles
• IT audit processes and procedures
• IT Service Management

• Oversee the development and implementation of information security standards for all part of the lottery division – lotto specific data and information as well as generic systems such as accounting and payroll systems
• Undertake period reviews of the information security strategy, procedures, policies standards and guidelines to keep up with the prevailing best practices
• Define and implement the standards for logical access management including user ID creation, password/authentication standards, monitoring and access lock-down
• Conduct information security related investigations, monitor and report to ensure conformity to the set IT standards
• Monitor adherence to information security standards by conducting monthly dipstick audits Commission formal external audit reviews (such as testing for hacking/unauthorised access) once approval for these activities is obtained from the Chief Operating Officer
• Drive the creation of awareness communication materials as well as more in-depth training for employees on information security
• Review requests for whitelisted websites and email addresses and assess whether they meet the standards to be included. Authorise the firewall changes
• Participate in the creation of standards to ensure the separation of duties to ensure protection against collusion and processing of incorrect or fraudulent transactions
• Participate in the creation of policies and process for the destruction of data or removal of confidential information from hardware used in the organisation. Ensure that the correct hardware and software applications are in use to protect confidential information from accidentally being recovered from unused equipment
• Deploy software and tools to monitor the appropriate use of data and information. Highlight breaches including the severity of the breaches. Work with Human Resources to run disciplinary processes to address the breaches
• Be accountable for the design and deployment of appropriate processes, tools and technologies
• Ensure that Security Management is engaged with regards to service assurance
• Ensure compliance with its regulatory obligations in regards to IT assets, where operational processes depend on IT performance, keeping abreast of regulations on third party risk, maintaining external networks for the purpose of identifying best practice
• Lead the completion of Service Introduction Assessments
• Create and manage a risk governance framework
• Work closely with data governance and internal audit/risk teams to define the systems access levels for different roles in the organisation
• Work closely with Human Resources to ensure that employees who exit the organisation have their access revoked on their last day in the office. Regularly obtain exit reports and cross check to ensure that the user access has been removed
• Define and establish an IT governance framework in line with the corporate governance
• Define and communicate an IT governance maturity roadmap
• Monitor and report on IT governance initiatives
• Prepare reports on IT strategy, performance and risks
• Assess the IT infrastructure on a periodic basis to ensure that it is standardised wherever possible
• Develop and adhere to IT processes, procedures and standards
• IT policy creation, review, update awareness and monitoring
• IT process analysis and improvement
• IT governance reporting
• Internal and external audit liaison
• Administration of key IT processes
• Change Management
• Incident Management
• Policy exception management
• Measure and report on the alignment of IT with the business direction for the achievement of IT strategic objectives
• Measure and report on optimization and the availability of suitable IT resources, skills and infrastructure to meet the strategic objectives
• Report on relevant portfolio, programme and IT performance in a timely and accurate manner
• Establish an IT risk management framework in line with the risk management framework
• Identify, assess, monitor and recommend on the management of IT risks
• Ensuring that the business and IT regularly assess and report IT-related risks and the impact on the business
• Identify, develop, document, communicate and maintain data quality requirements and standards
• Monitor compliance of information flows and data stores against data quality standards
• Identify areas for data quality improvement and help to resolve data quality problems to enhance data integrity
• Measure and report to management on the progress of data quality improvement
• Provide monthly and quarterly reports on implementation of initiatives for accountability and performance monitoring
• Plan, organize, direct, control and evaluate the operations of Information Technology department.
• Develop and implement policies and procedures for IT processing, operations and development.
• Oversee the development and implementation technology service
• Operational Level and Service Level agreements and ensure efficient and effective delivery of IT services within these parameters.
• Personally engage with the organisation’s key technology vendors during normal service level reviews and during outages. Closely monitor their performance against contracted delivery. Negotiate corrective measures where needed. Ensure that service penalties are applied if they don’t meet the contracted service levels.
• Review the technology asset register on at least a quarterly basis including hardware and software assets. If needed, commission formal reviews of adherence to licensing conditions for third party applications.
• Ensure that redundant hardware or applications are removed from use and the licenses and other related items are closed out.
• Oversee the review of technology specific policies and procedures annually

• Information security standards
• IT Governance
• Risk Management
• Compliance
• IT Operations
• Service Level Agreements (SLAs)
• Vendor Management
• Infrastructure Management (Compute, servers, storage, backups, desktop, networks, operating software)
• Data Centre Operations
• Software Management (MIS, application support, development, MI/BI reporting)
• ISO27001
• COBIT
• ITIL
• ITSM
• Service Desk
• WLA-SCS
• Logical access management
• Information security investigations
• Auditing
• Firewall management
• Separation of duties
• Data destruction policies
• Hardware and software application security
• Data monitoring tools
• Disciplinary processes
• Service assurance
• Regulatory compliance
• Third-party risk management
• Service Introduction Assessments
• Risk governance framework
• Data governance
• Systems access level definition
• IT governance framework
• IT governance maturity roadmap
• IT strategy reporting
• IT infrastructure standardization
• IT processes, procedures, and standards development
• IT policy creation and review
• IT process analysis and improvement
• IT governance reporting
• Audit liaison
• Change Management
• Incident Management
• Policy exception management
• IT resource optimization
• Portfolio, programme, and IT performance reporting
• IT risk management framework
• Data quality requirements and standards
• Data integrity
• Vendor performance monitoring
• Contract management
• License compliance

• Management, or related disciplines.
• 5+ -10+ years’ experience and proven track record in security and IT security, IT Risk and IT audit field
• In depth exposure to and experience with application of industry accepted IT governance standards (e.g., COBIT, ITIL, TOGAF, King III or similar)
• Industry experience in the gaming and lottery sector
• Knowledge of ISO 27001, ISO22301, WLA SCS
• Professional certifications such as CISA, CISM, CISSP, or equivalent.
• ITIL Foundation Certification.
• Experience of preparing and delivering of reports for senior management
• Strong communication skills with the ability to convey complex information clearly and concisely
• Able to plan and prioritise own work in line with tight deadlines
• Ability to engage stakeholders in operational and strategic areas
• Working knowledge of relevant Information Technology / Business governance, risk and compliance issues
• Knowledge of IT governance and IT operational processes and procedures
• Project management principles
• IT audit processes and procedures
• IT Service Management