|Company||South African Civil Aviation Authority|
|Reference #||Corporate Services|
|Location||Midrand, Gauteng, South Africa|
Develop, maintain, manage and execute a comprehensive process for identifying, assessing, mitigating, monitoring and reporting on risks that may impact on organizational performance.
Ensuring continuing co-ordination and integrity of the Business Continuity Management Programme and that those responsible for BCM maintenance, testing, exercising and operation, have the necessary level of support and advice.
Ensure proper co-ordination and reporting on the overall SACAA combined assurance process, plans and activities in accordance to King 4, thereby reducing insurance fatigue in SACAA.
|Job Functions||Risk Management|
Enterprise Wide Risk Management (EWRM):
• Maintain and enhance the EWRM governance documents (strategy, framework, policy, procedure & forms).
• Implement risk management best practices to ensure alignment with national regulations and international standards e.g. ISO 31000, COSO, National Treasury.
• Develop and maintain a common risk taxonomy
• Draft, implement and maintain a rolling 3-year EWRM Plan.
• Establish and quantify SACAA’s risk appetite and Key Risk Indicators (KRIs).
• Perform assessment (identifying, describing, analysing, evaluating and treating) of risks affecting the organization.
• Maintain updated strategic, tactical, operational, etc. risk profiles/registers aligned to SACAA’s strategic, tactical and operational objectives.
• Assist the Executive and SM: R&C in aggregating, monitoring and advising management on the effective management and mitigation of identified risks.
• Coordinate the quarterly SACAA Risk Committee meetings
• Perform regular deep dives in risk areas to proactively identify latent/emerging risks.
• Coordinate the process with departmental risk champions to ensure deadlines in respect of quarterly key risk indicator reporting are adhered to.
• Maintain the data integrity on the Risk Management Software Solution (system).
• Regular Risk reporting tailored for different audiences, e.g. Board, Executives and management to ensure they are aware of risks relevant to their business units. • Continual Improvement of SACAA Risk Management through measuring and monitoring of the risk maturity level of the organisation. .
• Ensure the embedding of EWRM and its objectives to SACAA personnel and service providers through training, communications and contracts.
• Develop tender specifications to ensure enterprise risk is maintained at acceptable levels
• The identification, registration and reporting of opportunities to management.
Business Continuity Management (BCM):
• Maintain and enhance the enterprise BCM governance documents (strategy, policies, procedures & forms).
• Implement BCM practices to ensure alignment with national regulations and international standards e.g. ISO 22301, King IV.
• Develop and maintain a common BCM taxonomy
•• Review and maintain Business Impact Analysis (BIA) annually with all SACAA departments to control or reduce BCM risk exposures for the organization.
• Maintain SACAA Business Continuity Plans annually and ensure their resilience through regular testing.
• Coordinate the Monthly BMC progress meetings.
• Liaise with ICT to ensure alignment between the BCPs and the ICT Disaster Recovery Plan (DRP)
• Establish and maintain Emergency Response and Crises Management Plans. Draft, implement and maintain a rolling 3-year Business Continuity Planning / Programme.
• Establish and train a Crisis Management Team that will respond to any crisis, disaster or significant business interruption;
• Ensure alignment of the BCM system to the SACAA’s risk profile
• Regular BCM reporting tailored for different audiences, e.g. Board, Executives and Treasury.
• Regular scenario testing to ensure employees are suitably prepared and execute their Business Continuity Plans appropriately in the event of a business disruption.
• Ensure awareness of BCM and its objectives to SACAA personnel and service providers through training, communications and contracts.
• Ensure the Service Level Agreement with the Off-Site Service Provider is managed at an acceptable level to ensure business continuity
• Liaise with SCM to ensure that all service providers to critical SACAA systems and processes have BCM in place to ensure continued operations in the event of a disruptive event effecting their business.
Combined Assurance (CA):
• Maintain and enhance the enterprise CA governance documents (strategy, policies, procedures & forms).
• Implement CA best practices and ensure alignment with national regulations and international standards e.g. ISO 31000, 19600, 22301 and King IV.
• Develop and maintain a common CA taxonomy
• Draft, implement and maintain a rolling 3-year CA Plan.
• Coordinate the quarterly CA Committee meetings
• Co-ordinate enterprise assurance (governance, risk & compliance) efforts focusing on key risk exposures across the organization to reduce assurance fatigue.
• Regular CA reporting tailored for different audiences, e.g. Board, Executives and management.
• Review and update the combined assurance plan for effect of mid-term changes in the assurance universe
• Track and test corrective actions on identified improvement opportunities, control weaknesses or significant inherent risk mitigations.
• Ensure awareness of CA and its objectives to SACAA personnel and service providers through awareness training, communications and contracts.
• Enable the Board through combined assurance reports to make control statements in the integrated report.
• Adherence to all relevant SACAA policies and procedures (leave, disciplinary, declaration of interest, etc.)
• Fulfilment of Individual Skills profile.
• Compliances with SACAA records management policy and procedures.
• Optimize EWRM, BCM & CA spend in line with budget.
Preference will be given to Employment Equity candidates:
The SACAA will process applications as soon as possible. If you have not heard from us within 90 days after your CV has been received by us, please consider your application unsuccessful.
“All SACAA appointments are subject to S98 of the Civil Aviation Act, 13 of 2009 and all successful candidates will be subjected to security vetting”.
Minimum Education (Formal Qualification required):
Degree / Diploma in Risk Management, Business Continuity Management, Combined Assurance and National.
Ideal Education (Formal Qualification required):
Post graduate qualification in Risk Management will be an added advantage.
Experience (Minimum Experience required - type and number of years):
8 Years - Risk Management
3 Years - Combined Assurance
3 Years - Business Continuity Management
3 Years - Commercial Aviation
1 Year - Corporate Governance
1 Year - Information Technology (Security / Disaster Recovery
|Job Closing Date||29/01/2020|