Our client, in telecommunication services, requires an Assurance Manager to plan, direct, or coordinate activities of an organization to ensure compliance with best practice standards, including but not limited to ISO 9001, ISO 27001, ISO 14001, ISO 50001, ISO 45001, ISAE 3402 Type II, PCI DSS.
Job Title: Assurance Manager
Location: JHB – Northern SuburbsPermanentFull TimeNon EE/AAPublished: 3 hours ago
Duties & Responsibilities:
Main Functions of the Role:
Manage deliverables of the Risk and Compliance department.
Document and Records Management
Review and upload all policies, procedures, work instructions, processes, plans, etc on MyZone, as per the Document and Records Procedure. Ensure these documents comply with the standards set for document quality, labelling etc. Ensure that the documents are technically correct (within the scope of your technical knowledge) and ensure consistency & correct cross referencing applied across the documents.
Ensure the Company policies, procedures etc are reviewed within the review cycle assigned to the document.
Compile and maintain all Risk and Compliance Department or global policies and procedures e.g. Incident Management Procedure, Change Control Procedures, Document and Records Control etc.
Owner of the MyZone Sharepoint policy and procedure repository.
Prepare management reports regarding Risk and Compliance department responsibilities e.g. ESG Report. Ensure the ESG report is prepared prior to Operational Risk Meeting, and is of a high quality, complete and accurate.
Responsible for ensuring all management system documents, records, evidence are maintained and available on the share drive for audit.
Ensure an company audit schedule is compiled and implemented to conduct periodic self-assessments and internal audits to ensure that policies, procedures, processes, work instructions are followed. This schedule must also include external and legal audits. Liaise with HOD and Managers to ensure audit planning is undertaken at a mutually time.
Ensure all legal audits are scheduled by the respective HOD and occur as planned.
Track and report on audit remediation activities within the ESG report/ Operational Risk Meeting.
Liaise with third party internal auditors to plan and schedule audits, and ensure proposals and purchase orders are approved timeously.
Ensure that all major, minor findings and observation are resolved within the required timeline and that the required response/ evidence is provided to the internal auditors within the specified timelines.
Ensure that all self-assessment audit findings are documented appropriately, and that these are closed within 60 days of audit.
Certification and Attestation
Appointment as Management representative for ISO 9001 ISO 27001, ISO 14001 and ISO 50001 and fulfil responsibilities as documented in the management representative letter of appointment.
Ensure all certification and attestation audits occur prior to expiry and that certification/ attestation is achieved.
Host the certification and attestation audit meetings & inspections and attend as management representative.
The company is currently certified or has attestation for the following, however, it must be noted, that it is the responsibility of the Assurance Manager to lead the adoption of additional certification/ attestation standards, as and when required by business:
ISO 9001:2015 Standard
ISO 27001:2013 Standard
ISO 14001:2015 Standard
ISO 50001:2018 Standard
PCI DSS 3.2 (Physical Security only)
ISAE 3402 Type II for the control principles of security and availability
Liaise with third party certification or attestation parties to plan and schedule audits, and ensure proposals and purchase orders are approved timeously.
Ensure that all major, minor findings and observation are resolved within the required timeline and that the required response/ evidence is provided to the certification/ attestation party within the specified timelines.
Ensure site addition or transition audits (e.g. ISO 27001: 2013 to ISO 27001: 2021) are scheduled and undertaken prior to the SLA contractual requirements and/or expiry rules of the standard. Ensure that the site and/or departments affected are trained in the requirements, and have implemented the design and control policies, processes and procedures, prior to audit.
Ensure that all training and awareness, as required by the respective standard, is undertaken prior to audit. Liaise with the management representatives of each standard in this regards.
Staff Management and Development
Performance management and development of the Quality Assurance Officer.
Third Party Assurance and Audit
Prepare responses to and lead audits with third party assurance auditors e.g. Trusight audit. Ensure the evidence team is prepared and provides the required evidence to prove existence of controls, in support of design. Overall ownership of the audit responses and evidence, and complying to the submission deadlines.
Provide assistance to external non-certification/attestation Service Delivery Manager lead audits.
Compile responses to client compliance / audit questionnaires, as first line respondent, and where not subject matter expert, liaise with the experts to compile responses to questionnaires. Head of Operations will be the final approver/ reviewer of responses.
Root Cause Analysis, Corrective and Preventative Action Ownership
Review all audit reports, and ensure that appropriate and complete RCA, corrective and preventative actions are identified and implemented. Ensure that correct and complete verification is performed by the QA Officer, prior to closure of reports.
Perform trend analysis on audit findings over agreed period to ensure root cause correctly identified and the appropriate corrective and preventative actions are implemented.
ISO 9001:2015 Standard Implementation and Auditor certified;
ISO 27001:2013 Standard Implementation and Auditor certified;
ISO 14001:2015 Standard Implementation and Auditor certified preferred, but not mandatory
ISO 50001:2018 Standard Implementation and Auditor certified preferred, but not mandatory
PCI DSS 3.2 experience i.e. > 3 years of auditee experience
ISAE 3402 Type II for the control principles of security and availability experience preferred, but not mandatory
Minimum 8 years’ experience in an standards internal audit, compliance or assurance role
Prior management experience preferred but not mandatory
Tertiary diploma or degree preferred, but not mandatory
Minimum of 3 years’ experience in responding to third party ISO 9001 & ISO 27001 related audit questionnaires – strong understanding of terminology, design and control requirements.
**Kindly Note that only shortlisted candidates will be contacted**
Package & Remuneration:
R 600000 – R 720000 – Annually