Head of Governance, Risk & Compliance and Data Protection Officer (DPO)
The mandate of this position is to align the processes, organisational structures and company culture to conform with the principals, policies and frameworks as mandated by senior management, using resources such as information, services, infrastructure and applications, people, skills and competencies, all while ensuring business continuity without excessive bloat and waste.
Through the design of processes the GRC department introduces a level of governance across the business following ITIL principles. The risk introduction or mitigation is identified and tracked across all processes whilst compliance is ensured via internal audits of the same processes.
Governance is also applied by sitting in on the various boards and groups within the company, to ensure that all products, changes and initiatives are in line with the company strategy and to safeguard the business.
Complimentary responsibilities include chairing the company security board, participating in product council, mentoring, training and leading compliance projects such as GDPR (General Data Protection Regulation).
Within this position and in conjunction to leading the GDPR compliance project, I have also taken on the role of Data Protection Officer (DPO) for NetRefer. The risk based approach as mandated within the Regulation fits perfectly into the GRC portfolio, ensuring that all processes, technologies and other resources including human have in place a privacy framework cross company that provides guidance as well as support.
Duties within this role include but are not limited to:
- Business process design and re-engineering
- Risk identification, quantification and mitigation
- Internal audits in relation to compliance to internal processes and policies
- Translating legal regulations or directives into processes as well as technical requirements for system compliance for consumption by the product owners and developers.
- Conducting due diligence on 3rd parties to ensure suitability.
- reviewing and providing input to the organisations' legal documents.
- Participation in incidents, to manage risk and provide guidance accordingly.
- Monitor the industry for any developments that might impact the risk exposure of the company.
- Introducing controls across the company through the various processes, internal systems and workflows to reduce risk, promote quality and security as well as ensure compliance.