Botsang Marumo

🟩ICT Governance 🟩CRISC 🟩18+ Years Experience 🟩Internal Auditor 🟩CISA🟩 ERM 🟩IT Auditing🟩 ISO: 9001 & 27001🟩 Project Management🟩 Regulatory Compliance🟩People Management🟩COBIT 19

City of Johannesburg, Gauteng, South Africa

About

Experienced Risk Manager, Internal and External IT Auditor, and IT Governance leader with 15+ years’ experience across Africa, specialising in enterprise risk, strategic risk, operational risk, and technology risk. Demonstrated ability to partner with executive leadership, operations, and group functions to drive risk maturity, strengthen internal controls, and support informed decision‑making. Proven track record influencing at senior levels, delivering actionable insights, producing high‑quality corporate reporting, and building risk capability across organisations. Adept at interpreting complex risk landscapes, including geopolitical, cyber, sustainability, operational, and financial risks across diverse African markets.

Experience

  • ICT Governance at National Youth Development Agency (NYDA)
    Feb 2025 - Present · 1 yr 6 mos

    •Lead the design, implementation, and continuous improvement of the Agency’s IT Governance, Risk & Compliance (GRC) framework, ensuring ICT operations meet corporate objectives and regulatory requirements (PFMA, POPIA, GDPR, DPSA). •Perform and oversee IT General Controls (ITGC) and application control reviews aligned to ISA 315. •Coordinate vulnerability assessments, penetration testing, and remediation reviews, aligning activities with internal audit objectives. •Collaborate with internal auditors to integrate IT audit findings into enterprise risk reports and provide assurance to the Audit & Risk Committee. •Oversee data analytics for internal audits and reporting, leveraging tools such as Power BI to identify trends and anomalies. •Preparing and presenting governance reports to the ICT Governance Committee, EXCO, and Audit & Risk Committee, providing insights and recommendations. •Conducting governance maturity assessments and leading improvement initiatives to strengthen the control environment. •Leading identification, assessment, prioritisation, and monitoring of IT risks, ensuring effective tracking of mitigation plans. •Overseeing the IT risk register and performing internal controls reviews to assess control effectiveness. •Managing third-party and supplier IT risk assessments throughout the vendor lifecycle. •Coordinating DR tests, performing post-test reviews, and recommending improvements to enhance resilience. •Overseeing the implementation and monitoring of information security controls aligned to ISO/IEC 27001 and NIST frameworks. •Promoting a security-aware culture through training, awareness campaigns, and policy enforcement. •Managing cross-functional collaboration between technical teams, business units, and external service providers. •Monitoring ICT performance metrics, governance KPIs, and compliance indicators, reporting results to senior leadership.

  • EEMA Risk Specialist at McKinsey & Company
    Feb 2021 - Apr 2024 · 3 yrs 3 mos

    Main Responsibilities: •Cultivate a reputation and establish relationships as a trusted advisor among Partners and members of the Client Service Risk Committee •Lead integrated project/case management and provide expert guidance on Client Service Risk project/cases. •Synthesise and evaluate a range of approaches to managing projects using a variety of different methodologies. •Critically evaluate the key success factors in successful project management in the context of today’s business environment. •Develop a critical understanding of the skills required to analyse and manage the commercial relationships applicable to different project situations •Perform risk assessments for clients at the country level (e.g geopolitical risk), the institution/company level, the shareholder/management level, the operational level, and the topic under evaluation (e.g. cybersecurity). •Contract management, identifying areas for improvement, and ensuring compliance with contractual and regulatory requirements. •Assist Director and global team with strategic initiatives, including business risk assessments, country analysis, awareness campaigns, and transparency initiatives, to strengthen the first line of defence. •Support director by ensuring risk compliance, monitoring incidents, analysing root causes, identifying lessons learned, and reinforcing risk management strategies. •Mentor junior colleagues, helping to cultivate an inclusive environment focused on performance and wellbeing. •Participate in problem-solving discussions, and ensure smooth decision implementation. •Develop insightful EEMA dashboards and reports tailored for firm leadership, while systematically prioritizing action items for resolution. •Develop processes to ensure consistent application of policies and guidelines across the EEMA region, in collaboration with compliance partners. •Planned, developed, and implemented comprehensive Risk and Compliance Training and Awareness initiatives throughout the EEMA region.

  • Risk Manager (IT, Products and Projects) at MTN
    Jan 2018 - Jan 2021 · 3 yrs 1 mo

    Main Responsibilities: •Direct, Oversee and Facilitate implementation of Combined Assurance Model within the Group. •Conduct comprehensive Quality Assurance Reviews (QAR) of Risk Management practices across the various MTN Group Operating Companies in Africa and the Middle East. •Collaborate with internal stakeholders to identify and assess risks, supporting MTN Group's enterprise risk management strategy. •Develop and implement effective risk responses that align with organizational goals and risk tolerance. •Monitor risk dynamics and provide timely and insightful information to stakeholders. •Develop and implement IS controls that align with MTN Group's risk appetite, promoting alignment between risk management and technology efforts. •Identifying, assessing, and responding to cyber threats to protect MTN's information and systems. •Monitor performance against agreed-upon KPIs and SLAs, address deviations, and develop continuous improvement strategies •Identifying potential risks that could impact the project’s objectives, scope, timeline, and budget. •Deliver meticulously crafted reports to senior management, complete with specialized recommendations grounded in current best practices. •Oversee multiple projects within MTN Group, ensuring they are completed on time, within scope, and within budget. •Develop and implement performance metrics to track project progress. •Create an actionable plan for continuous improvement and track implementation progress. •Provide valuable input regarding risks associated with projects, new products, and services, contributing to well-informed decision-making processes. •Examine critical risks, issues, and dependencies, devising and overseeing appropriate mitigation measures. •Conduct thorough assessments of risks, issues, and dependencies in strategic projects, ensuring meticulous oversight. •Contribute to building a strong risk management culture through awareness campaigns and engagement initiatives.

  • Senior IT Auditor at MTN South Africa
    May 2016 - Jan 2018 · 1 yr 9 mos

    Main Responsibilities: •Direct, Oversee and Executes IT and Technology related audits covering four audit phases i.e planning, execution, reporting and quality assurance • Conduct risk assessments, identify vulnerabilities, and suggest security improvements. • Identify, evaluate, and react to cyberattacks to safeguard MTN's data and infrastructure. • Develop and define IT Audit universe. • Contribute substantively to the formulation of the risk-based Audit Coverage Plan, aligning it seamlessly with overarching strategic objectives. • Collaborated with business process owners to create system descriptions and identify risks in departmental processes. • Compiling detailed audit programs for assigned activities ensuring a systematic and structured audit process. • Developed audit findings demonstrating analytical abilities and attention to detail. • Provide valuable insights to the Audit Committee and Exco regarding the progress of implementing audit recommendations. • Present audit findings and recommendations to management. •Ensure constructive collaboration and avoid redundancy by aligning audit initiatives with data processing activities. •Obtained sufficient and appropriate audit evidence to assess control effectiveness, ensuring adherence to established testing protocols. •Manage team members and TOPP students assigned to projects, including contributions to their performance evaluation. •Suggest improvements to the Internal Control System in collaboration with process owners across MTNSA. •Compile materials for the Audit & Risk Committee package, ensuring accuracy and relevance. •Provide detailed reports to the Audit Committee, CEO, and Head of Business Risk, highlighting control deficiencies at MTNSA. •Promote proactive risk management by identifying and addressing potential vulnerabilities before they escalate. • Provide evidence-based recommendations to align programs and operations with goals and objectives, and document findings in comprehensive reports.

  • IT Audit Manager/Internal Audit Manager at Business Innovations Group
    Oct 2015 - May 2016 · 8 mos

    Main Responsibilities: • Help develop a 3-year strategic internal audit plan. • Actively contribute to developing an annual audit plan for the first year of the three-year strategic internal audit plan. • Contribute valuable insights and perspectives to the annual audit plan for information systems. • Assess the effectiveness of the organization's risk management strategy in mitigating common risks. • Developing an audit strategy, identifying the scope of the audit, determining the audit objectives, and outlining the audit approach and methodology. • Assigning roles and responsibilities to team members based on their skills and experience. • Authorize audit programs after thorough review and strict adherence to approved plans, justifying and authorizing deviations as necessary. • Providing guidance and support to team members throughout the audit process. Providing on the job training, answering questions, and providing feedback on the work done. • Monitoring audit progress to ensure timely resolution of all issues. Maintain regular communication with team members and stakeholders. • Reviewing work done by team members to ensure that it meets the required standards. • Ensure that audit reports are precise, clear, concise, constructive, and timely. • Actively participate in client meetings to ensure effective communication. • Conduct ad hoc audits at Management's request, adapting to changing needs. • Ensure audits meet the Institute of Internal Auditors' standards. • Implement corrective measures based on Directorate recommendations and monitor follow-up actions. • Ensure strict adherence to Section 45 of the Public Finance Management Act. • Provide accurate and comprehensive materials for the Audit & Risk Committee package. • Actively participate in Audit & Risk Committee meetings to provide valuable insights and perspectives.