IT Governance & Compliance Specialist

SUMMARY:
IT Governance & Compliance Specialist

POSITION INFO:

Purpose of the Job:
To develop, implement and coordinate Information Technology and related governance, risk and compliance strategy, frameworks, policies, procedures, processes and programmes across the organisation.

Areas of Responsibilities:
The key performance areas of the role will focus on, but not limited to:

Governance
1. Define, develop, review and implement the IT governance framework, and align to international standards, including King Report.
2. Assist divisional management in institutionalizing IT governance within the organisation.
3. Advice divisional management on matters relating to governance in general and IT governance in particular.
4. Ensure the implementation of recommendations from both internal and external auditors.
5. Compile regular reports on progress made.
6. Leading and driving all Governance, Risk and Compliance initiatives.

Risk
1. Define, develop, review and implement the IT risk management framework, and align to international standards.
2. Conduct IT risk assessment on a regular basis, in consultation with the Risk department.
3. Propose and implement risk mitigation measures and maintain an up-to-date IT risk register.
4. Monitor the effectiveness of mitigation measures.
5. Compile regular reports on progress made.

Compliance
1. Define, develop, review and implement the IT compliance framework, and align to international standards
2. Identify all legislation applicable in the IT environment (e.g. Electronic Communications and Transactions Act, Cybercrimes Act, etc.), assess organisation’s compliance and develop plans to ensure compliance
3. Collaborate with other departments to direct compliance issues to appropriate existing channels for investigation and resolution.
4. Ensure compliance to internal IT policies and procedures and report on exceptions on a regular basis.
5. Conducts annual compliance assessments.
6. Conduct reviews and monitor compliance with approved business processes and control frameworks

Information Security
1. Develop and implement information security strategies, policies and procedures.
2. Monitor the implementation and effectiveness of policies and procedures.
3. Conduct regular reviews of security incidents/logs, access rights tables, user account activities, data backup and restore logs.
4. Conduct regular security audits/assessments of information systems and network infrastructure.
5. Ensure that external service providers comply with the organization information security policies, procedures and standards.
6. Conduct annual threat and vulnerability assessments.
7. Investigate security breaches and assist with disciplinary and legal matters associated with such breaches as necessary.
8. Work with external consultants as appropriate for independent security audits.

Business Continuity
1. Define, develop, review and implement the disaster recovery policy, and contribute to the development of the business continuity policy.
2. Develop, implement and test the organisation''''s Disaster Recovery Plan (DRP).
3. Report on the status of disaster recovery capabilities.

Minimum Requirements
• B Degree/BTech in Computer Science, IT Auditing, Information Technology or related field
• 6 years relevant experience in IT Auditing
• 6 years relevant experience in IT Governance, Risk and Compliance

NB! This job is now closed. You can apply for other jobs by uploading your CV.