IT Governance Risk & Compliance Specialist

SUMMARY:
IT Governance Risk & Compliance Specialist

POSITION INFO:

Job summary statement/purpose:

The role will assist with and participate in the planning, design, implementation, operation, and maintenance of IT Governance, Risk & Compliance (GRC) efforts intended to support Business, IT Risk Management and Assurance goals and objectives.
Primary functions will include leading and participating in the assessment of IT risks and control effectiveness for applications, infrastructure, and IT projects. This will involve the collection of appropriate and relevant data for the monitoring and analysis of specific IT control activities, liaising with and providing consultative support to IT control owners and performers, generation of reports for analysis, assessment and presentation to IT and business management, recommendations on and tracking of control remediation, and coordination of efforts with internal and external auditors.

KEY PERFORMANCE AREAS (DUTIES & RESPONSIBILITIES):

1. IT Governance Management:

• Analyse and recommend operational and business workflow changes to management in order to strengthen the control environment/security posture.
• Participates in IT GRC team efforts to plan, design, implement and maintain IT Governance, Risk & Compliance initiatives, and their supporting elements.
• Assist with maturing the IT Governance system to produce measurable results toward achieving IT strategies and ensuring that IT investments support business objectives.

2. IT Risk Management:
• Consultation and assistance to Risk & Control Owners in the planning, design, implementation, operation, maintenance & remediation of control activities and other supporting requirements (e.g. policies, standards, processes, system configurations, etc.) as appropriate.
• Coordination, tracking and reporting of remediation plans and progress for all identified IT Control deficiencies
• Perform ad-hoc duties as assigned to ensure the smooth functioning of the IT GRC function and maintain a good reputation with Auditors, Compliance and Risk Departments.
• Maintain and monitor that the IT risk framework is aligned with the Sasria approved enterprise risk management framework
• Integrate Cyber risk into IT Risk Management practices, processes, procedures, and activities.

Co-ordinate periodical internal risk assessments in various IT functions and ensure vulnerability remediation and tracking.
• Conduct IT risk assessments (including projects risk) and analyse the effectiveness of controls and report on them with actionable recommendations.
• Facilitate disaster recovery and business continuity initiatives with relevant stakeholders.

3. IT Compliance:
• Proactive management of compliance requirements to improve the division’s compliance maturity with legal and regulatory requirements such (POPIA, ETC act, Cyber bill, RICA etc.)
• Monitor and review compliance with regulatory requirements and practices to ensure IT-related activities are meeting prescribed standards.
• Act as compliance champion for the IT Division.
• Maintain and facilitate data protection activities to ensure full compliance with POPIA and associated regulations on personal identifiable information and business-related sensitive information.

4. Adhoc:
Perform any reasonable tasks as and when required by the Line Manager or other seniors.

Qualifications and Experience:

• Grade 12 Senior Certificate.
• National Diploma in IT /Bachelor or Relevant equivalent to NQF Level 6.
• IT Governance certification or ITIL & COBIT mandatory.
• CRISC, CISSP, CISA or CGEIT certification is strongly preferred.
• Minimum 7 years of experience in IT Governance Risk and Compliance field
• Experience with GRC methodologies, tools, and enablers.
• Hands-on experience with implementation and monitoring of one or more IT Governance frameworks (COBIT, ITIL, ISO etc.).

Knowledge:

• Excellent understanding of IT operational processes and controls including projects.
• Excellent understanding of Regulatory requirements facing the IT environment (POPIA, GDPR).
• Must be persuasive and be able to communicate GRC related concepts to a broad rangeof technical and non-technical staff.

• Solid understanding of security risks and preventative controls.

Sound knowledge, understanding and application of the relevant legislation.
• Established knowledge of the IT frameworks, vocabulary, and best practices.
• Experience of delivering excellent user experience.

NB! This job is now closed. You can apply for other jobs by uploading your CV.