IT Governance Risk and Compliance Specialist

SUMMARY:
IT Governance Risk and Compliance Specialist

POSITION INFO:

Job summary statement/purpose:

The role will participate in planning, design, implementation, operation, and maintenance of IT Governance, IT Risk & Compliance initiatives within the organisation. The objective is to ensure information technology initiatives are aligned to business objectives, while managing risk and meeting regulatory compliance requirements through a well-managed internal control environment.

Key Performance Areas:

1. IT Governance Management:

• Maintain and support IT Governance maturity improvement initiatives based on COBIT 2019 and the Public Corporate Governance of Information and Communication Technology Policy Framework.
• Improve efforts to coordinate the IT resources available to the organisation in a manner that would create value for the business.

2. IT Risk Management:

• Maintain IT risk strategy and ensure that it is executed in line with the enterprise risk management requirements.
• Coordinate, facilitate and monitor IT risk activities within the division maintaining a consolidated IT register to enable management to make informed decisions.
• Ensure proactive management of IT risk in line with business tolerable levels.

3. IT Compliance and Audit

• Proactive management of compliance requirements to improve the division’s compliance maturity with legal and regulatory requirements such (POPIA, ETC act, Cyber bill, RICA etc).
• Monitor and review compliance with regulatory requirements and internal controls practices to ensure IT-related activities are meeting prescribed standards.
• Proactively manage IT internal controls to ensure satisfactory audit outcomes.
• Maintain and facilitate data protection activities to ensure full compliance with associated regulations on personally identifiable information and business-related sensitive information.

4. Information Security Governance

• Implements processes, such as governance, risk, and compliance to automate and continuously monitor information security controls, exceptions, risks, testing. Develops reporting metrics, dashboards, and evidence artifacts.
• Schedules regular assessments and testing of effectiveness and efficiency of controls and creates GRC reports.

• Updates security controls and provides support to all stakeholders on security controls covering internal assessments, regulations and protecting Personally Identifying Information (PII) data
• Performs and investigates internal and external information security risk and exceptions assessments. Assess incidents, vulnerability management, scans, patching status, secure baselines, penetration test result, phishing, and social engineering tests and attacks.
• Documents and reports control failures and gaps to stakeholders. Provides remediation guidance and prepares reports to management to track remediation activities.

5. Adhoc

• Perform any reasonable tasks as and when required by the line manager or other relevant members of the organisation.

Qualifications and Experience:

• Matric.
• National Diploma in IT /Bachelor or relevant qualification equivalent to NQF Level 6.
• IT Governance certifications: ITIL & COBIT, ISO 27001/2 Lead Implementor strongly recommended.
• International certificates such as CRISC, CISA or CGEIT are strongly preferred.
• Minimum of 6 years’ experience in IT Governance/ IT Risk/ IT Audit & Compliance/ Information Security Governance.
• Hands-on experience with implementation and monitoring of one or more IT Governance frameworks (COBIT, ITIL, ISO 27001. etc.).
Knowledge
• Established knowledge of IT frameworks, vocabulary, and best practices.
• Excellent understanding of Regulatory requirements facing the IT environment (POPIA, GDPR, Cybersecurity Bill, ETC Act).
• Must be persuasive and be able to communicate IT Governance Risk and Compliance related concepts to a broad range of technical and non-technical audience.
• Solid understanding of Information, Technology and Cybersecurity risks and preventative controls.

NB! This job is now closed. You can apply for other jobs by uploading your CV.