IT Governance, Risk and Compliance Specialist

Financial Responsibility:

• Total budget responsible for
• Total staff salaries

Synopsis of Department/Unit

Looking for an IT Governance, Risk, and Compliance Specialist who will develop and implement IT Governance frameworks and controls aligned with international standards
Manage IT audits and risks
Ensure compliance with applicable IT regulations and policies
Deliver IT reporting requirements

Job Purpose

Develop and implement IT Governance frameworks and controls aligned with international standards
Manage IT audits and risks
Ensure compliance with applicable IT regulations and policies
Deliver IT reporting requirements

Key Performance Areas and Responsibilities

IT Governance – 30%

• Develop and implement a comprehensive IT GRC strategy
• Develop and implement IT Governance, Risk Management, and Compliance policies, processes, and procedures
• Implement and embed frameworks such as COBIT, ITIL, ISO, NIST, SABSA, PRINCE II, CMM
• Implement IT controls aligned with risk, legislative, regulatory requirements, and industry trends
• Develop, monitor, and report on IT governance metrics and performance indicators
• Assist with IT alignment activities including report submissions across governance committees and structures
• Assist IT departments with development and maintenance of incident response plans
• Assist with preparation of stakeholder communications in response to cybersecurity incidents
• Maintain accurate and up-to-date IT GRC documentation

IT Audit and Risk Management – 30%

• Establish processes for continuous monitoring and reporting on compliance and risk management activities
• Develop an IT risk profile aligned with the approved Risk Management framework
• Conduct periodic internal risk assessments across IT departments
• Track application access reviews, active directory reviews, information security maturity, network and vulnerability assessments, and IT audits
• Identify gaps and areas for improvement
• Lead preparation and facilitation of IT certification audits such as ISO 27001
• Maintain and drive mitigation controls within the IT Risk Register
• Continuously analyse effectiveness of IT and Information Security controls
• Collaborate with stakeholders on third-party risk assessments
• Ensure acceptable residual risk levels are maintained
• Escalate audit and risk matters to relevant committees
• Facilitate IT disaster recovery and business continuity initiatives including testing
• Assess adequacy of IT and Information Security business continuity and disaster recovery plans

IT Compliance – 30%

• Coordinate and support internal and external compliance audits
• Oversee and evaluate compliance with regulatory requirements and practices
• Ensure IT-related activities adhere to prescribed standards
• Ensure IT practices meet all applicable legal and regulatory requirements
• Manage execution of compliance activities to enhance compliance maturity
• Ensure compliance with legislation such as POPIA, ECT Act, Cybercrimes Act
• Oversee and facilitate data protection activities
• Ensure compliance with regulations relating to personally identifiable and sensitive business information

IT Reporting – 10%

• Develop, implement, and monitor IT Governance, Risk Management, and Audit reporting mechanisms
• Support compliance and highlight exposure areas to management
• Ensure timely and accurate reporting to regulatory bodies

Minimum Requirements

• 3 year degree in IT or related field
• 3-5 experience in a similar role

Recommendations

• CGEIT, CRISC, CISA, or GIAC certifications advantageous

Competencies Required

Functional Skills

• Analytical and investigative
• Attention to detail
• Communication and interpretation
• Decision making
• Problem solving

Behavioural Competencies

• Confident
• Problem ownership
• Persuasive
• Team player
• Assertive
• Integrity
• Initiator

Thought Leadership

• Provide insights
• Explore possibilities
• Adopt practical approaches
• Develop strategies
• Generate ideas
• Examine information