IT Governance, Risk, and Compliance Specialist

Duties & Responsibilities:

• Manage and ensure regulatory compliance which includes but not limited to, ISO 27001:2022 Information Security, Cyber Security and data protection, POPIA, GDPR, OHS, Environmental, social, and governance (ESG).
• Ensure related company compliance requirements are addressed in accordance with relevant rules and regulations according to the territories within which it operates, for example privacy, security and administrative regulations.
• Ensure appropriate risk mitigation and control processes for security incidents as required.
• Receives reports of security incidents and conducts thorough investigations, prepares written findings and recommendations, along with follow-up evaluations, and analyses patterns and trends.
• Responsible for daily compliance tasks.
• Perform regular reviews and update on all company policies.
• Conduct and report on Compliance for Management.
• Coordinates and conducts the continuous development, implementation and updating of security and privacy policies, standards, guidelines, baselines, processes and procedures in compliance with applicable regulations and standards.
• Participate in improving company processes and implement tools for policy management.
• Ensure audit trails and documentation are reviewed periodically and are in compliance with policies and audit requirements.
• Collaboration with management and various company teams to improve and achieve compliance.
• Support company teams with ad hoc requests, including investigation of legislation and regulations, as well as draft the necessary processes or documentation to achieve compliance.
• Follow different compliance evolutions and market trends keeping our company up to date.
• Prepare and conduct employee awareness initiatives and training.
• Prepare and oversee audit assessments.

Desired Experience & Qualification:

• Degree or equivalent qualification in computer science, IT or related field.
• Professional Information Security Certification (CISSP, CISM, CASP+ or equivalent) will be advantageous.
• At least 4 years experiences in a similar role.
• Solid working knowledge of the following regulatory requirements: GDPR , POPIA, ECT, OHS, ESG.
• Knowledge of the following security frameworks: ISO/IEC 27001, ISO/IEC 27002,
• NIST CSF, will be advantageous.
• Ability to articulate to non-technical audience on various compliance topics.
• Effective verbal and written communication skills.
• Effective organizational abilities along with detail-oriented, proactive approach to work.
• Ability to work under time pressure.
• Business acumen.
• Strong administrative skills.
• Team player mentality.