IT Governance, Risk and Compliance/Risk Analyst (Manager)

Are you passionate about IT governance, risk management, and compliance? Numata is seeking a detail-oriented IT GRC Analyst to join our team and ensure our IT infrastructure is secure, compliant, and aligned with business objectives. This multifaceted role offers an exciting opportunity to influence and enhance Numata's Managed Services business model through process optimization, system improvements, and technology integration.

About the Role:

As an IT GRC Analyst, you will lead the design and enforcement of security and compliance policies, manage business and system requirements, and provide strategic insights to enhance overall IT and business operations. Working across governance, risk, compliance, cybersecurity, and business systems analysis, this role is pivotal to supporting Numata's commitment to excellence in IT management and client satisfaction.

Key Responsibilities:

IT Governance, Risk, and Compliance (GRC):

• Design and enforce IT governance frameworks and standards such as CIS, ISO 27001, NIST, and COBIT.
• Ensure compliance with regulatory requirements like POPIA, GDPR, HIPAA, and PCI-DSS.
• Conduct internal audits and prepare for external compliance assessments.

Risk Management and Reporting:

• Identify, assess, and mitigate IT and cybersecurity risks.
• Maintain an up-to-date risk register and generate detailed risk management reports.
• Perform gap analyses and recommend risk treatment plans aligned with business objectives.

Cybersecurity Analysis:

• Conduct risk and control assessments for threat and vulnerability management.
• Develop and maintain incident response plans for timely resolution of security incidents.
• Provide recommendations for strengthening cybersecurity controls and maturity roadmaps.

Business and Systems Analysis:

• Collaborate with stakeholders to gather and document business requirements.
• Translate business needs into technical solutions and system specifications.
• Develop process flows, use cases, and technical specifications for system upgrades and integrations.
• Ensure IT GRC controls are embedded in new projects and client onboarding.

System Implementation and Optimization:

• Align systems with security requirements and business objectives.
• Participate in system testing, validation, and troubleshooting.
• Recommend and implement system optimizations based on data-driven insights.

Collaboration and Engagement:

• Act as a liaison between IT, business units, compliance, and development teams.
• Lead or participate in strategic planning sessions to integrate IT GRC into business strategies.
• Support vendor risk management by evaluating third-party compliance and security practices.

Project and Change Management:

• Lead IT and business system projects from inception to delivery.
• Implement change management processes for smooth transitions during upgrades or new control implementations.

What We're Looking For:

• Qualifications: Bachelor's degree in Information Technology, Computer Science, Business Administration, or related field preferred. Certifications like CISM, CISSP, CISA, CRISC, or CBAP are advantageous.
• Technical Expertise: Strong knowledge of GRC frameworks (CIS, ISO, NIST, COBIT), security tools (SIEM, IDS/IPS), and business process modeling techniques (BPMN, UML).
• Analytical Skills: Proven experience in risk assessments, vulnerability analysis, and translating business needs into technical requirements.
• Communication: Ability to articulate complex technical information to non-technical stakeholders and produce clear, precise documentation.
• Project Management: Demonstrated success managing cross-functional projects involving IT governance, cybersecurity, and business process improvements.

Key Competencies:

• Ethical judgment and integrity.
• Problem-solving mindset with a focus on continuous improvement.
• Effective communication and interpersonal skills for collaboration across teams.

Experience:

• 3+ years of combined experience in IT GRC, cybersecurity, and business systems analysis.

Why Join Numata?

• Work with a collaborative and innovative team.
• Make a significant impact on the security and compliance of IT systems.
• Enjoy opportunities for professional growth and development.

Ready to shape the future of IT governance and risk management? Apply today to become a valued member of the Numata team.