Job Openings IT GRC Analyst/Specialist

About the job IT GRC Analyst/Specialist

Are you passionate about IT governance, risk management, and compliance? 

Numata is seeking a detail-oriented IT GRC Analyst/Specialist to join our team and ensure our IT infrastructure is secure, compliant, and aligned with business objectives. This multifaceted role offers an exciting opportunity to influence and enhance Numata's Managed Services business model through process optimization, system improvements, and technology integration.

About the Role:

As an IT GRC Analyst/Specialist, you will lead the design and enforcement of security and compliance policies, manage business and system requirements, and provide strategic insights to enhance overall IT and business operations. Working across governance, risk, compliance, cybersecurity, and business systems analysis, this role is pivotal to supporting Numata's commitment to excellence in IT management and client satisfaction.

Key Responsibilities:

More specifically the IT Governance, Risk, and Compliance (IT GRC) analyst / specialist is responsible for:

General IT GRC processes

  • Coordinate & Participate (RACI) as per project management processes for IT GRC projects, scope, as-is analysis, gap analysis and milestone plan and success criteria.
  • Upload the relevant IT GRC project templates on project management and task management toolset and update / maintain regular and timely as per project, milestone, timeline, content, process and control reporting requirements.
  • Engage and collaborate with internal and external Client stakeholders to understand requirements, align IT GRC management practices with business objectives and provide the necessary guidance ensuring common understanding and alignment.
  • Facilitate, analyse and assess compliance with regulatory requirements, privacy and other such as POPIA, GDPR, NIST CSF, CIS, and other relevant as and where applicable.
  • Identify, assess, and facilitate engagement to mitigate IT and cybersecurity risks, maintaining an up-to-date risk register considering the relevant process and controls performance as input.
  • Enable through policy development mitigating compliance gaps directed by compliance frameworks, processes and regulatory bodies including best practice directives for good governance practices and supporting standards.
  • Generate risk management reports, perform gap analyses, and recommend and facilitate risk treatment plans as per above.
  • Create and drive roadmaps with the objective to correct, motivate and or improve identified gaps and control weaknesses.
  • Monitor progress and performance against onboarding and managed IT GRC service processes.
  • Structure engagement and closing the feedback loop continuously as per the IT GRC management processes, stakeholder engagement requirements and the resulting minutes and or discussion notes feeding into action plans.
  • Document, manage and maintain the IT GRC processes and other relevant content for the IT GRC knowledge base.
  • Any additional administration / maintenance tasks as part of the IT GRC processes stack that may arise.

Client Onboarding (projects)

  • Prepare the client for onboarding to the platform (engagement, training).
  • Conduct Client IT GRC assessments in collaboration with the IT GRC specialists team members and Head of Department.

More specifically:

  • Rapid baseline risk assessment.
  • Technical worksheets review.
  • Controls and Requirements Assessment.
  • Roadmap generation and mitigation.
  • Policy, process and Procedure assistance and templates.

Ongoing Managed IT GRC Services (and supporting projects)

  • Post onboarding of the Client, the client needs to be supported as part of the managed IT GRC services process through the Clients lifecycle at Numata.
  • Facilitate the next steps engagement processes ensuring recommendations (risk treatment plans) and supporting roadmaps for mitigation and resolution of processes and control gaps (weaknesses) driving IT GRC and security posture improvements, are affected and completed.
  • Engage and provide feedback monthly, re treatment plans / roadmap managing expectations, of progress, issues and posture improvement and or decline.
  • Create annual calendar for client with treatment plan / roadmap as input.
  • Support the client, re access, training and recommendations how to fully use the IT GRC platform for Client business value on an ongoing basis.
  • Determine frequency of reviews. assessments and reporting (as per annual client calendar).
  • Identify process breakdown and roles and responsivities in context of resolution, mitigation and improvement.

Qualification, Certification & Skills

  • Qualifications: Bachelors degree in information technology, computer science, business administration, or comparative field.
  • Certifications: CISM, CISSP, CISA, CRISC, CBAP, or any other comparative certification is an advantage.
  • Technical Skills: Strong evidence-based knowledge of having experience in IT related environments, GRC frameworks (CIS, ISO, NIST, COBIT), security tools (SIEM, IDS/IPS), and business process modelling techniques (BPMN, UML).
  • Analytical Skills: Excellence in conducting risk assessments, vulnerability analysis, and identifying control gaps weaknesses.
  • Documentation and content management: In addition, governance, risk and compliance requirements should be proactively considered and translated into system, process, data (information) and technical solutions for business value.
  • Business Acumen and Communication: Excellent ability to articulate complex technical information to non-technical stakeholders, alongside clear and precise documentation skills.
  • Project Management: Knowledge in managing cross-functional projects involving IT governance, cybersecurity, and business process improvements.

Experience:

  • 3+ years of combined experience in IT, IT GRC, cybersecurity, and business systems analysis.

Key Competencies:

  • Ethical judgment, integrity, and commitment to best practices in compliance and risk management.
  • Problem-solving, analytical mindset with a focus on problem-solving and continuous improvement.
  • Effective communication and interpersonal skills supporting strong service orientation, including conflict-management, working across multiple teams and with diverse stakeholders.
  • Quality mindset and correctness and the ability to motivate deviance or regression with evidence.
  • Planning and focus to deliver on time.
  • Adaptability and appetite supporting continuous learning.

Why Join Numata?

  • Work with a collaborative and innovative team.
  • Make a significant impact on the security and compliance of IT systems.
  • Enjoy opportunities for professional growth and development.

Ready to shape the future of IT governance and risk management? Apply today to become a valued member of the Numata team.


Or refer someone