Job Description

Job Purpose:
IT Governance, Risk, and Compliance Specialist will develop and implement IT Governance frameworks and controls aligned with international standards; manage IT audits and risks; ensure compliance to the applicable IT regulations and policies and deliver on the IT reporting requirements.Key Performance Areas (KPAs):
IT Governance

• Develop and implement a comprehensive IT GRC strategy
• Development and implementation of IT Governance, Risk Management, and Compliance policies, processes, and procedures
• Implementation and embedment of various frameworks (e.g. COBIT, ITIL, ISO, NIST, SABSA, PRINCE II, CMM, etc)
• Implementation of IT controls in alignment with risk, legislative and regulatory requirements, and industry trends
• Develop, monitor and report on IT governance metrics and performance indicators
• Assist in the maintenance of IT alignment activities, including report submissions, across various governance committees and structures
• Assist the various IT departments with the development and maintenance of incident response plan
• Assist in the preparation of stakeholder communications in response to cyber security incidents
• Maintain accurate and up-to-date documentation related to IT GRC activities
• 30% Time

IT Audit and Risk Management

• Establish processes for continuous monitoring and reporting on compliance and risk management activities.
• Develop an IT risk profile for the company in alignment with the approved Risk Management framework and process
• Conduct periodical internal risk assessments in various IT departments and tracking of application access reviews, active directory reviews, information security maturity, network and vulnerability assessments, and IT Audits identifying any gaps or areas for improvement
• Lead preparations and facilitate audits for IT certifications, such as ISO27001
• Maintain and drive the implementation of mitigation controls of the IT Risk Register
• Continuously analyze the effectiveness of IT and Information Security controls
• Collaborate with internal stakeholders to perform risk analysis on information hosted by third parties and controls implemented, ensuring the maintenance of acceptable levels of residual risk
• Ensure visibility of audit and risks by escalating to the relevant committees
• Facilitate IT disaster recovery and business continuity initiatives, including testing
• Continuously assess the adequacy of the IT and Information Security business continuity and disaster recovery plans in conjunction with Risk Management
• 30% Time

IT Compliance

• Coordinate and support internal and external compliance audits
• Oversee and evaluate compliance with regulatory requirements and practices to ensure that IT- related activities adhere to prescribed standards
• Ensure the organizations IT practices meet all applicable legal and regulatory requirements
• Manage execution of compliance activities to enhance the companies compliance maturity with the applicable legal and regulatory standards such as POPIA, ETC Act, Cybercrimes Act
• Oversee and facilitate data protection activities to ensure full compliance with POPIA and associated regulations concerning personally identifiable information and business-related sensitive information
• 30% Time

IT Reporting

• Develop, implement, and monitor reporting mechanisms for IT Governance, Risk Management, and Audit, to support compliance and highlight areas of exposure to management
• Ensure timely and accurate reporting to regulatory bodies as required
• 30% Time

Minimum Requirements (Qualifications, Experience and Knowledge):

• 3 year degree in IT or related;
• 3-5 years in a similar role

Recommendations:

• CGEIT, CRISC, CISA, GIAC certifications are advantageous

Competencies (Technical Skills and Behavioral Attributes) Required:

• Functional Skills: Analytical and investigative; Attention to detail; Communication and Interpretation; Decision making; Problem solving.
• Competencies: Confident; Problem Ownership; Persuasive; Team Player; Assertive; Integrity; Initiator.

Thought Leadership: Providing insights, exploring possibilities, adopting practical approaches, developing strategies, generating ideas, and examining information

ExecutivePlacements.com