IT Governance, Risk and Compliance Specialist at Sabenza IT & Recruitment

About the position

The organization is looking for an IT governance, risk and compliance specialist who will develop and implement IT governance frameworks and controls aligned with international standards; manage IT audits and risks; ensure compliance to the applicable IT regulations and policies and deliver on the IT reporting requirements.




Requirements

• Degree in IT or related field.
  
• 8 years’ experience in a similar role.
  
• CGEIT, CRISC, CISA and GIAC certifications are advantageous.
  
• Develop and implement a comprehensive IT GRC strategy.
  
• Development and implementation of IT Governance, risk management and compliance policies, processes and procedures implementation and embedment of various frameworks (e.g. COBIT, ITIL, ISO, NIST, SABSA, PRINCE II, CMM, etc).
  
• Implementation of IT controls in alignment with risk, legislative and regulatory requirements and industry trends.
  
• Develop, monitor and report on IT governance metrics and performance indicators.
  
• Assist in the maintenance of IT alignment activities, including report submissions, across various governance committees and structures.
  
• Assist the various IT departments with the development and maintenance of incident response plan.
  
• Assist in the preparation of stakeholder communications in response to cyber security incidents.
  
• Maintain accurate and up-to-date documentation related to IT GRC activities.
  
• Establish processes for continuous monitoring and IT audit and risk management reporting on compliance and risk management activities.
  
• Develop an IT risk profile for the university in alignment with the approved risk management framework and process.
  
• Conduct periodical internal risk assessments in various IT departments and tracking of application access reviews, active directory reviews, information security maturity, network and vulnerability assessments and IT audits identifying any gaps or areas for improvement.
  
• Lead preparations and facilitate audits for IT certifications, such as ISO27001.
  
• Maintain and drive the implementation of mitigation controls of the IT Risk Register.
  
• Continuously analyses the effectiveness of IT and Information security controls.
  
• Collaborate with internal stakeholders to perform risk analysis on information hosted by third parties and controls implemented, ensuring the maintenance of acceptable levels of residual risk.
  
• Ensure visibility of audit and risks by escalating to the relevant committees.
  
• Facilitate IT disaster recovery and business continuity initiatives, including testing.
  
• Continuously assess the adequacy of IT and information security.
  
• Business continuity and disaster recovery plans in conjunction with risk management.
  
• Coordinate and support internal and external compliance audits.
  
• Oversee and evaluate compliance with regulatory requirements and practices to ensure that IT-related activities adhere to prescribed standards.
  
• Ensure the organization’s IT practices meet all applicable legal and regulatory requirements.
  
• Manage execution of compliance activities to enhance the compliance maturity with the applicable legal and regulatory standards such as POPIA, ETC Act, and cybercrimes act.
  
• Oversee and facilitate data protection activities to ensure full compliance with POPIA and associated regulations concerning personally identifiable information and business-related sensitivity.
  
• Develop, implement, and monitor reporting mechanisms for IT governance, risk management and Audit, to support compliance and highlight areas of exposure to management.
  
• Ensure timely and accurate reporting to regulatory bodies as required.
  
  

Desired Skills:

• Compliance
• risk
• governance
• ISO27001

Desired Qualification Level:

• Degree

About The Employer: