IT Governance, Risk and Compliance Specialist

The organisation is looking for an IT governance, risk
and compliance specialist who will develop and implement IT governance
frameworks and controls aligned with international standards; manage IT audits
and risks; ensure compliance to the applicable IT regulations and policies and
deliver on the IT reporting requirements.

Responsibilities

• Develop and implement a
  comprehensive IT GRC strategy.
  
• Development and
  implementation of IT Governance, risk management and compliance policies,
  processes and procedures implementation and embedment of various
  frameworks (e.g. COBIT, ITIL, ISO, NIST, SABSA, PRINCE II, CMM, etc).
  
• Implementation of IT
  controls in alignment with risk, legislative and regulatory requirements
  and industry trends.
  
• Develop, monitor and
  report on IT governance metrics and performance indicators.
  
• Assist in the
  maintenance of IT alignment activities, including report submissions,
  across various governance committees and structures.
  
• Assist the various IT
  departments with the development and maintenance of incident response
  plan.
  
• Assist in the
  preparation of stakeholder communications in response to cyber security
  incidents.
  
• Maintain accurate and
  up -to -date documentation related to IT GRC activities.
  
• Establish processes for
  continuous monitoring and IT audit and risk management reporting on
  compliance and risk management activities.
  
• Develop an IT risk
  profile for the university in alignment with the approved risk management
  framework and process.
  
• Conduct periodical
  internal risk assessments in various IT departments and tracking of
  application access reviews, active directory reviews, information security
  maturity, network and vulnerability assessments and IT audits identifying
  any gaps or areas for improvement.
  
• Lead preparations and
  facilitate audits for IT certifications, such as ISO27001.
  
• Maintain and drive the
  implementation of mitigation controls of the IT Risk Register.
  
• Continuously analyse the
  effectiveness of IT and Information security controls.
  
• Collaborate with
  internal stakeholders to perform risk analysis on information hosted by
  third parties and controls implemented, ensuring the maintenance of
  acceptable levels of residual risk.
  
• Ensure visibility of
  audit and risks by escalating to the relevant committees.
  
• Facilitate IT disaster
  recovery and business continuity initiatives, including testing.
  
• Continuously assess the
  adequacy of the IT and information security.
  
• Business continuity and
  disaster recovery plans in conjunction with risk management.
  
• Coordinate and support
  internal and external compliance audits.
  
• Oversee and evaluate
  compliance with regulatory requirements and practices to ensure that
  IT -related activities adhere to prescribed standards.
  
• Ensure the organizations
  IT practices meet all applicable legal and regulatory requirements.
  
• Manage execution of
  compliance activities to enhance the compliance maturity with the
  applicable legal and regulatory standards such as POPIA, ETC Act,
  cybercrimes act.
  
• Oversee and facilitate
  data protection activities to ensure full compliance with POPIA and
  associated regulations concerning personally identifiable information and
  business -related sensitive.
  
• Develop, implement, and
  monitor reporting mechanisms for IT governance, risk management and Audit,
  to support compliance and highlight areas of exposure to management.
  
• Ensure timely and
  accurate reporting to regulatory bodies as required.
  

Qualifications

• Matric and a Degree in
  IT or related filed.
  
• 8 years experience in a
  similar role.
  
• CGEIT, CRISC, CISA and
  GIAC certifications are advantageous.