IT Governance, Risk and Compliance Specialist

Financial Responsibility: Total budget responsible for Total staff salaries Synopsis of Department/Unit Looking for an IT Governance, Risk, and Compliance Specialist who will develop and implement IT Governance frameworks and controls aligned with international standards Manage IT audits and risks Ensure compliance with applicable IT regulations and policies Deliver IT reporting requirements Job Purpose Develop and implement IT Governance frameworks and controls aligned with international standards Manage IT audits and risks Ensure compliance with applicable IT regulations and policies Deliver IT reporting requirements Key Performance Areas and Responsibilities IT Governance – 30% Develop and implement a comprehensive IT GRC strategy Develop and implement IT Governance, Risk Management, and Compliance policies, processes, and procedures Implement and embed frameworks such as COBIT, ITIL, ISO, NIST, SABSA, PRINCE II, CMM Implement IT controls aligned with risk, legislative, regulatory requirements, and industry trends Develop, monitor, and report on IT governance metrics and performance indicators Assist with IT alignment activities including report submissions across governance committees and structures Assist IT departments with development and maintenance of incident response plans Assist with preparation of stakeholder communications in response to cybersecurity incidents Maintain accurate and up-to-date IT GRC documentation IT Audit and Risk Management – 30% Establish processes for continuous monitoring and reporting on compliance and risk management activities Develop an IT risk profile aligned with the approved Risk Management framework Conduct periodic internal risk assessments across IT departments Track application access reviews, active directory reviews, information security maturity, network and vulnerability assessments, and IT audits Identify gaps and areas for improvement Lead preparation and facilitation of IT certification audits such as ISO 27001 Maintain and drive mitigation controls within the IT Risk Register Continuously analyse effectiveness of IT and Information Security controls Collaborate with stakeholders on third-party risk assessments Ensure acceptable residual risk levels are maintained Escalate audit and risk matters to relevant committees Facilitate IT disaster recovery and business continuity initiatives including testing Assess adequacy of IT and Information Security business continuity and disaster recovery plans IT Compliance – 30% Coordinate and support internal and external compliance audits Oversee and evaluate compliance with regulatory requirements and practices Ensure IT-related activities adhere to prescribed standards Ensure IT practices meet all applicable legal and regulatory requirements Manage execution of compliance activities to enhance compliance maturity Ensure compliance with legislation such as POPIA, ECT Act, Cybercrimes Act Oversee and facilitate data protection activities Ensure compliance with regulations relating to personally identifiable and sensitive business information IT Reporting – 10% Develop, implement, and monitor IT Governance, Risk Management, and Audit reporting mechanisms Support compliance and highlight exposure areas to management Ensure timely and accurate reporting to regulatory bodies Minimum Requirements 3 year degree in IT or related field 3-5 experience in a similar role Recommendations CGEIT, CRISC, CISA, or GIAC certifications advantageous Competencies Required Functional Skills Analytical and investigative Attention to detail Communication and interpretation Decision making Problem solving Behavioural Competencies Confident Problem ownership Persuasive Team player Assertive Integrity Initiator Thought Leadership Provide insights Explore possibilities Adopt practical approaches Develop strategies Generate ideas Examine information