IT Governance, Risk, and Compliance Specialist

Are you passionate about ensuring IT systems, policies, and processes align with regulatory and security standards? We are seeking a dedicated IT Governance, Risk, and Compliance (GRC) Specialist to join our Information Technology team. This role is crucial in maintaining compliance with industry frameworks such as ISO 27001:2022, GDPR, and POPIA while driving risk mitigation strategies and enhancing security policies. If you thrive in a dynamic environment and have a strong understanding of IT governance principles, this is the perfect opportunity for you!

Duties & Responsibilities

• Manage and ensure regulatory compliance which includes but is not limited to ISO 27001:2022 – Information Security, Cyber Security, and data protection, POPIA, GDPR, OHS, Environmental, social, and governance (ESG).
• Ensure related company compliance requirements are addressed in accordance with relevant rules and regulations according to the territories within which it operates, for example, privacy, security, and administrative regulations.
• Ensure appropriate risk mitigation and control processes for security incidents as required.
• Receive reports of security incidents and conduct thorough investigations, prepare written findings and recommendations, along with follow-up evaluations, and analyze patterns and trends.
• Responsible for daily compliance tasks.
• Perform regular reviews and updates on all company policies.
• Conduct and report on Compliance for Management.
• Coordinate and conduct the continuous development, implementation, and updating of security and privacy policies, standards, guidelines, baselines, processes, and procedures in compliance with applicable regulations and standards.
• Participate in improving company processes and implement tools for policy management.
• Ensure audit trails and documentation are reviewed periodically and are in compliance with policies and audit requirements.
• Collaborate with management and various company teams to improve and achieve compliance.
• Support company teams with ad hoc requests, including investigation of legislation and regulations, as well as draft the necessary processes or documentation to achieve compliance.
• Follow different compliance evolutions and market trends keeping our company up to date.
• Prepare and conduct employee awareness initiatives and training.
• Prepare and oversee audit assessments.

Desired Experience & Qualification

Requirements:

• Degree or equivalent qualification in computer science, IT, or related field.
• Professional Information Security Certification (CISSP, CISM, CASP+, or equivalent) will be advantageous.
• At least 4 years of experience in a similar role.
• Solid working knowledge of the following regulatory requirements: GDPR, POPIA, ECT, OHS, ESG.
• Knowledge of the following security frameworks: ISO/IEC 27001, ISO/IEC 27002, NIST CSF, will be advantageous.
• Ability to articulate to a non-technical audience on various compliance topics.
• Effective verbal and written communication skills.
• Effective organizational abilities along with a detail-oriented, proactive approach to work.
• Ability to work under time pressure.
• Business acumen.
• Strong administrative skills.
• Team player mentality.

For more info, reach kgothatsomashike@dekaminas.io.

Please note that by submitting your personal information to Deka Minas, you free-willingly issue the business consent to make use of such data for the specific purpose of securing you either permanent or temporary employment. Our business makes use of a POPIA compliant database and you have the right to access, right to correction, and right to deletion of your personal information.