IT Governance, Risk and Compliance Specialist - Contract - Onsite

IT Governance, Risk and Compliance Specialist - Contract - Onsite

POSITION INFO :

Our Client, a Global Tech firm, is seeking an IT Governance, Risk and Compliance Specialist to join their team in Johannesburg on a contract basis.

Responsibilities

1. Develop and implement a comprehensive IT GRC strategy
2. Development and implementation of IT Governance, Risk Management, and Compliance policies, processes, and procedures
3. Implementation and embedment of various frameworks (e.g. COBIT, ITIL, ISO, NIST, SABSA, PRINCE II, CMM, etc)
4. Implementation of IT controls in alignment with risk, legislative and regulatory requirements, and industry trends
5. Develop, monitor and report on IT governance metrics and performance indicators
6. Assist in the maintenance of IT alignment activities, including report submissions, across various governance committees and structures
7. Assist the various IT departments with the development and maintenance of incident response plans
8. Assist in the preparation of stakeholder communications in response to cyber security incidents
9. Maintain accurate and up-to-date documentation related to IT GRC activities
10. Establish processes for continuous monitoring and reporting on compliance and risk management activities
11. Develop an IT risk profile in alignment with the approved Risk Management framework and process
12. Conduct periodical internal risk assessments in various IT departments and tracking of application access reviews, active directory reviews, information security maturity, network and vulnerability assessments, and IT Audits identifying any gaps or areas for improvement
13. Lead preparations and facilitate audits for IT certifications, such as ISO27001
14. Maintain and drive the implementation of mitigation controls of the IT Risk Register
15. Continuously analyze the effectiveness of IT and Information Security controls
16. Collaborate with internal stakeholders to perform risk analysis on information hosted by third parties and controls implemented, ensuring the maintenance of acceptable levels of residual risk
17. Ensure visibility of audit and risks by escalating to the relevant committees
18. Facilitate IT disaster recovery and business continuity initiatives, including testing
19. Continuously assess the adequacy of the IT and Information Security business continuity and disaster recovery plans in conjunction with Risk Management
20. Coordinate and support internal and external compliance audits
21. Oversee and evaluate compliance with regulatory requirements and practices to ensure that IT-related activities adhere to prescribed standards
22. Ensure the organization's IT practices meet all applicable legal and regulatory requirements
23. Manage execution of compliance activities to enhance compliance maturity with the applicable legal and regulatory standards such as POPIA, ETC Act, Cybercrimes Act
24. Oversee and facilitate data protection activities to ensure full compliance with POPIA and associated regulations concerning personally identifiable information and business-related sensitive information
25. Develop, implement, and monitor reporting mechanisms for IT Governance, Risk Management, and Audit, to support compliance and highlight areas of exposure to management
26. Ensure timely and accurate reporting to regulatory bodies as required

Qualifications

1. Bachelors Degree in IT or related qualification
2. 5 years experience in a similar role
3. CGEIT, CRISC, CISA, GIAC certifications are advantageous