IT Governance, Risk, and Compliance Specialist

Are you passionate about ensuring IT systems, policies, and processes align with regulatory and security standards? We are seeking a dedicated IT Governance, Risk, and Compliance (GRC) Specialist to join our Information Technology team. This role is crucial in maintaining compliance with industry frameworks such as ISO 27001 : 2022, GDPR, and POPIA while driving risk mitigation strategies and enhancing security policies. If you thrive in a dynamic environment and have a strong understanding of IT governance principles, this is the perfect opportunity for you!

Duties & Responsibilities

• Manage and ensure regulatory compliance which includes but not limited to, ISO 27001 : 2022 – Information Security, Cyber Security and data protection, POPIA, GDPR, OHS, Environmental, social, and governance (ESG).
• Ensure related company compliance requirements are addressed in accordance with relevant rules and regulations according to the territories within which it operates, for example privacy, security and administrative regulations.
• Ensure appropriate risk mitigation and control processes for security incidents as required.
• Receives reports of security incidents and conducts thorough investigations, prepares written findings and recommendations, along with follow-up evaluations, and analyses patterns and trends.
• Responsible for daily compliance tasks.
• Perform regular reviews and update on all company policies.
• Conduct and report on Compliance for Management.
• Coordinates and conducts the continuous development, implementation and updating of security and privacy policies, standards, guidelines, baselines, processes and procedures in compliance with applicable regulations and standards.
• Participate in improving company processes and implement tools for policy management.
• Ensure audit trails and documentation are reviewed periodically and are in compliance with policies and audit requirements.
• Collaboration with management and various company teams to improve and achieve compliance.
• Support company teams with ad hoc requests, including investigation of legislation and regulations, as well as draft the necessary processes or documentation to achieve compliance.
• Follow different compliance evolutions and market trends keeping our company up to date.
• Prepare and conduct employee awareness initiatives and training.
• Prepare and oversee audit assessments.

Desired Experience & Qualification

Requirements :

• Degree or equivalent qualification in computer science, IT or related field.
• Professional Information Security Certification (CISSP, CISM, CASP+ or equivalent) will be advantageous.
• At least 4 years experiences in a similar role.
• Solid working knowledge of the following regulatory requirements : GDPR , POPIA, ECT, OHS, ESG.
• Knowledge of the following security frameworks : ISO / IEC 27001, ISO / IEC 27002, NIST CSF, will be advantageous.
• Ability to articulate to non-technical audience on various compliance topics.
• Effective verbal and written communication skills.
• Effective organizational abilities along with detail-oriented, proactive approach to work.

Please note that by submitting your personal information to Deka Minas you free-willingly issue the business consent to make use of such data for the specific purpose of securing you either permanent or temporary employment. Our business makes use of a POPIA compliant database and you have the right to access, right to correction and right to deletion of your personal information.