SUMMARY:
-
POSITION INFO:
Are you passionate about ensuring IT systems, policies, and processes align with regulatory and security standards? We are seeking a dedicated IT Governance, Risk, and Compliance (GRC) Specialist to join our Information Technology team. This role is crucial in maintaining compliance with industry frameworks such as ISO 27001:2022, GDPR, and POPIA while driving risk mitigation strategies and enhancing security policies. If you thrive in a dynamic environment and have a strong understanding of IT governance principles, this is the perfect opportunity for you!
Duties & Responsibilities
- Manage and ensure regulatory compliance which includes but not limited to, ISO 27001:2022 – Information Security, Cyber Security and data protection, POPIA, GDPR, OHS, Environmental, social, and governance (ESG).
- Ensure related company compliance requirements are addressed in accordance with relevant rules and regulations according to the territories within which it operates, for example privacy, security and administrative regulations.
- Ensure appropriate risk mitigation and control processes for security incidents as required.
- Receives reports of security incidents and conducts thorough investigations, prepares written findings and recommendations, along with follow-up evaluations, and analyses patterns and trends.
- Responsible for daily compliance tasks.
- Perform regular reviews and update on all company policies.
- Conduct and report on Compliance for Management.
- Coordinates and conducts the continuous development, implementation and updating of security and privacy policies, standards, guidelines, baselines, processes and procedures in compliance with applicable regulations and standards.
- Participate in improving company processes and implement tools for policy management.
- Ensure audit trails and documentation are reviewed periodically and are in compliance with policies and audit requirements.
- Collaboration with management and various company teams to improve and achieve compliance.
- Support company teams with ad hoc requests, including investigation of legislation and regulations, as well as draft the necessary processes or documentation to achieve compliance.
- Follow different compliance evolutions and market trends keeping our company up to date.
- Prepare and conduct employee awareness initiatives and training.
- Prepare and oversee audit assessments.
Desired Experience & Qualification
Requirements:
- Degree or equivalent qualification in computer science, IT or related field.
- Professional Information Security Certification (CISSP, CISM, CASP+ or equivalent) will be advantageous.
- At least 4 years experiences in a similar role.
- Solid working knowledge of the following regulatory requirements: GDPR , POPIA, ECT, OHS, ESG.
- Knowledge of the following security frameworks: ISO/IEC 27001, ISO/IEC 27002, NIST CSF, will be advantageous.
- Ability to articulate to non-technical audience on various compliance topics.
- Effective verbal and written communication skills.
- Effective organizational abilities along with detail-oriented, proactive approach to work.
- Ability to work under time pressure.
- Business acumen.
- Strong administrative skills.
- Team player mentality.
Reach for more info.
Please note that by submitting your personal information to Deka Minas you free-willingly issue the business consent to make use of such data for the specific purpose of securing you either permanent or temporary employment. Our business makes use of a POPIA compliant database and you have the right to access, right to correction and right to deletion of your personal information.
