IT Governance Risk and Compliance Specialist - Jhbll job descriptionIT Governance, Risk and Compliance Specialist1. Job SummaryAssist in the development and implementation of IT Governance frameworks and IT controls following appropriatemethodology approved by management that is aligned with international and financial industry standards (e. g, GOIstandards (PA), Joint Standards (PA & FSCA), COBIT, ITIL, ISO, NIST, PRINCE II, CMM, etc.).Advise the company on best business practices and to develop and implement appropriate solutions.Work closely with cross functional teams to identify, assess, and mitigate risks while ensuring alignment with industrystandards and regulatory requirements.2. Key Performance AreasIT Governance FrameworksIT Risk Management AuditIT ComplianceIncident and Response ManagementDocumentation and ReportingSecurity Architecture and ImplementationAd hoc3. Key Tasks (By KPA for clarity)IT Governance FrameworksAssist in the implementation of IT Governance, Risk and Compliance solutions in line with the Affinity LifeLimited approved policies and frameworks.Assist in the development and implementation IT Governance, Risk Management and Compliancepolicies, processes, procedures, and IT controls training materials to keep IT colleagues informed ofrelevant industry, legislative and regulatory requirements, and changes.Development and implementation of IT Governance Frameworks, IT Controls, recommendations fromvarious assessments and action plans following an appropriate methodology by managements approvalthat is aligned with international and financial industry standards (e. g. GOI Standards (PA), JointStandards (PA & FSCA) COBIT, ITIL, ISO, NIST, PRINCE II, CMM, etc).Support the development of policies, processes, and procedures for the IT Division.Develop, implement, and monitor reporting mechanisms for IT Governance, Risk Management, andAudit, to support compliance and highlight areas of exposure to management.Assist in the maintenance of IT alignment activities, including report submissions, across variousgovernance committees and structures.Include control document reviews, meeting coordination, assessment, finding mediation, assistingcontrol owner with remediation plan development, tracking findings through remediation, progressmonitoring, reporting, and escalation.Assess the current adequacy of the business continuity / disaster recovery plans in conjunction with RiskManagement, potential threats to the systems, and then calculate the impact of potential adverseevents.Participate in the development, adoption, and compliance of IT governance framework across all areas ofbusiness.Perform design and process analysis for IT business processes that impact IT Governance.Facilitate adoption and continuous improvement of planning practices and processes within IT and thebusiness as a whole.IT Risk Management AuditAct as a risk and compliance champion for the IT Division.Maintain and monitor the IT risk framework is aligned to the Affinity Life Limited approved enterprise riskmanagement framework.Maintain the IT Risk Register in collaboration with enterprise risk management and drive implementationof mitigation controls of risks through Managers and business within defined periods.Integrate Cyber risk into IT Risk Management practices, processes, procedures, and activities.Co-ordinate periodical internal risk assessments in various IT functions and tracking of application accessreviews, active directory review, security, network and vulnerability assessments and IT Audits.Facilitate disaster recovery and business continuity initiatives with relevant stakeholders.Review identified security risks and breaches to ensure the IT assets and information are alwaysappropriately secured.Visibility, management, and escalation of IT risks impacting the delivery of IT services.Work closely with the internal clients and third parties to facilitate IT risk analysis and risk managementprocesses and to identify acceptable levels of residual risk.Conduct IT risk assessments, and analyse the effectiveness of control activities, and report on them withactionable recommendations.Identify and monitor IT risks continuously.Keep IT management up to date on the results.IT ComplianceMonitor and review compliance with regulatory requirements and practices to ensure IT-related activitiesare meeting prescribed standards.Management of compliance requirements to improve the company’s compliance maturity with legal andregulatory requirements such as GOI and Joint Standards, Insurance Act, PAIA,POPIA, ETC act, Cyber bill,FICA, RICA etc.)Maintain and facilitate data protection activities to ensure full compliance with POPIA and associatedregulations on personal identifiable information and business-related sensitive information.Act as compliance champion for the IT Division.Coordinate and support internal and external compliance audits.Incident Response and ManagementDevelop and maintain an incident response plan.Lead and coordinate responses to cyber security incidents to ensure a timely and effective resolution.Conduct post-incident reviews to identify lessons learned and areas for improvement.Assist in the preparation of stakeholder communications in response to cyber security incidents.Assist in the development of incident response training for employees.Documentation and ReportingMaintain accurate and up to date documentation related to IT GRC activities.Generate regular reports on the organisation’s security and compliance posture for management andstakeholders.Security Architecture and ImplementationWork with IT and Development teams to integrate security measures into the overall IT and Developmentarchitecture.Implement and manage security technologies to safeguard the organisation’s assets.Collaborate with system owners to ensure secure configuration and operation of IT systems.Ad hocPerform ad-hoc duties as assigned to ensure the smooth functioning of the IT GRC function and maintaina good reputation with Auditors, Compliance and Risk Departments.5. Physical activitiesN/A6. When the job will be performedMonday to Friday08h00 – 17h007. Where the job will be performedBenoni8. Essential Qualifications (i.e., Have-to-Have: Deal Breakers)Matric.National Diploma in IT /Bachelor or Relevant equivalent to NQF Level 6.IT Governance certification or ITIL & COBIT mandatory.9. Desirable Qualifications (Nice-to-Have: Deal Enhancers)CRISC, CISSP, CISM, CISA or CGEIT certification10. Legal or Statutory RequirementsN/A11. Essential Experience (Have-to-Have: Deal Breakers)MatricNational Diploma in IT /Bachelor or Relevant equivalent to NQF Level 6.Experience in IT Governance Risk and Compliance related experience.Experience with GRC methodologies, tools, and enablers.Hands-on experience with implementation and monitoring of one or more IT Governance frameworks(COBIT, ITIL, ISO, PRINCE II, etc.)12. Desirable Experience (Nice-to-Have: Deal Enhancers)N/A13. Knowledge and Skills (stick to KEY requirements)Solid understanding of IT Governance, Risk Management and Compliance Frameworks.Understanding of security risks and the required preventative controls.Excellent understanding of IT operational processes and controls including projects.Knowledge of the IT frameworks and best practices.Excellent understanding of Regulatory requirements relatively to the IT environment (PCI DSS, POPIA,GDPR).The ability to be persuasive and be able to communicate GRC related concepts to staff.Sound knowledge, understanding and application of the relevant legislation.Ability to map business needs to technology solutions.Implementation of the ICT strategy in the insurance environment.Must have excellent corporate governance principles.Thorough understanding of technical elements14. AttributesResilienceInnovativeDeadline drivenSelf-starterCustomer service orientatedAbility to handle confidential mattersProfessionalismNegotiationConflict ResolutionFairnessConscientiousMeticulousHonest, Hardworking and Humble15. Level and Impact of ResponsibilityWhat level of decisions can this person take?Task Work JobDepartment Business DivisionCompany Enterprise GroupWhat will be the impact of any wrong decision take by the Job Holderi. Describe or list as appropriateWhat Monthly/Annual Budget is Managed by the Job Holder?i. Describe if relevant16. Assets Controlled.What level and value of ASSETS does this role control?i. E.g., Laptop and Peripheralsii. Approximate Value: R 5000.00Should you Require More information on this vacancy please Email us at info@trasa.co.zaJob Types: Full-time, PermanentPay: R60 000,00 - R70 000,00 per monthApplication Question(s):Do you have:CRISC, CISSP, CISM, CISA or CGEIT certificationDo you have the following deal breakers:MatricNational Diploma in IT /Bachelor or Relevant equivalent to NQF Level 6.Experience in IT Governance Risk and Compliance related experience.Experience with GRC methodologies, tools, and enablers.Hands-on experience with implementation and monitoring of one or more IT Governance frameworks(COBIT, ITIL, ISO, PRINCE II, etc.)Do you live in or close to Benoni?Are you available or when can you start working?Did you read the job spec thoroughly and do you feel comfortable with all the requirements?Education:Bachelors (Preferred)Experience:IT Governance, Risk and Compliance: 3 years (Preferred)
