Posted time 18th August 2023 Location Johannesburg Job type Full-time
  • Salary: R880 000 negotiable

Job Advert Summary


  • The IT Governance Risk & Compliance (GRC) Specialist will assist in the development and implementation of IT Governance frameworks and IT controls following appropriate methodology approved by management and aligned with international standards (e. g. COBIT, ITIL, ISO, NIST, PRINCE II, CMM, etc.); It incorporates leading and participating in the assessment of security, risks, and control effectiveness for applications, infrastructure, and technology projects.
  • The Specialist will identify, classify, and document control issues environment by documenting assessment results, recommending corrective action, tracking remediation, evaluating policy and control standard exceptions, and regularly report to IT management.
  • Also assists with internal and external auditors performing their mandates.


Minimum Requirement


  • Minimum Qualifications: National Diploma in IT /Bachelor or Relevant equivalent to NQF Level 6
  • IT Governance certification or ITIL & COBIT mandatory; CRISC, CISSP, CISA or CGEIT certification is strongly preferred
  • An active member of a professional body within ICT

Experience & Technical skills:

  • Minimum 7 years of experience in IT Governance Risk and Compliance related experience
  • Experience with GRC methodologies, tools and enablers
  • Hands-on experience with implementation and monitoring of one or more IT Governance frameworks (COBIT, ITIL, ISO, PRINCE II, etc.)
  • Excellent understanding of IT operational processes and controls including projects
  • Excellent understanding of Regulatory requirements facing the IT environment (PCI DSS, POPIA, GDPR)
  • Must be persuasive and be able to communicate GRC related concepts to a broad range of technical and non-technical staff.
  • Be able to map business needs to technology solutions
  • Must have a solid understanding of IT Governance, Risk Management and Compliance Frameworks
  • Solid understanding of security risks and preventative controls

Duties and Responsibilities        

  1. IT Governance Frameworks
  • Assist in the development and implementation of IT Governance, frameworks, IT Controls, recommendations from various assessments, and action plans following an appropriate methodology approved by management and aligned with international standards (e. g. COBIT, ITIL, ISO, NIST, PRINCE II, CMM, etc).
  • Assist in the implementation of IT Governance, Risk and Compliance solutions in line with the The company approved policies and frameworks.
  • Assist in the development and implementation IT Governance, Risk Management and Compliance policies, processes, procedures and IT controls training materials to keep fellow IT colleagues well-informed of relevant industry, legislative and regulatory requirements and changes.
  • Develop, implement and monitor reporting mechanisms for IT Governance, Risk Management, and Audit, to support compliance and highlight areas of exposure to management.
  • Support the development of policies, processes and procedures for the IT Division, including control document reviews, meeting coordination, assessment, finding mediation, assisting control owner with remediation plan development, tracking findings through remediation, progress monitoring, reporting, and escalation.
  • Assess the current adequacy of the business continuity / disaster recovery plans in conjunction with Risk Management, potential threats to the systems, and then calculate the impact of potential adverse events.
  • Participates in the development, adoption and compliance of IT governance framework across all areas of business
  • Assist in the maintenance of IT alignment activities, including report submissions, across various governance committees and structures.
  • Perform design and process analysis for IT business processes that impact IT Governance
  • Facilitate adoption and continuous improvement of planning practices and processes within IT and the business as a whole.
  1. IT Risk Management, Audit
  • Act as a risk and compliance champion for the IT Division.
  • Perform ad-hoc duties as assigned to ensure the smooth functioning of the IT GRC function and maintain a good reputation with Auditors, Compliance and Risk Departments.
  • Maintain and monitor the IT risk framework is aligned to the The company approved enterprise risk management framework
  • Maintain the IT Risk Register in collaboration with enterprise risk management and drive implementation of mitigation controls of risks (through responsible Senior Managers and/or line of Business) within defined periods.
  • Integrate Cyber risk into IT Risk Management practices, processes, procedures and activities.
  • Co-ordinate periodical internal risk assessments in various IT functions and ensure vulnerability remediation and tracking. Examples:
  • IT Audits (ITGC etc.)
  • Application access reviews,
  • Active directory review
  • Security, network and vulnerability assessments.
  • IT Audits (ITGC etc.)
  • Conduct IT risk assessments(including Projects risk), and analyse the effectiveness of control activities, and report on them with actionable recommendations.
  • Ensure that IT risks are identified and monitored continuously.
  • Review identified security risks and breaches to ensure the IT assets (software and hardware) and information are always appropriately secured.
  • Ensure visibility, management and escalation of IT risks impacting the delivery of IT services
  • Work directly with the clients, third parties and other internal Departments such as Risk Management to facilitate IT risk analysis and risk management processes and to identify acceptable levels of residual risk
  • Keep IT management up to date on the results
  • Facilitate disaster recovery and business continuity initiatives with relevant stakeholders
  1. IT Compliance
  • Proactive management of compliance requirements to improve the division’s compliance maturity with legal and regulatory requirements such (POPIA, ETC act, Cyber bill RICA etc.)
  • Monitor and review compliance with regulatory requirements and practices to ensure IT-related activities are meeting prescribed standards.
  • Act as compliance champion for the IT Division.
  • Maintain and facilitate data protection activities to ensure full compliance with POPIA and associated regulations on personal identifiable information and business-related sensitive information.
  1. Perform ad hoc tasks

If you are interested and meet the requirements kindly contact

This job is Expired