12 Oct
Cebisile Investment and Advisory
Randburg
Job Title: IT Governance, Risk and Compliance/Risk Analyst (Manager)
Location: Johannesburg
Contract type: Contract (6-month contract)
Hybrid
The IT GRC/Risk Analyst is responsible for supporting the organization's IT risk management, governance, and compliance functions. This role involves assessing risks, developing risk mitigation strategies, ensuring adherence to regulatory requirements, and contributing to the creation and maintenance of policies and standards that foster IT governance. The analyst will work with various departments to manage risk assessments, control frameworks, audits, and compliance efforts
Roles and responsibilities:
- Conduct risk assessments to identify and analyse IT risks across systems and processes.
- Develop and implement risk mitigation strategies, controls, and action plans.
- Monitor emerging threats and vulnerabilities and assess potential impact on the organization.
- Assist in the development and maintenance of a risk register to document and track IT risks.
- Support internal and external audits, including gathering evidence and coordinating audit responses.
- Policy Development and Compliance: Design and enforce IT governance frameworks and standards such as CIS, ISO 27001, NIST, and COBIT etc., amongst others.
- Ensure compliance with regulatory requirements, privacy and other such as POPIA GDPR, HIPAA, and PCI-DSS as and where applicable.
- Conduct internal audits and prepare for external compliance assessments, ensuring that all controls and processes meet regulatory obligations.
- Ensure IT operations comply with internal policies and external regulatory requirements (e.g., GDPR, SOX, HIPAA).
- Assist in the development, review, and updating of IT policies, procedures,
and standards.
- Support the management and improvement of governance frameworks such as COBIT, ISO 27001, and NIST.
- Perform control testing and compliance assessments to ensure the organization meets its IT governance objectives.
- Security and Incident Response:
- Collaborate with the cybersecurity team to ensure appropriate security measures are in place.
- Participate in incident response activities and coordinate with stakeholders to resolve security issues.
- Monitor for compliance with data privacy laws and security standards.
- Collaboration and Communication:
- Work with cross-functional teams to implement risk management and compliance initiatives.
- Provide training and awareness to staff regarding IT risk management, compliance,
and governance.
- Communicate IT risk and compliance status to senior leadership and provide recommendations for improvement.
- Continuous Improvement:
- Identify opportunities for improving IT risk and compliance processes and implement enhancements.
- Stay up to date with regulatory changes, industry standards, and best practices to recommend updates to the governance framework.
- Experience and qualifications:
- Education: Bachelor's degree in information technology, Information Security, Risk Management, or a related field.
- Experience: 2-5 years of experience in IT risk management, IT compliance, cybersecurity, or related disciplines.
- Certified Information Systems Auditor (CISA)
- Certified Information Security Manager (CISM)
- Certified in Risk and Information Systems Control (CRISC)
- Experience in working with large amounts of data.
- Proven working experience with regulatory requirements.
- Automation experience.
- ITIL or other governance and risk management certifications.
- Strong understanding of IT governance frameworks (e.g., COBIT, ISO 27001, NIST).
- Familiarity with regulatory requirements (e.g., GDPR, HIPAA, SOX).
- Experience in conducting risk assessments, control testing, and audits.
- Excellent analytical, communication, and documentation skills.
- Knowledge of cybersecurity best practices and incident response procedures.
- Ability to work independently and collaborate with cross-functional teams
If you're ready to take on a new challenge and make an impact,
we want to hear from you. Apply now!
Desired Skills:
- Data
- Automation
- Regulatory
- Risk
- Compliance
▶️ IT Governance Risk and Compliance/Risk Analyst (Manager) - Gauteng, Randburg
🖊️ Cebisile Investment and Advisory
📍 Randburg