Johannesburg: IT Governance, Risk, and Compliance Specialist posted by Deka Minas (Pty) Ltd

About the Role

We are seeking a dedicated IT Governance, Risk, and Compliance (GRC) Specialist to join our Information Technology team. This role is crucial in maintaining compliance with industry frameworks such as ISO 27001:2022, GDPR, and POPIA while driving risk mitigation strategies and enhancing security policies. If you thrive in a dynamic environment and have a strong understanding of IT governance principles, this is the perfect opportunity for you!

Key Responsibilities

• Manage and ensure regulatory compliance which includes but not limited to, ISO 27001:2022 Information Security, Cyber Security and data protection, POPIA, GDPR, OHS, Environmental, social, and governance (ESG).
• Ensure related company compliance requirements are addressed in accordance with relevant rules and regulations according to the territories within which it operates.
• Ensure appropriate risk mitigation and control processes for security incidents as required.
• Receives reports of security incidents and conducts thorough investigations, prepares written findings and recommendations, along with follow-up evaluations, and analyses patterns and trends.
• Responsible for daily compliance tasks.
• Perform regular reviews and update on all company policies.
• Conduct and report on Compliance for Management.
• Coordinates and conducts the continuous development, implementation and updating of security and privacy policies, standards, guidelines, baselines, processes and procedures in compliance with applicable regulations and standards.
• Participate in improving company processes and implement tools for policy management.
• Ensure audit trails and documentation are reviewed periodically and are in compliance with policies and audit requirements.
• Collaboration with management and various company teams to improve and achieve compliance.
• Support company teams with ad hoc requests, including investigation of legislation and regulations, as well as draft the necessary processes or documentation to achieve compliance.
• Follow different compliance evolutions and market trends keeping our company up to date.
• Prepare and conduct employee awareness initiatives and training.
• Prepare and oversee audit assessments.

Requirements

• Degree or equivalent qualification in computer science, IT or related field.
• Professional Information Security Certification (CISSP, CISM, CASP+ or equivalent) will be advantageous.
• At least 4 years experiences in a similar role.
• Solid working knowledge of the following regulatory requirements: GDPR , POPIA, ECT, OHS, ESG.
• Knowledge of the following security frameworks: ISO/IEC 27001, ISO/IEC 27002, NIST CSF, will be advantageous.
• Ability to articulate to non-technical audience on various compliance topics.
• Effective verbal and written communication skills.
• Effective organizational abilities along with detail-oriented, proactive approach to work.
• Ability to work under time pressure.
• Business acumen.
• Strong administrative skills.
• Team player mentality.

Qualifications

• Professional Information Security Certification (CISSP, CISM, CASP+ or equivalent)
• Degree or equivalent qualification in computer science, IT or related field

Salary & Benefits

[Salary range: R750 000 – R1 000 000 per annum] [Bonus structure: based on performance]

How to Apply

If you are a motivated and experienced professional looking for a challenging role, please submit your application with a cover letter and CV to reach [email address]