Job Description

The GRC Specialist (IT Governance) will assist in the development, implementation, and maintenance of IT Governance, Risk, and Compliance frameworks and controls aligned with international standards and regulatory requirements. The role works closely with cross-functional teams to identify, manage, and mitigate IT and cyber risks while ensuring compliance within a regulated financial services environment.
Key Performance Areas

• IT Governance Frameworks
• IT Risk Management & Audit
• IT Compliance
• Incident Response & Management
• Documentation & Reporting
• Security Architecture & Implementation
• Ad-hoc GRC activities

Key Responsibilities
IT Governance

• Assist in implementing IT GRC frameworks, policies, procedures, and controls aligned with approved company standards.
• Develop and maintain IT governance documentation, reporting mechanisms, and training material.
• Support governance committees through reporting, assessments, and remediation tracking.
• Review and assess business continuity and disaster recovery plans.

IT Risk Management

• Act as IT risk and compliance champion.
• Maintain the IT Risk Register and ensure alignment with the enterprise risk management framework.
• Coordinate IT risk assessments, audits, access reviews, vulnerability assessments, and cyber risk integration.
• Monitor, report, and escalate IT risks impacting service delivery.

IT Compliance

• Monitor compliance with regulatory and legislative requirements including POPIA, PAIA, FICA, RICA, ECT Act, GOI and Joint Standards.
• Coordinate internal and external IT compliance audits.
• Support data protection and information security compliance initiatives.

Incident Response

• Develop and maintain incident response plans.
• Coordinate responses to cybersecurity incidents and conduct post-incident reviews.
• Support incident communication and training initiatives.

Security Architecture

• Collaborate with IT and Development teams to integrate security controls into IT architecture.
• Ensure secure configuration and operation of systems.

Qualifications

• Matric
• National Diploma in IT / Bachelors Degree or equivalent (NQF Level 6)
• IT Governance certification OR ITIL & COBIT (mandatory)
• CRISC, CISSP, CISM, CISA or CGEIT (advantageous)

Experience

• Minimum 5 years experience in IT Governance, Risk & Compliance
• Minimum 5 years experience working with GRC methodologies, tools, and frameworks
• Proven experience implementing frameworks such as COBIT, ITIL, ISO, PRINCE II

Skills & Knowledge

• Strong understanding of IT Governance, Risk and Compliance frameworks
• Knowledge of regulatory requirements impacting IT (POPIA, GDPR, PCI DSS)
• Understanding of cybersecurity risks and preventative controls
• Strong reporting, documentation, and stakeholder engagement skills
• Ability to communicate GRC concepts to technical and non-technical stakeholders

Personal Attributes

• Resilient and deadline-driven
• Detail-oriented and conscientious
• Professional, ethical, and discreet
• Strong negotiation and conflict-resolution skills
• Self-starter with high levels of accountability

Skills Required