Job Description

IT Governance Specialist - 5 Month Contract

Minimum Requirements:

• Matric (Grade 12)
• 3 year degree in IT or related
• 3-5 years in a similar role
  

Responsibilities:

• Develop and implement a comprehensive IT GRC strategy
• Development and implementation of IT Governance, Risk Management, and Compliance policies, processes, and procedures
• Implementation and embedment of various frameworks (e.g. COBIT, ITIL, ISO, NIST, SABSA, PRINCE II, CMM, etc)
• Implementation of IT controls in alignment with risk, legislative and regulatory requirements, and industry trends
• Develop, monitor and report on IT governance metrics and performance indicators
• Assist in the maintenance of IT alignment activities, including report submissions, across various governance committees and structures
• Assist the various IT departments with the development and maintenance of incident response plan
• Assist in the preparation of stakeholder communications in response to cyber security incidents
• Maintain accurate and up-to-date documentation related to IT GRC activities
• Establish processes for continuous monitoring and reporting on compliance and risk management activities
• Conduct periodical internal risk assessments in various IT departments and tracking of application access reviews, active directory reviews,
  information security maturity, network and vulnerability assessments, and IT Audits identifying any gaps or areas for improvement
• Lead preparations and facilitate audits for IT certifications, such as ISO27001
• Maintain and drive the implementation of mitigation controls of the IT Risk Register
• Continuously analyze the effectiveness of IT and Information Security controls
• Collaborate with internal stakeholders to perform risk analysis on information hosted by third parties and controls implemented, ensuring the maintenance of acceptable levels of residual risk
• Ensure visibility of audit and risks by escalating to the relevant committees
• Facilitate IT disaster recovery and business continuity initiatives, including testing
• Continuously assess the adequacy of the IT and Information Security business continuity and disaster recovery plans in conjunction with Risk
• Management Develop an IT risk profile for the university in alignment with the approved Risk Management framework and process
• Coordinate and support internal and external compliance audits
• Oversee and evaluate compliance with regulatory requirements and practices to ensure that ITrelated activities adhere to prescribed standards
• Ensure the organizations IT practices meet all applicable legal and regulatory requirements
• Manage execution of compliance activities to enhance the university's compliance maturity with the applicable legal and regulatory standards such as POPIA, ETC Act, Cybercrimes Act
• Oversee and facilitate data protection activities to ensure full compliance with POPIA and associated regulations concerning personally identifiable information and business-related sensitive information
• Develop, implement, and monitor reporting mechanisms for IT Governance, Risk
• Management, and Audit, to support compliance and highlight areas of exposure to management
• Ensure timely and accurate reporting to regulatory bodies as required