Blue Pearl HQ

L3 Sr. Operations Analyst-GRC

Blue Pearl HQ  •  Lagos, NG (Onsite)  •  5 months ago
Apply
Save Job
Mark Applied Mark Interviewed Mark Offered
Hide Job Report Job
AI can make mistakes so check important info. Chat history is never stored.

Job Description


We are seeking an experienced
L3 Sr. Operations Analyst
specializing in
Governance, Risk, and Compliance (GRC)
within the cybersecurity domain. This role involves advanced oversight and management of GRC frameworks, ensuring that cybersecurity practices align with organizational goals, regulatory requirements, and industry standards. The ideal candidate will provide expert-level support for escalated GRC operations, conduct risk assessments, and maintain a robust compliance posture across the enterprise.


Requirements


Key Responsibilities:


Governance:


  • Develop, implement, and maintain cybersecurity governance frameworks in alignment with industry standards (e.g., ISO 27001, NIST, COBIT).

  • Define and enforce cybersecurity policies, standards, and guidelines.

  • Monitor adherence to governance structures, ensuring consistency across all business units.

  • Provide expert-level support for escalated governance-related issues and inquiries.


Risk Management:


  • Conduct detailed risk assessments and develop mitigation strategies for identified vulnerabilities and threats.

  • Oversee third-party risk assessments to ensure vendor compliance with security policies.

  • Implement tools and methodologies to monitor, measure, and report risk metrics (KRIs).

  • Collaborate with stakeholders to prioritize and remediate high-risk areas effectively.


Compliance:


  • Lead initiatives to ensure compliance with applicable regulations (e.g., GDPR, CCPA, PCI DSS, HIPAA).

  • Manage audits and certifications, acting as a liaison between external auditors and internal teams.

  • Maintain evidence repositories for audit readiness and ensure timely responses to compliance inquiries.

  • Monitor changes in regulatory landscapes and update internal practices accordingly.


Incident Response and Escalations:


  • Act as an escalation point for GRC-related incidents, providing advanced analysis and remediation plans.

  • Support investigations into non-compliance incidents and implement corrective actions.

  • Develop and maintain playbooks for GRC-related incident responses.


Reporting and Communication:


  • Generate detailed reports on governance, risk, and compliance metrics for senior leadership.

  • Communicate findings and recommendations from risk assessments and audits to stakeholders.

  • Provide regular updates on the status of GRC programs and initiatives.


Continuous Improvement:


  • Identify gaps and recommend enhancements to GRC frameworks, tools, and processes.

  • Stay updated on emerging GRC technologies, methodologies, and industry trends.

  • Mentor and train junior analysts on GRC best practices and tools.


Required Skills and Qualifications:


Technical Skills:


  • Advanced knowledge of GRC frameworks and tools (e.g., Archer, ServiceNow GRC, MetricStream).

  • Expertise in risk assessment methodologies, such as FAIR (Factor Analysis of Information Risk).

  • Familiarity with regulatory compliance requirements (e.g., GDPR, SOX, HIPAA, PCI DSS).

  • Experience with audit and certification processes for standards like ISO 27001 or SOC 2.

  • Proficiency in security and compliance monitoring tools (e.g., Nessus, Qualys, Tenable).


Experience:


  • 5+ years of experience in cybersecurity with a focus on GRC roles.

  • Proven track record in leading risk assessments, compliance initiatives, and governance projects.

  • Experience in managing enterprise-wide GRC programs across multiple business units.


Soft Skills:


  • Strong analytical skills to interpret risk and compliance data.

  • Excellent communication skills for collaboration with technical and non-technical stakeholders.

  • Detail-oriented and organized, capable of managing multiple projects simultaneously.


Preferred Qualifications:


  • Certifications:
    CISM
    ,
    CRISC
    ,
    CISSP
    ,
    ISO 27001 Lead Auditor
    , or equivalent.

  • Familiarity with privacy laws and frameworks (e.g., CCPA, GDPR).

  • Experience with cloud security compliance frameworks (e.g., CSA STAR).
Blue Pearl HQ

About Blue Pearl HQ

Blue Pearl is a market-leading CLOUD Solutions developer with extensive knowledge and insight into the latest technologies, standardised processes, advanced technical capabilities and consulting processes available, ensuring wholistic success for our clientele. We offer professional consulting to compliment your business strategy and overall management and make it our priority to add value to any business by listening, analysing and creating a conducive solution that will empower our client.

We implement a Data Analysis Process that includes inspecting, cleansing, transforming, and modelling data with the end-goal of discovering useful information, informing conclusions, and relevant information to support your decision-making. Your business cannot afford not to engage with us, allowing our data analysis to play a role in making your business decisions more scientific and helping your business achieve effective operation.

Blue Pearl’s team of experts include BI strategists, BI analysts, Data Warehouse Architects, Data Scientists, Implementation and Development experts. With the use of BI, Analytics and Big Data, we effectively partner with our customers on their mission to achieve a competitive business advantage and real ROI from the structured information we collect.

Industry
IT & Software
Company Size
11-50 employees
Headquarters
Johannesburg, ZA
Year Founded
2013
Website
bluepearl.co.za
Social Media