Type your keywords in the search box above

Manager: Governance, Risk and Compliance Security Analyst


. IT Governance
• Develop an IT governance framework that integrates ITIL, COBIT and ISO27001/2 frameworks
to ensure the delivery of results and contribute
to the maturity of the following areas:
- Business Continuity (Disaster Recovery)
- IT Service Management including ITIL
- Project Governance
- Risk Management
- Compliance to data and information protection acts and regulations
• To evaluate, enhance and continuously improve IT Governance.
• Evaluate, policies, procedure and processes compliance with regulations
• Report on the regulatory environment and Assupol’s compliance threats
• Develop systems and processes to improve our IT governance
• Build/develop early warning systems to identify breaches and non-compliance
• Build and develop a global best practice IT Governance structure, process and capability
• Develop policies, processes and participate in acquiring technology and the implementation of
said policies, processes, to improve IT GRC
2. Risk Management
• Continuously liaise with the CRO on new developments (internal) evolution of industry
(external) and the risk it introduces, the risk
management and mitigation processes and strategies
• Assist in maturing the Information Security Risk Management Programme
• Meet with business stakeholders to identify top security risks
• Assist in developing and driving the implementation of security best practices and standards to
mature the overall IT Risk Management
Program which includes defining security system and application standards of control
• Works with IT, Information Security, and Business stakeholders to determine the acceptable
level of risk for the organisation
• Assist in performing Third Party Risk Assessments for new and existing vendor tools, on premise
implementations, and third parties with access
to the environment.
• Assist in maturing the Third Party Risk Management program by defining security controls
required of vendors.
• Articulate identified risks to the business for remediation, mitigation and sign off.
3. Compliance and Monitoring
• Ensure compliance to the ISO27001/2 and NIST Cybersecurity Framework
• Monitor the progress of the Security Roadmap and Programme
• Review and update Security policies and supporting procedures/processes
• Perform assessments of adherence to standards
• Work closely with IT management on good security practices
• Assess 3rd party vendors’ adherence to standards and security controls
• Develop Security and Controls Compliance reports in accordance with adopted security
frameworks and standards
• Track Security Risk
• Oversee Remediation of security controls gaps by IT Operations
leakage, brand reputational risks, malware
propagation, system compromises etc.
• Mature the Data Loss Prevention Program and review outputs to determine the appropriate
action required.
• Assist with maturing the Data Governance Program which includes defining a Data Classification
and Handling Program, identifying Data
Owners, and assisting with the design and implementation of a Data Classification and Rights
Management tool.
• Assist in developing and maintaining Key Performance Indicators (KPIs) and Key Risk Indicators
(KRIs) for the Data Governance Security
Program and initiatives.
• Assist in the management and maintenance of the enterprise wide Information Security
Awareness Program which includes phishing
simulations, computer-based training, proactive communications on latest threats, workshops and
• Ensure the IT and Information Security team stays abreast of new regulatory, legal and/or
compliance data security requirements.
• Ensure compliance with applicable legal and regulatory requirements.
4. Operational Excellence
• Maturity level of IT processes
• Manage security
5. User Orientation
• Deliver good service
• Enable achievement of business strategies

ormal Education
• IT related Degree
Technical/Legal Certification
• Certified Information Security Manager (CISM)
• Certified Information Systems Auditor (CISA) - an advantage
• Governance experience : 5 years
• IT Risk Management experience: 5 years
• Security Management: 5 years
• Understanding of cybersecurity frameworks (ISO,NIST,COBIT,FFIEC)
• Strong documentation and communication skills
• IT Governance: COBIT or ITIL
• Technology:Microsoft & SQL
• Technical Understanding: Technical understanding of technology platforms, operating systems,
system development life cycle, change management, information security, databases
•IT Security: Knowledge and hands on experience with Controls, Security Architecture and IT
•IT Processes: Knowledge of IT and Business Processes
•Security Management: IS----- certified (including IT experience)
• Strategic planning: Aligning IT with business
• Compliance management: Accountable for ensuring that IT adheres to all the necessary legal
and regulatory requirements
• Audit Skills: General IT/Audit review skills
• Risk management: Accountable for identifying IT risks and ensuring that adequate controls are
in place to mitigate the risks
• Interpersonal Skills
• Conceptual thinker: Develop opportunities & answer future challenges
• Time management: Develop & deliver solutions within the required time frame
• Team player: Build a climate of empowerment & responsibility







R70 000-00 Monthly

Job Reference: