Specialist: ICT Governance Risk and Compliance
  • South Africa Pretoria
  • Kamo Placements
1 year before
31.12.2023
Securely Provision
Risk Management
Job Description

JOB DESCRIPTION


Provide an ICT Governance, Risk and Compliance (GRC) framework, including data compliance and cybersecurity risk aligning ICT with the overall objectives of company.
Coordinate the development and implementation of ICT policies, standards, processes and procedures and ensure that data compliance standards are adhered to throughout the organisation and escalate non-compliance issues.
Monitor and evaluate adherence to ITC policies at the divisional and organisational level and escalate non-compliance to line management for corrective action.
Ensure that all relevant controls, policies and procedures are embedded and monitored as operating effectively and that actions are in place to address emerging risks and incidents.
Identify, report and ensure implementation of mitigation of all ICT related cybersecurity threats and risk assessment procedures.
Assist in identifying and adhering to fraud controls, risk prevention principles, sound governance and compliance processes, and tools to identify and manage risks
Support and provide evidence to all internal and external audit and regulatory requirements.
Maintain quality risk management standards in line with regulatory requirements.
Build and maintain effective internal and external stakeholder relationships for the purpose of expectations management, knowledge sharing and integration, and to manage the organisation’s reputation.
Represent and participate in the organisation’s committees and tasks teams when required.
Convene and attend meetings and present relevant information stakeholders when required.



JOB REQUIREMENTS


Diploma + Advanced Diploma / B-Degree in ICT, IS, Computer science or a related field.
Certified in the Governance of Enterprise IT (CGEIT) certification is essential.
Certified Information Systems Auditor (CISA) certification is advantageous.
Certified in Risk and Information Systems Control (CRISC) certification is advantageous.
8 years relevant work experience in ICT Governance Risk and Compliance
4 years specialist experience
Must have ICT governance and risk experience within a corporate environment.
Proven track record in implementing COBIT 5 Enterprise Governance frameworks within an organisation.

Quick response
Required Knowledge
  • K0001   Knowledge of computer networking concepts and protocols, and network security methodologies.
  • K0002   Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
  • K0004   Knowledge of cybersecurity and privacy principles.
  • K0005   Knowledge of cyber threats an`d vulnerabilities.
  • K0028   Knowledge of organization's evaluation and validation requirements.
  • K0048   Knowledge of Risk Management Framework (RMF) requirements.
  • K0054   Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities.
  • K0101   Knowledge of the organization’s enterprise information technology (IT) goals and objectives.
  • K0126   Knowledge of Supply Chain Risk Management Practices (NIST SP 800-161)
  • K0169   Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures.
  • K0624   Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)
  • K0263   Knowledge of information technology (IT) risk management policies, requirements, and procedures.
  • K0061   Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
  • K0091   Knowledge of systems testing and evaluation methods.
  • K0198   Knowledge of organizational process improvement concepts and process maturity models (e.g., Capability Maturity Model Integration (CMMI) for Development, CMMI for Services, and CMMI for Acquisitions).
  • K0214   Knowledge of the Risk Management Framework Assessment Methodology.
  • K0293   Knowledge of integrating the organization’s goals and objectives into the architecture.
  • K0320   Knowledge of organization's evaluation and validation criteria.
  • K0288   Knowledge of industry standard security models.
  • K0047   Knowledge of information technology (IT) architectural concepts and frameworks.
  • K0297   Knowledge of countermeasure design for identified security risks.
Required Skills
  • S0115   Skill in preparing Test & Evaluation reports.
  • S0147   Skill in assessing security controls based on cybersecurity principles and tenets. (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.).
  • S0036   Skill in evaluating the adequacy of security designs.
  • S0085   Skill in conducting audits or reviews of technical systems.
Required Abilities
  • A0033  Ability to develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities.
  • A0019  Ability to produce technical documentation.
  • A0023  Ability to design valid and reliable assessments.
  • A0112  Ability to monitor advancements in information privacy technologies to ensure organizational adaptation and compliance.