Information Security, Governance, Risk and Compliance (GRC) Analyst REMOTE
  • South Africa
  • Cyberlogic
1 year before
31.12.2023
Securely Provision
Risk Management
Job Description

JOB TITLE:

Information Security Governance, Risk and Compliance (GRC) Analyst


LOCATION:

Remote / Johannesburg / Stellenbosch


ABOUT CYBERLOGIC:

Cyberlogic is a trusted Managed Solutions Provider focusing on optimising cloud infrastructure and cyber security. Our just cause is to enable digital transformation through delivering unquestionable value.


Our core capabilities are in IT leadership, security and cloud. We have over 27 years of experience in infrastructure and support services, adhere to ITIL best practices and hold a breadth of knowledge across various technologies and industries.


We believe our people are essential to our continued success and support career growth through our Go4Growth model which is aimed at encouraging our people to continuously contribute, learn, evolve and succeed.


OUR VALUES:

We challenge ourselves to be more AWESOME
We are driven to KEEP learning and EVOLVING
We look beyond symptoms to identify and RESOLVE ROOT CAUSES
We hold each other accountable through CANDID and constructive FEEDBACK
We respect and care for each other and know we will only SUCCEED if we work AS A TEAM
We CARE deeply ABOUT the success of CYBERLOGIC
We FINISH WHAT WE START
We always GIVE OUR BEST even if it means putting in the hard yards
We KEEP THINGS SIMPLE


PURPOSE OF POSITION:

The Information Security Governance, Risk and Compliance Analyst provides support to all client organisation-wide information governance activities. The position focuses on establishing and ensuring adherence to enterprise information security policies, standards and practices, both at the department and Business and Functional areas level, to achieve the required level of consistency, quality and protection to meet overall business needs.


This position will also provide input into strategic roadmaps and critical dashboards to provide management status to executive leadership. A GRC analyst will provide support in reviewing and editing existing Information Security Policies and Standards, manage and report on awareness training platforms as well as perform compliance checks on client systems.

A person with this role must be able to understand complex information and communicate the information to people with diverse professional backgrounds.


KEY RESPONSIBILITIES:

Draft and review information security related policies
Carry out risk assessments and control reviews
Serve as a liaison between Business and Functional areas and technology to ensure that Information Security Policies related business requirements for protecting sensitive data are clearly defined, communicated, and well understood and considered as part of operational prioritization and planning.
Be an information security consultant in discussions regarding clients’ information security strategies.
Verify compliance with the agreed policies
Manage security awareness reports
Analyse and account for positive and negative variances in report data


CORE COMPETENCIES:

Deciding & Initiating Action
Working with People
Adhering to Principles & Values
Persuading & Influencing
Presenting & Communicating
Writing & Reporting
Applying Expertise & Technology
Analysing
Learning & Researching
Creating & Innovating
Formulating Concepts & Strategies
Planning & Organising
Delivering Results & Meeting Client Expectations
Following Instructions & Procedures
Adapting & Responding to Change
Coping with Pressure
Achieving Goals & Objectives


KEY REQUIREMENTS:

Relevant Tertiary Qualification
At least 2-3 years working experience in information security governance, risk and compliance.
Excellent Communication skills (Written and Verbal)
CISA, CISM or CISSP preferable


DESIRED REQUIREMENTS

You may be required to travel to clients or our other offices. Own vehicle and a valid driver’s license is required.


Should you work from home, it is your responsibility to ensure that you have uninterrupted internet connectivity and a ‘work-like’ environment at your home location to deliver your best in terms of performance and productivity.

Quick response
Required Knowledge
  • K0002   Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
  • K0004   Knowledge of cybersecurity and privacy principles.
  • K0005   Knowledge of cyber threats an`d vulnerabilities.
  • K0038   Knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data.
  • K0048   Knowledge of Risk Management Framework (RMF) requirements.
  • K0126   Knowledge of Supply Chain Risk Management Practices (NIST SP 800-161)
  • K0169   Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures.
  • K0624   Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)
  • K0154   Knowledge of supply chain risk management standards, processes, and practices.
  • K0202   Knowledge of the application firewall concepts and functions (e.g., Single point of authentication/audit/policy enforcement, message scanning for malicious content, data anonymization for PCI and PII compliance, data loss protection scanning, accelerated cryptographic operations, SSL security, REST/JSON processing).
  • K0263   Knowledge of information technology (IT) risk management policies, requirements, and procedures.
  • K0211   Knowledge of confidentiality, integrity, and availability requirements.
  • K0214   Knowledge of the Risk Management Framework Assessment Methodology.
  • K0065   Knowledge of policy-based and risk adaptive access controls.
  • K0297   Knowledge of countermeasure design for identified security risks.
Required Skills
  • S0171   Skill in performing impact/risk assessments.
  • S0232   Skill in identifying intelligence gaps and limitations.
Required Abilities
  • A0033  Ability to develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities.
  • A0069  Ability to apply collaborative skills and strategies.
  • A0106  Ability to think critically.
  • A0112  Ability to monitor advancements in information privacy technologies to ensure organizational adaptation and compliance.