Our client is the leading IT Governance, Risk and Compliance(GRC) Consulting and Capacity Building firm in Africa. With a presence in 9 African Countries and accreditation to 2 global best practice standards (ISO27001 global Information Security standard and ISO9001 global Quality Management Standard) as well as being a Qualified Security Assessor (QSA) for the Payment Card Industry Data Security Standard (PCIDSS), we are in a class of our own.
Key Responsibilities
- Be a key part of GRC projects, end to end from consulting to implementation
- Apply GRC fundamentals incorporated in various processes.
- Understands and document information systems and processes correctly.
- Engage with clients to understand relevant solutions and advise them
- Understands information security controls and how they relate to engagement requirements.
- Raise awareness for clients and internal team around GRC.
- Lead the system-wide information security compliance program, ensuring IT activities, processes,and procedures meet defined requirements, policies, and regulations.
- Develop and implement effective and reasonable policies and practices to secure protected andsensitive data and ensure information security and compliance with relevant legislation and legalinterpretation.
- Examine IT controls, evaluate the design and operational effectiveness, determine exposure torisk, and develop remediation strategies.
- Conduct efficient and effective IT audit procedures.
- Plan internal audit procedures
- Create internal audit reports
- Communicate complex technical issues in simplified terms to clients
Education/Certifications:
Bachelor’s degree in an IT-related discipline
Working knowledge of frameworks standards and regulations, including PCI, ISO27001/22301/9001/20000/DPR.
Experience in conducting VAPT would an advantage.
Possession of ISO 27001/22301/9001/20000 valid certifications.
Possession of COBIT 2019, CISA, CISM, CISSP would be an advantage
3-5 years of experience in an information systems environment, with strong knowledge of ITGovernance and Systems Information Security.