Job Title: Specialist IT Governance, Risk and Compliance (GRC)
Role Overview
The Specialist IT Governance, Risk and Compliance (GRC) is responsible for supporting and strengthening the organization's IT governance framework, risk management practices, and regulatory compliance initiatives. The role ensures that IT processes, systems, and operations comply with internal policies, industry standards, and external regulatory requirements. The specialist works closely with IT, security, audit, and business stakeholders to identify risks, implement controls, and maintain effective governance structures that support business objectives and regulatory obligations.
Key Responsibilities
IT Governance
- Support the implementation and maintenance of IT governance frameworks such as COBIT, ISO 27001, NIST, or similar standards.
- Assist in developing, reviewing, and maintaining IT policies, standards, procedures, and guidelines.
- Ensure IT processes align with corporate governance principles and organizational objectives.
- Monitor adherence to governance policies and recommend improvements where necessary.
- Support IT leadership in establishing governance structures, reporting mechanisms, and decision-making frameworks.
Risk Management
- Conduct IT risk assessments to identify potential threats, vulnerabilities, and operational risks.
- Maintain and update IT risk registers and track mitigation activities.
- Work with cross-functional teams to develop and implement risk mitigation strategies and control measures.
- Evaluate risks associated with new technologies, systems, and third-party services.
- Monitor key risk indicators (KRIs) and provide regular reporting on risk status.
Compliance Management
- Ensure compliance with regulatory requirements, industry standards, and internal policies.
- Track regulatory updates and assess their impact on IT operations and systems.
- Coordinate compliance assessments and ensure remediation of identified gaps.
- Support implementation of compliance frameworks such as GDPR, SOX, ISO, or other applicable regulations.
- Assist in maintaining documentation and evidence required for compliance audits.
Audit and Control Management
- Support internal and external IT audits by preparing documentation, evidence, and reports.
- Track audit findings and ensure timely closure of remediation actions.
- Perform control testing and monitoring to validate the effectiveness of IT controls.
- Work closely with internal audit teams to ensure compliance with audit requirements.
Policy and Documentation Management
- Develop, maintain, and review IT governance and security policies.
- Ensure proper documentation of processes, controls, and governance practices.
- Maintain centralized repositories for governance documentation and compliance records.
Stakeholder Collaboration
- Collaborate with IT operations, cybersecurity, legal, and business teams to ensure effective risk and compliance management.
- Provide guidance and awareness to teams regarding governance standards and compliance requirements.
- Support training initiatives to improve governance and risk awareness across the organization.
Reporting and Monitoring
- Prepare governance, risk, and compliance reports for IT management and senior leadership.
- Track key performance indicators (KPIs) and compliance metrics.
- Provide insights and recommendations for improving governance and risk posture.
Required Skills and Qualifications
- Bachelor's degree in Information Technology, Computer Science, Information Security, or a related field.
- 8years of experience in IT governance, risk management, compliance, or IT audit.
- Knowledge of governance frameworks such as COBIT, ITIL, ISO 27001, or NIST.
- Understanding of regulatory compliance requirements such as GDPR, SOX, or similar frameworks.
- Experience in risk assessments, control testing, and audit coordination.
- Strong analytical, documentation, and problem-solving skills.
- Excellent communication and stakeholder management abilities.
