Cyber security Specialist Governance, Risk and Compliance

Job Description

1. Role Purpose

As a Cyber Governance, Risk and Compliance specialist, you will be responsible for ensuring Vodacom’s system are protected by leading the implementation of Cyber Security Control frameworks, risk management and compliance with industry standards and regulatory requirements.

2. Key accountabilities

• Coordinate delivery and maintenance of Cyber Security Control Framework across all Vodacom-relevant business areas and processes.
• Work with colleagues, third parties and/or contractors across various Security, Privacy by Design and Assurance activities including, security assessments and remediations.
• Deliver detailed Security, Privacy by Design and Assurance reports to record levels of compliance and record findings in central repositories and progress towards compliance.
• Coordinate all Cybersecurity Internal and external audits around Technology systems and processes, ensuring these systems are free from known Technology audit findings, and ensuring all audit findings in these systems are closed within agreed timelines.
• Conduct regular risk assessments to identify vulnerabilities and threats to the organization’s assets.
• Identify, assess, and prioritize cybersecurity risks, and potential impacts on the organizations assets and systems.
• Analyze risk data and develop risk mitigation strategies.
• Maintain, follow-up and communicate the Cybersecurity Risk Register, ensure alignment with enterprise risk management.
• Prepare and implement a security awareness program, to ensure a change in the organization's security culture.
• Establish and enforce cybersecurity policies, procedures and standards to ensure alignment with business objectives.
• Ensure compliance with applicable laws, regulations, and industry standards (e.g., GDPR, PCI-DSS and ISO27001-2]
• Own Third Party Risk Management process from on-boarding of vendors and service providers to the termination of their contracts.
• Work closely with IT, Legal, Network Operations, Project Management Office and other departments to ensure a cohesive approach to cybersecurity governance and compliance.
• Act as a central point of reference for regulatory bodies and external auditors regarding cybersecurity matters.
• Stay updated on emerging cybersecurity trends, threat, and regulatory changes.
• Recommend enhancements to existing processes and tools to improve overall security posture.

Core Competencies, Qualification, Knowledge and Experience.

• Bachelor's degree in computer science, information technology, cyber security, or a related field.
• Minimum of 3-5 years of experience in Cyber Security, Information System Audit and IT Risk Management.
• Relevant certifications (CISA, CRISC, CSIM, CISSP, ISO 27001 Lead Implementer /Auditor, ISO27005 Risk Manager or equivalent)
• Strong knowledge of Cyber and Risk Management Frameworks and International Security Standards such as ISO/IEC 27001, SOC 2, ITIL, COBIT, and NIST.
• Knowledge of legal, regulatory and privacy requirements, such as GDPR.
• Previous experience with big 4 audit companies and or Telecommunication /banking industry will be an advantage
Core Competencies, Knowledge and Experience.
• Excellent communication skills [French and English]
• Strategic Thinking
• Leadership Acumen
• Analytical Skills
• Fostering Teamwork
• Time Management,
• Results oriented
• Customer Orientation.