Specialist: GRC

Job Description

Join Us

Position: Specialist – Governance, Risk & Control (GRC)

Reports to: Head of Technology Governance

Department: Technology Governance

Job Purpose

To manage and lead the Technology Security Governance, Risk, Compliance and Assurance needs across Vodacom. To further provide security assurance, guidance and support to high profile projects according to company defined policies and requirements, best practice and local/international standards (PCI, SOX, ISO27001, GDPR, POPIA and Cyber Crime Bill, Data Protection Act 2011 of Lesotho) relevant to the technology security area.

Key Accountabilities

• Direct, develop, implement and maintain a comprehensive Vodacom-wide information security governance, risk and compliance strategy
• Ensure security is embedded in IT System and Network Infrastructure (Mobile, IS and Enterprise) across the Vodacom
• Ensure timely delivery of technology security assurance and support for projects
• Provide accurate and timely reporting of technology security risks identified during project engagement and propose remediation and mitigation options
• Monitor information security governance, risk, and compliance by Vodacom BIT, Mobile and Enterprise Business domains
• Ensure alignment of information security governance with the Vodacom’s business objectives, the information security strategy, plans and controls
• Ensure compliance with the applicable legislative and regulatory interpretation and corporate risk appetite
• With the assistance of Head: Technology Governance, Lead, develop, manage and maintain the Vodacom-wide information security governance deliverables lifecycle including compliance measurement, deviations and exemptions
• Engage with the stakeholders on compliance to control effectiveness and deficiencies in the design and operating effectiveness of information security controls, design and recommend opportunities for continuous improvement
• Develop, manage and implement the Vodacom information security audit and assurance plans and schedules, including any specific business needs and requirements (including PCI, ISO27001, GDPR, Data Protection Act of Lesotho, Cyber Crime Bill)
• Design appropriate remedial actions for identified risks, drive remediation of findings and management of risks and exemptions
• Participate in IT general controls and compliance testing activities and/or audits

Qualifications and Experience

• Degree or equivalent in IT/Engineering or relevant tertiary qualification.
• Knowledge of legal, regulatory and privacy requirements, such as Personally Identifiable Information (PII), GDPR, etc.
• Proven experience managing and operating multiple security programs, projects, and initiatives
• Ability to write reports for different security stakeholders
• Proficient in preparation of reports, dashboards and documentation
• Knowledge of and experience with GDPR
• Web Application security and best practises
• Business Analysis skills
• High competence in Programming skills
• Risk assessment skills
• Knowledge of policy / procedure design and development.

Skills:

• Excellent Interpersonal skills
• Negotiation and collaboration skills
• Analytical skills