Information Security Governance Risk & Compliance Specialist

at  Black Pen Recruitment

Our client holds a prominent position as the leading licensed platform for stablecoin on/off-ramp services in Africa. They are dedicated to pioneering innovative solutions within the African stablecoin landscape.
Job Type: Full Time l Remote

REQUIREMENTS

• Bachelor’s degree in discipline related to functional work or role
• Industry recognized certifications such as CISM, CRISC, CISA, or equivalent
• 7+ years of experience in IT Governance or Security Governance working in either a
• Software Development, FinTech or financial institution.
• Experience working in an IT Governance, Risk and Compliance role
• Strong understanding of compliance frameworks including SOC 2 Type 2, ISO 27001, GDPR, PCI DSS
• Experience leading a company through an audit process for obtaining / maintaining compliance certification such as SOC 2 Type 2, ISO 27001, PCI DSS
• Strong risk assessment framework knowledge and experience performing risk assessments covering key risks and controls.
• Very strong communication (verbal and written) skills and the ability to present with clarity
• Strong project management and organization skills

ROLE OVERVIEW

Cloud Security Engineer/Governance Specialist is a key team member of our clients security organisation and is responsible for IT Governance and IT Risk activities that both support and provide oversight to IT, Product Engineering, Infrastructure and Security teams as well as their suppliers and customers. The candidate is expected to have strong understanding of compliance frameworks including SOC 2 Type 2, ISO 27001, GDPR, PCI DSS and be responsible for conducting IT Governance Tasks that align and contribute to the overall success of the broader GRC initiatives under the leadership of our clients CISO. Integral to the role is the ability to manage Governance activities to protect our clients business and clients’ data. Focus is given to maintaining policy compliance, process and organizational policies, standards documentation, information security governance and risk management functions. Additional focus is applied to implementing and refining policies, standards and procedures that help promote the control framework’s adoption and alignment throughout their business.. Furthermore, the position plays a key role in continual process improvements and evolution as it relates to IT Security Risk Assessments, Policy Exceptions and the strategic vision of IT Governance

RESPONSIBILITIES

• Coordinate the development of best practice policies and standards based on various governance frameworks
• Ensure all IT controls are documented and assigned control owners to establish accountability.
• Ensure that risk factors and events are addressed in a cost-effective manner and in line with business objectives
• Assist the IT Governance, Risk & Compliance function in maturing the Information
• Security and Technology Risk Management methodology through improvements in standardized risk assessments
• Update and maintain a robust technology risk and control framework and ensure proper alignment to relevant industry frameworks (e.g., COBIT, SOC 2, ISO 27001, NIST, etc.).
• Monitoring IT controls across the organization
• Assist in the validation of IT control alignment to various industry standards, framework, and requirements (e.g., COBIT, SOC 2, ISO 27001, NIST, etc.)
• Assist in Information Security and Technology Risk Management governance activities including coordinating monthly risk committee meetings with management from IT, Risk and Business Units
• Policy creation, updates, and overall management and organization of shared documentation
• Control Self Assessments and Control Gap Analysis
• Third party risk management and reporting
• Support Security Due-diligence activities with both regulators and business prospects
• Maintaining a Risk Register
• Documenting and evaluating policy exception requests
• Responsible for developing and deriving KPIs from a controls baseline
• Overall analytics of the GRC program and creation and distribution of reporting metrics / dashboarding where appropriate
• Maintenance of the global scope of IT assets, controls, control owners, risks, etc. that make up the IT GRC program
• Creation, documentation and maintenance of governance processes to oversee IT GRC programs