IT GRC Analyst

We are seeking a skilled IT GRC (Governance, Risk, and Compliance) Analyst with a minimum of 3 years of experience to join our team. The ideal candidate will have a strong understanding of data privacy frameworks, including GDPR and POPIA, and be knowledgeable in CIS Controls and NIST Cybersecurity Framework (CSF). Familiarity with ISO 27001 is advantageous. The candidate should have a passion for policy, procedures, and compliance, be able to understand and address client challenges, and possess a solid understanding of information security best practices. Experience in legal and/or quality management is a plus. Progress towards obtaining a CISSP certification is highly desirable. Key Responsibilities: Governance and Compliance: Develop, implement, and maintain IT governance and compliance policies and procedures. Ensure adherence to data privacy frameworks such as GDPR and POPIA. Conduct regular audits and assessments to ensure compliance with internal and external standards. Risk Management: Identify, assess, and manage IT risks in accordance with industry best practices and frameworks (CIS Controls, NIST CSF). Develop risk mitigation strategies and monitor their implementation. Information Security: Maintain and enhance the organizations information security posture. Provide expertise on information security best practices and standards. Support the implementation and maintenance of ISO 27001 standards (if applicable). Client Support: Understand client challenges and provide solutions to overcome compliance and security-related issues. Act as a trusted advisor to clients on GRC-related matters. Policy and Procedure Development: Draft, review, and update IT policies, procedures, and documentation. Ensure policies and procedures are effectively communicated and enforced across the organization. Training and Awareness: Conduct training sessions and workshops to promote awareness and understanding of GRC policies and best practices. Stay updated on the latest industry trends and regulatory changes. Qualifications and Skills: Minimum of 3 years of experience in IT governance, risk management, and compliance. Strong knowledge of data privacy frameworks such as GDPR and POPIA. Understanding of CIS Controls and NIST Cybersecurity Framework (CSF). Familiarity with ISO 27001 standards is advantageous. Passion for policy development, procedures, and compliance. Ability to understand and address client challenges effectively. Solid understanding of information security best practices. Legal and/or quality management experience is a plus. Progress towards obtaining a CISSP certification is highly desirable. Excellent analytical, problem-solving, and communication skills. Strong organizational skills and attention to detail. Education: Bachelors degree in Information Technology, Computer Science, Cybersecurity, or a related field. Advanced degrees or relevant certifications are a plus. Certifications: Progress towards CISSP (Certified Information Systems Security Professional) is highly desirable. Other relevant certifications (e.g., CISA, CISM, CRISC) are a plus.