Description:
Recruiting a Governance, Risk & Compliance Security Analyst to work in – Information Technology: IT Security and Governance (Long Term Insurance Industry). This is a perm position.
The ideal candidate must have a minimum of 5yrs Governance Risk & Compliance, coupled with proven experience in implementing frameworks, Processes, and Policies
Duties and responsibilities:
Audit and Security
• Ensure security audits are conducted.
• Conduct follow up on security assessments.
• Conduct follow ups on IT audits;
• Develop and implement Cyber Security Framework/s
• Develop; Implement & Manage Vulnerability Management Process.
• Conduct follow up on cybersecurity penetration test & vulnerability assessment as per process.
• Be the 1st point of contact for both internal/ external auditors
• Conduct follow ups on IT audits & ensure closure on findings
• Develop & implement a security awareness program for the organization, agents, 3rd parties & Sales Representatives.
• Reports on security assessments & IT audits.
Governance
• Evaluate, enhance & continuously improve IT Governance
• Evaluate policies, procedures, & processes compliance with regulations
• Develop systems & processes to improve our IT governance.
• Develop policies, processes & participate in acquiring technology & implementation of said policies, processes to improve IT GRC
• Report on the regulatory environment & Company compliance threats
• Guide on how legislation & regulations should be implemented.
Risk Management
• Provide a Statement of Assurance for the IT in the Combines assurance
• Continuously liaise with the Group Risk Management on new developments (internal) evolution of industry (external) & the risk it introduces, the risk management & mitigation processes & strategies
• Works with IT, Information Security & Business stakeholders to determine the acceptable level of risk for the organization
• Assist in performing Third Party Risk Assessments for new & existing vendor tools, on-premise implementations, & third parties with access to the environment.
• Assist in maturing the Third-Party Risk Management program by defining security controls required of vendors.
• Articulate identified risks to the business for remediation, mitigation & sign-off.
• Identify, monitor & report on Key Risk Indicators
Compliance and Monitoring
• Monitor compliance to Cyber Security Framework based on ISO27001/2 & NIST
• Monitor compliance to IT Governance Framework based on ISO 38500; King IV; COBIT
• Monitor compliance to Enterprise Risk Management Framework based on ISO 31000
• Monit...