IT Governance Analyst

**Job Purpose**

To assist in maintaining framework(s) that provides assurance that information security and strategies are aligned and support the business objectives.To ensure the security of the company, customer and proprietary information, including information transmitted to and from the company environment, ensuring compliance with regulatory requirements, and for ensuring employees are familiar with general security awareness practices.

**Responsibilities**

**IT Governance**
- Participate in developing, and implementing IT governance policies, and procedures to improve IT governance system
- Review and provide input to business cases and Technology specification documents
- Evaluate, enhance & continuously improve IT Governance
- Participate in policy creation and maintenance
- Develop; Implement & Manage Vulnerability Management Process
- Assist to develop Cyber Security Framework(s)
- Evaluate policies, procedures, & processes compliance with regulations
- Report on the regulatory environment & Company compliance threats
- Guide on how legislation & regulations should be implemented
- Ensure that data is properly classified, retention periods established, and data is removed/de-identified in systems

**Audit and Security**
- Participation in Internal and/or External IT Audits
- Participation and facilitation of security audits
- Conduct follow-up on security assessments and IT audits to ensure closure on findings
- Conduct follow-up on cybersecurity penetration test & vulnerability assessment as per process
- Reports on security assessments & IT audits

**IT Risk Management**
- Assist in the risk management process in alignment with the Enterprise Risk Management framework
- Assist in the risk management process through the implementation of risk mitigation strategies based on Information Security best practice principles
- Assist in performing Third Party Risk Assessments for new & existing vendor tools, on-premises implementations, & third parties with access to the environment
- Articulate identified risks to the business for remediation, mitigation & sign-off
- Identify, monitor & report on Key Risk Indicators Compliance and Monitoring
- Assist to monitor compliance to Cyber Security Framework based on ISO27001/2 & NIST
- Monitor compliance to IT Governance Framework based on ISO 38500; King IV; COBIT
- Monitor compliance to Enterprise Risk Management Framework based on relevant risk management frameworks (e.g., ISO 31000)

**IT Disaster recovery**
- Assist with the development, implementation and testing of the Disaster Recovery Strategy
- Ensure that the Disaster Recovery Plans (DRP) are aligned with the business-defined recovery point and recovery time objectives
- Ensure that Disaster Recovery Plan tests are conducted according to the agreed test plan

**Management of IT Governance Vendors**
- Ensure that the supplier/vendor security management process is effective and based best practices and regulatory compliance
- Manage security-related contracts and non-disclosure agreements with security suppliers, vendors and service providers
- Maintain professional relationships with security service providers.
- Provide customer service to internal and external clients

**Stakeholder management**
- Ability to create a collaborative environment and facilitate cross-functional teams for IS / IT initiatives
- Ensure senior management remain informed of regulatory, legislative, and best practice changes and their obligations under these changes and how they impact BLT
- Provide regular reports to boards and other relevant bodies detailing any current issues or information as required
- External risk reporting to stakeholders.

**Behavioural Competencies**
- Work Collaboratively
- Ensures Accountability
- Self-Management
- Manages Complexity
- Ensures Accountability
- Tech Savvy

**Education**
- 3-year IT (or related) Qualification - degree or diploma (minimum)
- ITIL Foundation/COBIT 5 Foundations
- CISA, CRISC, CISM, and CGEIT (advantageous)

**Experience**
- Minimum of 2-3 years Governance Risk & Compliance, coupled with proven experience in implementing frameworks, Processes, and Policies
- 1 to 3 years IT and/or business systems and/or
- 1 to 3 years Corporate/IT Governance, Risk and Compliance and/or
- 1 to 3 years of IT Auditing