Specialist - Cyber Grc

**When it comes to putting people first, we're number 1.**

The number 1 Top Employer in South Africa.
Certified by the Top Employer Institute 2025.

**Role Purpose/Business Unit**:
Defining Cyber Governance, Risk & Compliance in order to:

- Lead ongoing evaluation of security policies and relevant standards supporting the continuous improvement of the security governance program.
- Ensure comprehensive Information Security Risk management programs and processes are established.
- Align Information Security Risk management with the enterprise risk management framework.
- Manage cyber security risks while collaborating with other departments to identify, recommend, develop, implement, and support a risk-informed decision and action framework.
- Provide Management with assurance covering controls across the Business environments that are adequately designed and operating effectively.
- Support Management during audits and implement and track Management audit actions to closure.
- Assist in the management and rollout of Cyber Training & Awareness initiatives.
- Provide Management with status update reports as well as insight reporting.

**Your responsibilities will include**:

- Plan, execute, track, and report Cyber Security Training and Awareness initiatives.
- Provide bespoke training for high profile staff based on their potential risk of being attacked (HR, IT, Senior Executives, Executive PAs).
- Deliver Cyber Security Inductions for all new joiners.
- Execute routine phishing simulations to assess the posture of staff reporting and click rates.
- Identify high-risk users through phishing simulations and provide workshops to lower their risks.
- Roll out Cyber Security training for all staff based on current trending global topics.
- Deliver presentations to senior management on results of Cyber Security awareness campaigns, pain points, lessons learned and actions going forward for improvement.
- Research common attack vectors and ways to spot them to reduce the risk.
- Provide security communications based on risks identified within the organization.
- Serve as the main point of contact for Cyber Security Training and Awareness.
- Implement and guide policy compliance across the organization.
- Review Security Policies, Processes, and Standards for non-conformances.
- Identify gaps in policies and provide input to improve them.
- Communicate changes to policies to the organization and the impact of the changes.
- Review processes with partner departments to ensure good security practices are up to date as per industry standards.
- Support Cyber Security audits across the organization.
- Identify and register new risks with the implementation and integration of new systems.
- Support and advise security measures and other security solutions to ensure the security of all data within the organization.
- Assess Cyber and IT Risks associated with policy non-conformities and vulnerabilities.
- Assess and approve policy deviations, track remediation actions, and provide status updates to management.
- Support Implementation of security controls from a GRC standpoint to provide confidence in the organization’s cyber security posture.
- Serve as the ISO 27001 & ISO9001 Coordinator for the department to ensure the Risk and Quality Management System is maintained.

**Key Accountabilities and Decision Ownership**:

- Proactively evaluate cyber security policies to ensure security policy adherence.
- Promote awareness of security policies, training, and the governance strategy across all levels of the organization.
- Maintain and further develop the Cyber Risk Management Program.
- Actively manage risks on the Cyber Risk Register from intake to resolution.
- Communicate risk assessment findings with key stakeholders to develop and monitor risk remediation plans.
- Develop cyber risk portfolios to provide a more holistic view of teams’ risks.
- Conduct regular compliance assessments with the Business to ensure that current and emerging risks are being monitored and managed.
- Provide proactive Control design and implementation guidance to the Business.
- Monitor and report Process and Control Compliance.
- Support Cyber Security Audits and Review of cyber audit reports.
- Support Tracking and monitoring of audit remediation action implementation.
- Deploy cyber security awareness training through innovative approaches.
- Develop and communicate GRC status reports as required by Management.
- Support GRC report development using automation and reporting tools to generate Cyber Risk metrics such as KPIs, KRIs, and KGIs (KxI)
- Matric is essential.
- Degree or relevant tertiary qualification in Information Technology.
- Must have at least once of the following Certifications CISA, CGEIT, CRISC, CISSP, CISM, ISO 27001 Lead Auditor
- At least 5+ years of experience in cyber governance, risk, controls, and compliance management in a Cyber Security or technology environment.
- Knowledge of common information technology ma