Governance Risk and Compliance Lead

6 days ago

Woodmead, South Africa AECI Full time

**Purpose of the Job**
The purpose of this role is to lead and strengthen the organisation’s Governance, Risk, and Compliance (GRC) capabilities within the digital and information security domains, with a strong emphasis on Identity Governance and Administration (IGA), Identity and Access Management (IAM), IT Risk Management in line with ISO27001 ,and enterprise-wide Cybersecurity Awareness. The incumbent is accountable for ensuring that identity, access, and compliance practices are secure, efficient, and aligned with regulatory and business requirements.

**Key Internal Stakeholders**
- Information Security Team - to ensure alignment between compliance requirements and technical security controls (e.g., IAM, RBAC, PAM).
- Internal Audit - for coordinating audit readiness, evidence collection, and control testing.
- IT Infrastructure and Operations - for implementing and maintaining access controls, provisioning/deprovisioning, and remediation of audit findings.
- SAP Security and Application Owners - to ensure secure access governance and compliance within enterprise systems.
- Senior Leadership - for reporting on risk posture, compliance status, and strategic recommendations.

**Key External Stakeholders**
- Regulatory Authorities - for compliance reporting, audit inquiries, and regulatory updates.
- External Auditors - for formal audits, control assessments, and compliance verification.
- Third-party Vendors and Service Providers - for vendor risk assessments, compliance assurance, and contract alignment with security standards.
- Industry Bodies and Certification Authorities - for maintaining certifications (e.g., ISO 27001) and staying current with evolving compliance frameworks
- **Identity Governance and Access Management**:

- Access certification reports (attestation cycles)
- Role lifecycle definitions and SoD policy matrices
- RBAC/PAM audit logs
- **Policy documents, violation logs, compliance dashboards** Monitor and enforce compliance by reviewing policies, tracking violations, and driving corrective actions.
- **IAM systems and access review reports** Oversee the IAM program, ensuring proper access controls (RBAC, PAM) and conducting periodic access reviews.
- **User provisioning/deprovisioning logs** Manage user identities and permissions, enforcing least-privilege principles and ensuring timely access changes.
- **Audit schedules and evidence repositories** Lead audit readiness initiatives, preparing documentation and evidence for internal and external audits.
- **Risk metrics and executive dashboards**Report on risk posture, providing actionable insights and recommendations to senior leadership.

**Qualifications & Experience**:
- Bachelor’s degree in Information Systems, Computer Science, Cybersecurity, or a related technical or business discipline.
- Postgraduate qualification (e.g., Honours or Master’s degree in Information Security, IT Governance, or Risk Management) is advantageous and preferred for strategic and senior-level roles.
- Professional certifications in risk, compliance, identity governance, and information security, including at least one or more of the following:

- Certified Information Systems Auditor (CISA) - for audit, controls, and risk governance
- Certified Information Security Manager (CISM) - for managing and aligning cybersecurity programs to business goals
- Certified in Risk and Information Systems Control (CRISC) - for enterprise risk management and control monitoring
- ISO/IEC 27001 Lead Implementer or Lead Auditor - for governance frameworks and audit readiness
- Certified Data Privacy Solutions Engineer (CDPSE) - advantageous for aligning access and compliance with data protection regulations (POPIA, GDPR)
- Microsoft Certifications relevant to identity, compliance, and data governance:

- SC-900: Microsoft Security, Compliance, and Identity Fundamentals
- SC-300: Microsoft Identity and Access Administrator - for IAM, RBAC, and privileged access oversight
- SC-400: Microsoft Information Protection Administrator - for data classification, DLP, and compliance tooling in Microsoft Purview
- (Optional but beneficial): Certifications in security awareness and behavioural change:

- Certified Cybersecurity Awareness Professional (CCAP) or equivalent
- SANS Security Awareness Professional (SSAP) - for designing and managing enterprise awareness programs
- Familiarity with SAP security and access governance is highly advantageous, especially for managing SoD, provisioning, and audit trail requirements within ERP environments.
- Experience or certification in GRC platforms and IGA tools (e.g., SailPoint, Saviynt, Microsoft Entra ID Governance, ServiceNow GRC) will be a strong differentiator.
- 8-10 years of progressive experience in information security, IT risk management, compliance, or related governance roles, with a demonstrated track record of delivering measurable improvements in cyber risk posture, access governance, and regulatory compliance.
- Proven ex

  • Vice President: Risk Management

    1 week ago

    Woodmead, South Africa AECI Full time

    **Stakeholder Management**: - Providing professional Enterprise Risk Management support to the Board Risk Committee, Executive Committee and the other Board Sub-Committees. - Implementing a dynamic Enterprise Risk Management Policy, Framework and process. - Identifying existing and emerging risks and threats to the achievement of the company’s strategic,...

  • Risk Manager: Rest of Africa

    6 days ago

    Woodmead, South Africa AECI Full time

    Responsible for identifying, assessing, and mitigating financial risks, opportunities and threats to the achievement of the Africa businesses strategic objectives. within an organisation. They play a crucial role in ensuring the financial stability and sustainability of the organisation. Conduct comprehensive risk and opportunity assessments to identify and...

  • Risk Manager

    6 days ago

    Woodmead, Gauteng, South Africa d7c27cb4-844f-4b55-bb42-e72c8ef39a48 Full time R750 000 - R1 200 000 per year

    Responsible for identifying, assessing, and mitigating financial risks, opportunities and threats to the achievement of the Africa businesses strategic objectives. within an organisation. They play a crucial role in ensuring the financial stability and sustainability of the organisation.Conduct comprehensive risk and opportunity assessments to identify and...

  • Vice President: Risk Management

    1 week ago

    Woodmead, Gauteng, South Africa AECI Limited Full time R1 500 000 - R3 000 000 per year

    Job DescriptionStakeholder Management:Providing professional Enterprise Risk Management support to the Board Risk Committee, Executive Committee and the other Board Sub-Committees.Implementing a dynamic Enterprise Risk Management Policy, Framework and process.Identifying existing and emerging risks and threats to the achievement of the company's strategic,...

  • Risk Manager: Rest of Africa

    5 days ago

    Woodmead, Gauteng, South Africa AECI Limited Full time R512 000 - R768 000 per year

    Job DescriptionResponsible for identifying, assessing, and mitigating financial risks, opportunities and threats to the achievement of the Africa businesses strategic objectives. within an organisation. They play a crucial role in ensuring the financial stability and sustainability of the organisation.Conduct comprehensive risk and opportunity assessments to...

  • Vice President: Risk Management

    6 days ago

    Woodmead, Gauteng, South Africa d7c27cb4-844f-4b55-bb42-e72c8ef39a48 Full time R1 500 000 - R2 500 000 per year

    Stakeholder ManagementProviding professional Enterprise Risk Management support to the Board Risk Committee, Executive Committee and the other Board Sub-Committees.Implementing a dynamic Enterprise Risk Management Policy, Framework and process.Identifying existing and emerging risks and threats to the achievement of the company's strategic, SHEQ, ESG,...

  • Procurement Excellence Lead

    6 days ago

    Woodmead, South Africa AECI Full time

    **Strategy Development** - Lead the development and implementation of procurement strategies and supplier relationship management strategies in close collaboration with stakeholders - Provide best practices and governance to all procurement teams. - Monitor the implementation of procurement excellence initiatives and priorities. - Benchmark procurement...

  • Group Data

    6 days ago

    Woodmead, South Africa AECI Full time

    **Purpose of the Job** The Data & Analytics Business Engagement Lead will act as the primary liaison between business units and the central data & analytics team. This role is responsible for identifying analytical needs across departments, leading a team of data analysts and BI developers, and ensuring that data-driven solutions are aligned with business...

  • Group Head

    6 days ago

    Woodmead, South Africa AECI Full time

    **Purpose of the job** - The Group Head of Environmental, Health, and Safety (EHS) plays a critical leadership role in the Group, globally, in the areas of safety, health, environment, and is responsible for developing, implementing, and managing comprehensive EHS strategies that align with the company’s overall goals. This role requires a forward-thinking...

  • Security Defense and Operation Lead

    6 days ago

    Woodmead, South Africa AECI Full time

    **Purpose of the Job** - To lead the operational defense of the AECI’s digital infrastructure by coordinating incident response, managing vulnerability remediation, and maintaining critical security controls. - This role ensures that threats identified by the v Security Operations Center (SOC) are swiftly addressed, security incidents are resolved, and...