Senior IT GRC

Key Responsibilities

Governance:

• Develop, implement, and maintain IT policies, standards, and procedures aligned with business objectives and regulatory requirements.
• Partner with business units and IT leadership to embed governance into operational processes.
• Drive adoption of IT governance frameworks such as COBIT, ISO/IEC 27001, PCI DSS, and SOC.

Risk Management:

• Identify, assess, and report on IT risks across the enterprise.
• Conduct regular IT risk assessments and maintain an up-to-date IT risk register.
• Collaborate with stakeholders to design and implement risk mitigation strategies.
• Lead risk reviews for new projects, vendors, and systems.

Compliance:

• Ensure compliance with relevant regulations and industry standards.
• Manage internal and external IT audits, including documentation and remediation of findings.
• Monitor changes in the regulatory landscape and proactively assess impact on IT processes.
• Coordinate IT compliance assessments and certifications as required.

Awareness & Reporting:

• Develop dashboards and reports on IT risk and compliance posture for executive leadership.
• Conduct training and awareness programs on IT GRC topics.
• Facilitate business continuity and disaster recovery planning and testing.

Required Qualifications

• Bachelor’s degree in computer science, Information Systems, or a related field.

• Strong knowledge of regulatory frameworks (e.g., NBE, CBE, Data Privacy Law) and control frameworks (COBIT, ISO 27001, NIST, PCI DSS, SOC)

• Hands-on experience with GRC tools and platforms

• Excellent analytical and problem-solving skills

• Strong communication and stakeholder management abilities

• Project management skills with ability to lead cross-functional initiatives

• Attention to detail and ability to interpret complex regulatory requirements