Position Description:
We’re looking for a Governance, Risk & Compliance Security Analyst (GRC Security Analyst) to be part of our Information Security team. If you have sound experience in GRC for large scale organisations, then you should consider applying for this role.
With a robust strategy focusing on People, Process and Technology, we believe that our culture and the quality of our people are our greatest strengths. As such, we need to employ top talent to support our key business functions.
TFG’s IT division provides innovative, strategic and cost-effective ICT solutions and professional services to TFG and its subsidiaries. Working for TFG means; working with highly talented professional individuals, who are passionate about collaboration, creativity and working towards successful customer service.
The Key Performance Areas of this role will be as follows:
Risk Management:
- Manage and coordinate 3rd party risk management (TPRM) assessments
- Engage with BU/Functional Heads re TPRM within their departments
- Conduct vendor reviews and measure TPRM engagement, including vendor/supply chain maturity
- Update and manage the TPRM dashboard regards goals vs achievements
- Socialise the TPRM framework with all the required stakeholders
- Contract reviews and input into Cyber Security related risk clauses
- Engagement with Group Assurance and relevant stakeholders
Audit Management:
- Liaise with internal and external auditors and Infotec key stakeholders
- Drive the resolution of audit findings and provide regular updates and reports to the relevant stakeholders
- Engage and manage PCI audits with all stakeholders
- Engage directly with the CyberSecurity team to manage open audit findings
Policy Management:
- Update all CyberSecurity policies where required throughout the year, and within timeframes for relevant TFG-held certificates
- Update and manage a regular Policy dashboard regarding reviews/modifications undertaken
- Socialise the CyberSecurity policies within TFG
Compliance Management:
- Regular monitor, manage and report on the PCI-DSS compliance status
- Regular monitor, manage and report on the POPIA compliance status
- Engage with legal and legal compliance
Cyber Security Awareness:
- Update and maintain the security awareness program
- Review and update security awareness content
Requirements:
- Relevant 3-year tertiary qualification
- Information Security certification (s) such as Security+, CyberSecurity Analyst, CRISC, CISSP, SC-900, SC-300 and ISO27000 set of standards
- Minimum of 3 years IT experience and at least 2 years’ experience as an Information Security Analyst.
- Experience with data privacy (POPIA and/or GDPR) is required
- Experience in driving PCI-DSS compliance and recertification
- Understanding and leveraging off mainstream Risk Management frameworks
- Understanding of IT Disaster Recovery
- Strong communication skills, both written and verbal
- Strong analytical skills
- Good interpersonal skills
- Coping within a high-pressured environment
Ideally you should be skilled in:
- Working with Risk Management tools
- Cloud exposure like Azure, AWS, Google
- Project Management and/or coordination capabilities
- 2-3 years’ Compliance Management experience (POPIA, PCI, GDPR)
- 2-3 years’ experience working with Cybersecurity technologies
- 1-3 years’ experience in conducting risk assessments.
Competencies and behaviours for success:
- Strong conflict management skills
- Excellent written communication, presentation and negotiation skills
- A focus on delivering results and meeting customer expectations
- Sound judgement, decision-making, and problem-solving skills
- High resilience and agility with the ability to work well under pressure and deliver to in a fast-paced environment
- High emotional intelligence and experience in leading diverse teams and individuals
Preference will be given, but not limited to candidates from designated groups in terms of the Employment Equity Act.