### Key Responsibilities:
- **IT Governance Frameworks:**
- Implement IT governance, risk, and compliance solutions aligned with company policies.
- Develop and implement IT governance policies, processes, procedures, and training materials.
- Monitor and report on IT governance, risk management, and audit compliance.
- Improve business continuity/disaster recovery plans.
- **IT Risk Management Audit:**
- Maintain the IT risk framework and manage the IT Risk Register.
- Conduct internal risk assessments and track application access reviews, security, network, vulnerability assessments, and IT audits.
- Facilitate disaster recovery and business continuity initiatives.
- Collaborate with internal clients and third parties for IT risk analysis and management.
- **IT Compliance:**
- Monitor and review compliance with regulatory requirements.
- Manage compliance requirements to improve the company’s compliance maturity.
- Maintain and facilitate data protection activities to ensure compliance with regulations.
- Coordinate and support internal and external compliance audits.
- **Incident Response and Management:**
- Develop and maintain an incident response plan.
- Lead and coordinate responses to cybersecurity incidents.
- Conduct post-incident reviews and prepare stakeholder communications.
- Develop incident response training for employees.
- **Documentation and Reporting:**
- Maintain accurate documentation related to IT GRC activities.
- Generate regular reports on the organization’s security and compliance posture.
- **Security Architecture and Implementation:**
- Integrate security measures into the overall IT architecture.
- Implement and manage security technologies.
- Ensure secure configuration and operation of IT systems.
- **Ad Hoc Duties:**
- Perform ad-hoc duties as assigned.
### Qualifications:
- **Essential:**
- Matric
- National Diploma in IT or Bachelor’s degree or equivalent (NQF Level 6)
- IT Governance certification or ITIL & COBIT mandatory
- **Desirable:**
- CRISC, CISSP, CISM, CISA, or CGEIT certification
### Experience:
- **Essential:**
- IT governance, risk, and compliance experience
- Experience with GRC methodologies, tools, and enablers
- Hands-on experience with IT governance frameworks (COBIT, ITIL, ISO, PRINCE II)
### Legal Requirements:
- Clear Criminal Record
### Knowledge and Skills:
- Solid understanding of IT governance, risk management, and compliance frameworks
- Understanding of security risks and preventative controls
- Excellent understanding of IT operational processes and controls
- Knowledge of IT frameworks and best practices
- Understanding of regulatory requirements (PCI DSS, POPIA, GDPR)
- Ability to communicate GRC concepts effectively
- Knowledge of relevant legislation and mapping business needs to technology solutions
- Corporate governance principles and technical elements understanding
### Attributes:
- Resilient, innovative, and deadline-driven
- Self-starter with customer service orientation
- Professional with strong negotiation and conflict resolution skills
- Conscientious, meticulous, and fair
- Honest, hardworking, and humble
**Application:** Apply by emailing your CV to amukelani.phangwane@affinityhealth.co.za.
Join Affinity Health as an IT Governance, Risk, and Compliance Specialist to play a crucial role in maintaining high standards of IT governance, risk management, and compliance.