Brief Description        

• Job PurposeStatement:The job purpose for a Technology Governance, Risk, and Compliance (GRC) Officeris to ensure that an organization’s technology operations are conducted in a mannerthat aligns with regulatory requirements, industry standards, and internalpolicies while minimizing risk and enhancing overall governance.

Detailed Description        

• As a Technology Governance, Risk, and Compliance (GRC) Officer in they should align their responsibilities and objectives in managing technology-related governance, risk, and compliance initiatives aligned with IOSA, GDPR, PCI-DSS, ISO 27001
• Track the reduction intechnology-related risks over time. This could involve quantifying risk factors, vulnerabilities, and incidents, and measuring progress in mitigating them.
• Monitor and report on the adherence of technology teams and departments to established governance policies, standards, and procedures.
• Collaborate with developers, Systems engineers, database engineers, security engineers, project managers, risk officers and legal team.

Analytics

• Incident Response Time: Measure the time it takes to detect, respond to, and mitigatetechnology-related incidents, such as data breaches or system vulnerabilities.
• Training and Awareness: Evaluate the effectiveness of training programs and awareness initiatives aimed at improving technology GRC knowledge among employees. Measure participation rates and knowledge retention.
• Security Posture Improvement: Monitor the organization’s security posture by tracking key security metrics, such as vulnerability assessments, patch management effectiveness, and security controls implementation.
• Vendor Risk Management: Assess the risk associated with third-party technology vendors and measure improvements in managing and mitigating these risks.
• Data Privacy Compliance: Measure compliance with data privacy regulations and standards (e.g., GDPR, CCPA) by tracking data protection practices, privacy impact assessments, and data breach incidents.
• Incident Resolution Rate: Evaluate the rate at which technology-related incidents are resolved and measure the time it takes to return to normal operations.
• Policy Development and Updates: Track the development and updates of technology GRC policies, ensuring they align with evolving regulatory requirements and industry best practices.
• Budget Compliance: Monitor and report on the alignment of technology GRC expenditures with the allocated budget. Ensure cost-effectiveness in implementing security and compliance measures.
• Stakeholder Satisfaction: Collect feedback from technology stakeholders, such as IT teams, executives, and external auditors, to gauge their satisfaction with technology GRC initiatives and processes.
• Business Continuity: Measure the organization’s ability to maintain critical technology functions during disruptive events. Assess the effectiveness of technology disaster recovery and business continuity plans.
• Security Awareness Surveys: Conduct regular surveys to assess the level of security awareness among employees and technology teams. Use the results to tailor awareness programs.
• Compliance Documentation: Ensure that necessary compliance documentation (e.g., risk assessments, policies, audit reports) is complete, up-to-date, and accessible to relevant stakeholders.
• Cybersecurity Incident Preparedness: Evaluate the readiness of the organization to respond to cybersecurity incidents by conducting drills and simulations. Measure the improvement in response effectiveness.
• Technology Asset Inventory: Maintain an accurate inventory of technology assets and assess its completeness and accuracy over time.
• Assess the results of internal and external audits related to technology GRC. Measure the number of findings, their severity, and the speed of remediation.

Job Requirements        

• Bachelor’s degree in computer science/information technology or any other related field from a recognized university
• Minimum 3 years’ experience
• Excellent communication, analytical and interpersonal skills.
• Ability to work with minimal supervision over long hours when addressing system issues.
• Sound ability to prioritize, time-manage and fast indecision-making.