IT Risk, Governance & Compliance Officer


This role will have broad accountability for IT governance, risk and compliance
related functions including IT policies, standards, risk, and controls
management. This role is a key contributor to IT Strategy, which includes
developing frameworks aligned to the appropriate industry standards, creating
the required forums, and establishing appropriate monitoring mechanisms to
ensure that compliance is effective. This role will be reporting to the CIO.


Governance Policy/Compliance

  • Lead the system-wide IT compliance program, ensuring IT activities,
    processes, and procedures meet defined requirements, policies, and
  • Develop and implement effective and reasonable policies and practices
    to secure protected and sensitive data and ensure IT and compliance
    with relevant legislation and legal interpretation.
  • Monitor the effectiveness of internal governance structures, including
    Executive committees, steering committees, and business forums,
    recommending potential improvements to the CIO for consideration
  • Consolidate GRC-related information across functions and governance
    structures, identifying priority focus areas, monitoring progress and
    reporting to stakeholders
  • Effectively promote and practice good corporate Governance.
  • Evaluate, enhance & continuously improve IT Governance
  • Evaluate policies, procedures, & processes compliance with regulations
  • Develop systems & processes to improve our IT governance.
  • Develop policies, processes & participate in acquiring technology &
    implementation of said policies, processes to improve IT GRC
  • Report on the regulatory environment & Company compliance threats
  • Guide on how legislation & regulations should be implemented.


  • Lead the development and implementation of the system-wide risk
    management function of the IT GRC framework as designed to ensure
    information IT risks are identified and monitored.
  • Develop and maintain IT Risk Registers for the company, and
    departments, and ensure its regular review by management
  • Internally assess, evaluate, and make recommendations to
    management regarding the adequacy of the IT controls for the
    information and technology systems.
  • Works with IT, Information Security & Business stakeholders to
    determine the acceptable level of risk for the organization
  • Assist in performing Third Party Risk Assessments for new & existing
    vendor tools, on-premise and cloud implementations, & third parties
    with access to the environment.
  • Assist in maturing the Third-Party Risk Management program by
    defining security controls required of vendors.
  • Articulate identified risks to the business for remediation, mitigation &
  • Identify, monitor & report on Key Risk Indicator

Audit and Security

  • Ensure security audits are conducted.
  • Conduct follow up on security assessments.
  • Conduct follow ups on IT audits;
  • Develop and implement Cyber Security Framework/s
  • Develop; Implement & Manage Vulnerability Management Process.
  • Conduct follow up on cybersecurity penetration test & vulnerability
    assessment as per process.
  • Be the 1st point of contact for both internal/ external auditors
  • Conduct follow ups on IT audits & ensure closure on findings
  • Monitor and review the security awareness program for the
  • Reports on security assessments & IT audits.
  • Work with Internal Audit, External Audit, Internal Control functions and
    outside consultants as appropriate on required IT assessments and
  • Coordinate and track all information technology and IT related audits
    including scope of audits, timelines, auditing agencies and outcomes.
  •  Work with auditors as appropriate to keep audit focus in scope,
    maintain excellent relationships with audit entities and provide a
    consistent perspective that continually puts the institution in its best
    light. Provide guidance, evaluation, and advocacy on audit responses.


  • Bachelor’s degree with auditing and/or information systems or equivalent
  • Additional governance qualification/ certification


  • Minimum of 5 years’ plus working experience in IT Risk, Governance &
    Compliance, or IT Audit experience.


  • Knowledge of governance frameworks and standards such as COBIT, ISO
    and NIST (CoBIT certification is an advantage)

Closing date for applications is 16 February 2024

By applying for this vacancy, you give consent to your CV to be reviewed for
other roles and allow your cv to be shared with the relevant persons at
By applying for this vacancy, you give consent to your CV to be reviewed for
other roles and allow for your cv to be shared with the relevant persons at

  • Analytical skills
  • Communication skill
  • Leadership abilit
  • Attention to detai
  • Risk assessmen
  • Business knowldge

Harambee Vacancies

Apply Now

    Application Code/ Position Name

    Are you currently an existing Harambee employee?

    POPIA Consent (Allow us to process your personal information)
    The Protection of Personal Information Act, 4 of 2013,
    (“POPIA”) regulates and controls the processing, including the
    collection, use, and transfer of a person’s personal information.

    Do you grant Harambee permission to store your data for future recruitment opportunities