Information Technology Governance Risk & Compliance Specialist (Fintech/Crypto)


Job DescriptionInformation Technology Governance Risk & Compliance Specialist (FinTech/Cryptocurrency)About Us BlackPen Recruitment is South Africas top recruitment agency for FinTech, Cryptocurrency and Startup companies wanting to enter the African Market. We help companies hire the best talent in EMEA countries. About the Company Our client, an American-based company, is expanding globally by being one of the first movers to bring cryptocurrency to Africa and the Middle East at large. The mission is to make cryptocurrency/blockchain and other FinTech services more accessible, and affordable, than ever before. Our clients vision strives to form a committed team of forward-thinkers who collectively create a supportive, welcoming and highly innovative environment for all. Whilst driving business through technology. Job Type: Full-Time | Remote Requirements 7+ years of experience in IT Governance or Security Governance working in either a Software Development, FinTech or financial institution. Experience working in an IT Governance, Risk and Compliance role Working knowledge of: SOC 2, ISO , NIST CSF Knowledge of applicable US laws and regulations as they relate to Information Security and the effective management of Information Security Risks. Strong risk assessment framework knowledge and experience performing risk assessments covering key risks and controls. Experience with SOC 2 audits and ISO Certification Very strong communication (verbal and written) skills and the ability to present with clarity Some experience with project management (for example: planning, organizing, and managing resources to bring about the effective completion of specific project goals and objectives) is helpful. Bachelors degree in discipline related to functional work or role Industry recognized certifications such as CISSP, CISM, CRISC, CISA, or equivalentResponsibilities Work is typically performed under minimal to no supervision, with only guidance about overall goals and objectives. Must be able to prioritize work based on evaluation of short term and long-term goals of the department and team. Able to independently evaluate processes, identify areas of improvement, and incorporate into overall work objectives. Duties are defined below: Coordinate the development of best practice policies and standards based on various governance frameworks. Ensure all IT controls are documented and assigned control owners to establish accountability. Ensure that risk factors and events are addressed in a cost-effective manner and in line with business objectives. Assist the IT Governance, Risk & Compliance function in maturing the Information Security and Technology Risk Management methodology through improvements in standardized risk assessments Update and maintain a robust technology risk and control framework and ensure proper alignment to relevant industry frameworks (e.g., COBIT, SOC, ISO, NIST, etc.). Monitoring IT controls across the organization. Collaborate effectively, adapt the process, risk, control framework, map organizational controls and establish the accountability and ownership for IT risk management and control activities. Assist in the validation of IT control alignment to various industry standards, framework, and requirements (e.g., COBIT, SOC, ISO, NIST, etc). Assist in Information Security and Technology Risk Management governance activities including coordinating monthly risk committee meetings with management from IT, Risk and Business Units. Support IT GRC capabilities such as enterprise security risk management compliance Policy creation, updates, and overall management and organization of shared documentation Control Self Assessments and Control Gap Analysis Third party risk management and reporting Maintaining a Risk Register Documenting and evaluating policy exception requests Responsible for developing and deriving KPIs from a controls baseline Overall analytics of the GRC program and creation and distribution of reporting metrics / dashboarding where appropriate Maintenance of the global scope of IT assets, controls, control owners, risks, etc. that make up the IT GRC program. Remediation and risk mitigation planning, implementation, and oversight. Creation, documentation and maintenance of governance processes to oversee IT GRC programs GRC policy enforcement across the enterprise. Education of Governance principles, policies, and standards enterprise wide. Manage, monitor, and ensure timely updates to planned remediation efforts Interact with the AppSec team to assist in scheduling and testing of third-party pen tests. Client Security Reviews and inquiries Do we spark your interest? Then send us your CV today! We are looking forward to hearing from you!Requirements 7+ years of experience in IT Governance or Security Governance working in either a Software Development, FinTech or financial institution. Experience working in an IT Governance, Risk and Compliance role Working knowledge of: SOC 2, ISO , NIST CSF Knowledge of applicable US laws and regulations as they relate to Information Security and the effective management of Information Security Risks. Strong risk assessment framework knowledge and experience performing risk assessments covering key risks and controls. Experience with SOC 2 audits and ISO Certification Very strong communication (verbal and written) skills and the ability to present with clarity Some experience with project management (for example: planning, organizing, and managing resources to bring about the effective completion of specific project goals and objectives) is helpful. Bachelors degree in discipline related to functional work or role Industry recognized certifications such as CISSP, CISM, CRISC, CISA, or equivalent Responsibilities Work is typically performed under minimal to no supervision, with only guidance about overall goals and objectives. Must be able to prioritize work based on evaluation of short term and long-term goals of the department and team. Able to independently evaluate processes, identify areas of improvement, and incorporate into overall work objectives. Duties are defined below: Coordinate the development of best practice policies and standards based on various governance frameworks. Ensure all IT controls are documented and assigned control owners to establish accountability. Ensure that risk factors and events are addressed in a cost-effective manner and in line with business objectives. Assist the IT Governance, Risk & Compliance function in maturing the Information Security and Technology Risk Management methodology through improvements in standardized risk assessments Update and maintain a robust technology risk and control framework and ensure proper alignment to relevant industry frameworks (e.g., COBIT, SOC, ISO, NIST, etc.). Monitoring IT controls across the organization. Collaborate effectively, adapt the process, risk, control framework, map organizational controls and establish the accountability and ownership for IT risk management and control activities. Assist in the validation of IT control alignment to various industry standards, framework, and requirements (e.g., COBIT, SOC, ISO, NIST, etc). Assist in Information Security and Technology Risk Management governance activities including coordinating monthly risk committee meetings with management from IT, Risk and Business Units. Support IT GRC capabilities such as enterprise security risk management compliance Policy creation, updates, and overall management and organization of shared documentation Control Self Assessments and Control Gap Analysis Third party risk management and reporting Maintaining a Risk Register Documenting and evaluating policy exception requests Responsible for developing and deriving KPIs from a controls baseline Overall analytics of the GRC program and creation and distribution of reporting metrics / dashboarding where appropriate Maintenance of the global scope of IT assets, controls, control owners, risks, etc. that make up the IT GRC program. Remediation and risk mitigation planning, implementation, and oversight. Creation, documentation and maintenance of governance processes to oversee IT GRC programs GRC policy enforcement across the enterprise. Education of Governance principles, policies, and standards enterprise wide. Manage, monitor, and ensure timely updates to planned remediation efforts Interact with the AppSec team to assist in scheduling and testing of third-party pen tests. Client Security Reviews and inquiries Do we spark your interest? Then send us your CV today! We are looking forward to hearing from you!
Posted
05/05/2022
Location
Johannesburg, GT, ZA