GRC Analyst

Overview

The GRC Analyst supports the implementation and maintenance of the organization’s Governance, Risk, and Compliance framework. This role ensures that risk management, compliance, and governance processes are effectively integrated into IT operations, enabling the organization to meet both regulatory requirements and internal standards.

Qualifications

• Matric or NQF Level 5
• Bachelor’s degree majoring in either IT, IT Risk/ IT Governance/IT Audit
• ITIL
• CoBiT

Experience

• A minimum of 5 years in a similar role

Duties

Governance

• Support the development and maintenance of IT policies, standards, and procedures.
• Monitor compliance with IT governance frameworks
• Maintain documentation and evidence for audits and assessments.

Risk Management

• Identify, assess, and monitor IT risks across the organization.
• Maintain the IT risk register and support risk treatment plans.
• Conduct risk assessments for new projects, vendors, and technologies.
• Collaborate with stakeholders to implement risk mitigation strategies.

Compliance

• Ensure compliance with relevant laws, regulations, and standards.
• Support internal and external IT audits and remediation tracking.
• Conduct periodic compliance reviews and control testing.

Reporting & Communication

• Prepare regular reports and dashboards on risk posture, compliance status, and audit findings.
• Communicate GRC requirements and updates to IT and business stakeholders (when required).

Asset Management Governance

• Maintain accurate records of all IT assets (hardware, software, licenses) from procurement to disposal.
• Track software licenses and entitlements to ensure compliance with vendor agreements.
• Support audits by software vendors and internal/external auditors.
• Ensure IT asset management practices align with internal policies and external regulations (e.g., ITIL).
• Support IT GRC initiatives by providing asset data for risk assessments, audits, and compliance reporting.
• Identify and report on non-compliance or unauthorized software/hardware usage.
• Develop and maintain ITAM processes, procedures, and documentation.
• Generate regular and ad-hoc reports on asset inventory, lifecycle status, license usage, and compliance metrics.

Vendor Risk & Compliance Oversight

• Identify and assess vendor-related risks, including operational, cybersecurity, and regulatory risks.
• Ensure vendors comply with relevant laws, standards, and internal policies (e.g., POPIA).
• Support audits and regulatory reviews involving third-party vendors.
• Manage vendor performance and vendor risk status.

Job Competencies

• Good knowledge of Project Management
• Good knowledge of Contract Management
• Financial Management
• Good knowledge of Information Technology International Law
• Judgement and Decision Making
• Organisational skills
• Negotiation skills
• Problem Solving
• Reliability
• Creativity and Innovation
• Self-Starter
• Honesty and Integrity

General

Skills

• Sound judgement and decision making
• Risk Averse
• Proven negotiation skills
• Strong leadership and organisational skills
• Excellent communication and people skills
• Leadership and management skills
• Stakeholder relationship management skills
• Strategy and innovation
• Presentation Skills