Information Security Governance Risk & Compliance Specialist (FinTech/Payments) Johannesburg, GP, South Africa Job Openings Information Security Governance Risk & Compliance Specialist (FinTech/Payments) About the job Information Security Governance Risk & Compliance Specialist (FinTech/Payments)Empowering seamless transactions and financial stability, our clients fintech company specializes in pioneering solutions for payments and stablecoins. With a deep understanding of the evolving financial landscape, they leverage advanced technology to ensure secure and efficient payment processing. Committed to driving innovation, they strive to simplify transactions and foster trust in the digital economy.Job Type: Full Time l RemoteRole OverviewCloud Security Engineer/Governance Specialist is a key team member of our clients security organisation and is responsible for IT Governance and IT Risk activities that both support and provide oversight to IT, Product Engineering, Infrastructure and Security teams as well as their suppliers and customers. The candidate is expected to have strong understanding of compliance frameworks including SOC 2 Type 2, ISO 27001, GDPR, PCI DSS and be responsible for conducting IT Governance Tasks that align and contribute to the overall success of the broader GRC initiatives under the leadership of our clients CISO. Integral to the role is the ability to manage Governance activities to protect our clients business and clients’ data. Focus is given to maintaining policy compliance, process and organizational policies, standards documentation, information security governance and risk management functions. Additional focus is applied to implementing and refining policies, standards and procedures that help promote the control framework’s adoption and alignment throughout their business.. Furthermore, the position plays a key role in continual process improvements and evolution as it relates to IT Security Risk Assessments, Policy Exceptions and the strategic vision of IT GovernanceRequirementsBachelor’s degree in discipline related to functional work or roleIndustry recognized certifications such as CISM, CRISC, CISA, or equivalent7+ years of experience in IT Governance or Security Governance working in either aSoftware Development, FinTech or financial institution.Experience working in an IT Governance, Risk and Compliance roleStrong understanding of compliance frameworks including SOC 2 Type 2, ISO 27001, GDPR, PCI DSSExperience leading a company through an audit process for obtaining / maintaining compliance certification such as SOC 2 Type 2, ISO 27001, PCI DSSStrong risk assessment framework knowledge and experience performing risk assessments covering key risks and controls.Very strong communication (verbal and written) skills and the ability to present with clarityStrong project management and organization skillsResponsibilitiesCoordinate the development of best practice policies and standards based on various governance frameworksEnsure all IT controls are documented and assigned control owners to establish accountability.Ensure that risk factors and events are addressed in a cost-effective manner and in line with business objectivesAssist the IT Governance, Risk & Compliance function in maturing the InformationSecurity and Technology Risk Management methodology through improvements in standardized risk assessmentsUpdate and maintain a robust technology risk and control framework and ensure proper alignment to relevant industry frameworks (e.g., COBIT, SOC 2, ISO 27001, NIST, etc.).Monitoring IT controls across the organizationAssist in the validation of IT control alignment to various industry standards, framework, and requirements (e.g., COBIT, SOC 2, ISO 27001, NIST, etc.)Assist in Information Security and Technology Risk Management governance activities including coordinating monthly risk committee meetings with management from IT, Risk and Business UnitsPolicy creation, updates, and overall management and organization of shared documentationControl Self Assessments and Control Gap AnalysisThird party risk management and reportingSupport Security Due-diligence activities with both regulators and business prospectsMaintaining a Risk RegisterDocumenting and evaluating policy exception requestsResponsible for developing and deriving KPIs from a controls baselineOverall analytics of the GRC program and creation and distribution of reporting metrics / dashboarding where appropriateMaintenance of the global scope of IT assets, controls, control owners, risks, etc. that make up the IT GRC programCreation, documentation and maintenance of governance processes to oversee IT GRC programs#J-18808-Ljbffr