IT Governance & Compliance Specialist
This role involves developing and implementing IT governance frameworks, conducting compliance assessments, and collaborating with cross-functional teams to maintain a secure and compliant IT & Digital environment. The specialist will work closely with IT & Digital leadership, legal, risk management, and other stakeholders to mitigate risks and uphold the integrity of the organization's IT systems.
Ø IT Governance Frameworks: Develop, implement, and maintain IT governance frameworks, ensuring that they address the organization's strategic goals, risk tolerance, and regulatory obligations.
Ø Compliance Assessments: Conduct regular assessments of IT systems, processes, and policies to ensure compliance with relevant regulations such as GDPR, HIPAA, SOX, and industry standards like ISO 27001.
Ø Risk Management: Identify potential IT risks and vulnerabilities and collaborate with the IT security team to implement mitigation strategies that align with the organization's risk appetite.
Ø Policy Development: Create and update IT policies, procedures, and guidelines to reflect changes in regulations and industry best practices. Ensure these documents are easily accessible and understood by relevant stakeholders.
Ø Audits and Reporting: Coordinate and facilitate internal and external audits related to IT governance and compliance. Prepare detailed reports of findings, recommendations, and action plans for remediation.
Ø Training and Awareness: Conduct training sessions and awareness programs to educate employees about IT governance, compliance requirements, and security best practices.
Ø Vendor Management: Evaluate and ensure that third-party vendors and service providers adhere to the organization's IT compliance standards.
Ø Incident Response: Collaborate with the incident response team to manage and respond to IT compliance-related incidents, ensuring appropriate communication and resolution.
Ø Continuous Improvement: Stay informed about the latest developments in IT regulations, standards, and security practices. Continuously enhance the organization's IT governance and compliance program accordingly.
Ø Cross-functional Collaboration: Work closely with legal, internal audit, risk management, and IT teams to align IT governance and compliance efforts with broader organizational objectives.
Documentation: Maintain accurate and up-to-date records of IT governance activities, compliance assessments, audit reports, and related documentation.
Ø Bachelor's degree in Information Technology, Computer Science, or a related field (Master's degree preferred).
Ø Relevant industry certifications such as ISO 27001 LA/ LI, CISA, CISM, CISSP, CCSP or CGEIT.
Ø Strong understanding of IT governance frameworks, compliance regulations, and security best practices.
Ø Experience in conducting IT compliance assessments, audits, and risk assessments.
Ø Familiarity with data privacy regulations and their implications for IT systems.
Ø Excellent communication skills for collaborating with cross-functional teams and presenting findings to both technical and non-technical audiences.
Ø Analytical mindset with the ability to identify risks and propose effective solutions.
Ø Detail-oriented and able to manage multiple projects simultaneously.
Ø Knowledge of ITIL (Information Technology Infrastructure Library) framework is a plus.
Ø Previous experience in IT governance, compliance, or risk management roles is highly desirable.