IT GRC Analyst is a multifaceted role that encompasses responsibilities across IT governance, risk management, compliance, cybersecurity, business and systems requirements and analysis.
This position ensures the organisations IT infrastructure is secure, compliant, and aligned with business objectives, while also supporting system improvements, process optimisation, and technology integration within the Numata Managed Services business model and associated IT GRC framework.
The analyst will lead the design and enforcement of security and compliance policies, manage business and system requirements, and provide strategic insights for enhancing overall IT and business operations.
IT GRC specialist / analyst Key Responsibilities: IT Governance, Risk, and Compliance (GRC) Responsibilities: Policy Development and Compliance: Design and enforce IT governance frameworks and standards such as CIS, ISO 27001, NIST, and COBIT etc., amongst others.
Ensure compliance with regulatory requirements, privacy and other such as POPIA GDPR, HIPAA, and PCI-DSS as and where applicable.
Conduct internal audits and prepare for external compliance assessments, ensuring that all controls and processes meet regulatory obligations.
Risk Management and Reporting: Identify, assess, and mitigate IT and cybersecurity risks, maintaining an up-to-date risk register.
Generate risk management reports, perform gap analyses, and recommend risk treatment plans.
Collaborate with internal & Client stakeholders to align risk management practices with business objectives.
Cybersecurity Analysis Responsibilities: Risk and control assessments and recommendations for improvement (risk mitigation, control strength and maturity roadmaps) for: Threat and Vulnerability Management; Cybersecurity risk and controls such as firewalls, intrusion detection, and endpoint protection.
Incident Response and Continuous Monitoring: Develop and maintain incident response plans, ensuring timely detection, investigation, and resolution of security incidents.
Risk and control assessments and recommendations for improvement (risk mitigation, control strength and maturity roadmaps).
Conduct post-incident reviews and root cause analyses to strengthen future incident response capabilities.
Business and Systems Analysis Responsibilities: Requirements Gathering and Documentation: Work with business stakeholders to understand and document business requirements, translating them into technical solutions and system specifications.
Perform gap analyses between current systems and desired outcomes, recommending enhancements to meet business needs.
Develop detailed process flows, use cases, and technical specifications for system upgrades or new implementations.
Integrate IT GRC controls as part of new project and Client onboarding.
System Implementation and Optimisation: Collaborate with IT and development teams to ensure that systems are aligned with both security requirements and business objectives.
Participate in system testing, validation, and troubleshooting during development and implementation phases, ensuring controls are existing and or sufficient.
Monitor the performance and effectiveness of business systems, recommending optimisations and enhancements based on data-driven insights.
Collaboration and Engagement: Cross-Functional Coordination: Act as the liaison between IT, business units, compliance, and development teams, ensuring alignment in project goals and objectives.
Lead or participate in strategic planning sessions to integrate IT GRC, cybersecurity, and system improvements into overall business strategy.
Support vendor risk management efforts by evaluating third-party compliance and security practices.
Project and Change Management participation: Lead IT and business system projects from inception through delivery, including risk management, timeline tracking, and stakeholder communication.
Implement change management processes to facilitate smooth transitions during system upgrades, migrations, or the introduction of new controls.
Qualification, Certification & Skills Advantage : Bachelors degree in Information Technology, Computer Science, Business Administration, or related field.
Certifications (An advantage): CISM, CISSP, CISA, CRISC, CBAP, or similar.
Technical Skills: Strong knowledge of GRC frameworks (CIS, ISO, NIST, COBIT), security tools (SIEM, IDS/IPS), and business process modelling techniques (BPMN, UML).
Analytical Skills: Proficient in conducting risk assessments, vulnerability analysis, and translating business needs into technical requirements.
Communication: Excellent ability to articulate complex technical information to non-technical stakeholders, alongside clear and precise documentation skills.
Project Management: Proven experience in managing cross-functional projects involving IT governance, cybersecurity, and business process improvements.
Key Competencies: Strong ethical judgment, integrity, and commitment to best practices in compliance and risk management.
Problem-solving, analytical mindset with a focus on problem-solving and continuous improvement.
Effective communication and interpersonal skills, including conflict-management, working across multiple teams and with diverse stakeholders.
Quality management.
Experience: 3+ years of combined experience in IT GRC, cybersecurity, and business systems analysis.
