IT Governance, Risk & Compliance Officer

It's fun to work in a company where people truly BELIEVE in what they're doing!

The IT Governance, Risk and Compliance (GRC) Officer supports the effective operation of the organisation’s IT governance, technology risk management, and compliance framework. The role is responsible for maintaining governance documentation, coordinating risk and audit activities, tracking remediation actions, and supporting cybersecurity awareness initiatives to ensure alignment with regulatory, contractual, and organisational requirements.

WHAT YOU WILL DO:

IT Governance & Compliance Support the development and implementation of IT and information security policies, standards, and procedures.

Maintain approved governance documentation to support effective risk management, audit readiness, and regulatory compliance.

Coordinate periodic review and update cycles for IT and information security policies and standards.

Track policy review dates, approvals, and documented exceptions to support governance oversight and reporting.

IT & Cyber Risk Management Coordinate and support the identification, assessment, and documentation of IT and cybersecurity risks in line with approved methodologies

Maintain and update IT and cybersecurity risk registers to support accurate risk reporting and governance decision‑making

Track risk treatment plans and remediation actions, monitoring progress to ensure timely closure and risk reduction

Support the preparation of IT and cyber risk reporting for management and governance forums

Audit & Assurance Support Support internal and external audits by coordinating audit activities, evidence collection, and stakeholder engagement

Track audit findings and agreed remediation actions to support effective issue management and risk reduction

Monitor remediation progress and ensure timely closure of audit issues

Produce audit, risk, and compliance status reporting for management and governance forums

Cybersecurity Awareness & Training Support the development and delivery of cybersecurity awareness and training programmes

Coordinate  ongoing security awareness campaigns (e.g. phishing awareness, acceptable use)

Track staff completion of mandatory IT and cybersecurity training and maintain training records

Assist with measuring awareness effectiveness using defined metrics

Support the development of awareness and training content based on emerging threats, audit findings, and incident trends

Organise awareness initiatives and events to support the development of a strong security‑conscious culture

Collaboration & Stakeholder Engagement Liaise with IT, cybersecurity, risk, audit, and business stakeholders to support governance, risk, and compliance activities.

Coordinate stakeholder engagement for risk assessments, audits, remediation, and reporting

WHAT YOU WILL BRING TO THE TABLE:

Minimum Education

•Bachelor’s degree in Information Technology, Information Systems, Information Security, Risk Management, or a related field

•Relevant equivalent qualifications or experience in IT governance, risk, or compliance will be considered

•

• Knowledge & Skills

•Basic to working knowledge of IT governance, risk management, and compliance concepts

•Understanding of cybersecurity controls, awareness practices, and security culture principles

•Knowledge of audit processes, evidence requirements, and remediation tracking

•Exposure to recognised frameworks such as ISO/IEC 27001, NIST Cybersecurity Framework, and COBIT (advantageous)

•Strong attention to detail with the ability to produce and maintain accurate governance documentation

•Ability to coordinate multiple stakeholders, activities, and deadlines

•Clear written and verbal communication skills, including the ability to engage technical and non‑technical stakeholders

• Experience •2–3 years’ experience in IT risk management, information security, compliance, or a governance, risk, and compliance (GRC) role

•Experience supporting IT and cybersecurity risk, audit, or compliance activities within an organisational environment

•Exposure to recognised frameworks such as ISO/IEC 27001 and NIST Cybersecurity Framework

•Experience supporting internal or external audits, regulatory reviews, or assurance activities

#LI-KM3

In accordance with the employment equity plan of Tiger Brands and its employment equity goals and targets, preference may be given, but is not limited, to candidates from under-represented designated groups.