Business unit, Department, Reporting
Business Unit | Operate |
Department | Business Performance |
Job grade/level | S5 |
Core Description
The Specialist: Certification and Compliance at BCX is essential in driving continuous improvement initiatives, ensuring compliance, and managing risks. This role is responsible for overseeing audits, certifications, and adherence to key standards such as ISO, SOC 2, and PCI DSS. The specialist ensures that BCX’s internal and external processes comply with regulatory and certification requirements by coordinating audit activities and maintaining strong alignment with compliance frameworks.
Key Deliverables / Primary Functions
• Ensure ongoing compliance and successful renewals of ISO, SOC 2, and PCI DSS certifications.
• Lead both internal and external audits for ISO standards (9001, 27001, 20000, 27017, 27018), SOC 2, and PCI DSS, ensuring audits are completed on time and yield successful results.
• Act as the main point of contact for certification bodies and auditors, ensuring smooth communication and audit execution.
• Ensure adherence to SOC 2 Trust Service Criteria (security, availability, processing integrity, confidentiality, and privacy), managing the audit lifecycle and addressing findings.
• Lead efforts to meet PCI DSS requirements for payment card security, performing regular assessments, gap analysis, and implementing controls to mitigate risks.
• Develop audit schedules, conduct pre-audit assessments, and implement corrective actions for any audit findings to continuously improve compliance.
• Prepare internal teams for audits by organizing documentation, controls, and processes to meet the necessary compliance standards.
• Oversee the creation, implementation, and maintenance of ISO-related policies and procedures, ensuring alignment with certification requirements and smooth renewal processes.
• Conduct regular risk assessments to identify potential security, quality, and IT service threats, implementing mitigation strategies to reduce exposure.
• Identify, assess, and mitigate risks related to information security, quality management, and IT services.
• Maintain comprehensive records of audits and compliance efforts, providing senior management with updates on audit outcomes and compliance metrics.
• Deliver employee training on compliance requirements, manage third-party compliance, and perform due diligence on critical vendors to ensure alignment with ISO, SOC 2, and PCI standards.
Core Functional Skills & Capabilities
ISO Processes and Knowledge
Critical Thinking
Attention to detail
ICT Knowledge
Communication
Core Behavioural Competencies
Job Match
Applying expertise & Technology
Achieving personal work goals & objectives
Analysing
Writing and Reporting
Delivering Results & Meeting customer expectations
Minimum Qualifications
NQF 6: 3 year Degree/ Diploma/ National Diploma in Information Technology or Security
OR NQF 4: Grade 12
Additional Education -Preferred /Advantage
Experience
Qualification with 5 years’ in ICT Industry with experience in compliance management, audit coordination or related roles and experience in various ISO accreditation and certification practises.
o r
Grade 12 with 7 years’ in ICT Industry with experience in compliance management, audit coordination or related roles and experience in various ISO accreditation and certification practises.
Certifications
ITIL Expert Certificate in ITSM
ISO 27001
ISO 9001
CISA (Certified Information Systems Audit)
Professional Memberships in Relevant Industry
Level of Engagement & Span of Control
Span of Control | 0 |
Level of Engagement | Engagement will all levels within the organisation, internal and external to the business. |
Special Requirements / Employment Condition
Workplace / Physical Requirements
Hybrid Remote Worker
Non-Billable