The Role:
We are looking for an Information and Compliance Officer to oversee and enforce policies and procedures that protect the organisation's computing infrastructure from all forms of security threats and ensure compliance with rules and regulations relevant to the organisation and according to the territories within which the organisation operates.
Responsibilities:
- Manage and ensure regulatory compliance which includes but not limited to, ISO 27001:2022 – Information Security, Cyber Security and data protection, POPIA, GDPR, OHS, Environmental, social, and governance (ESG) .
- Ensure related company compliance requirements are addressed in accordance with relevant rules and regulations according to the territories within which it operates, i.e privacy, security and administrative regulations.
- Ensure appropriate risk mitigation and control processes for security incidents as required.
- Receives reports of security incidents and conducts thorough investigations, prepares written findings and recommendations, along with follow-up evaluations; and analyses patterns and trends.
- Responsible for daily compliance tasks.
- Perform regular reviews and update on all company policies.
- Conduct and report on Compliance for Management.
- Coordinates and conducts the continuous development, implementation and updating of security and privacy policies, standards, guidelines, baselines, processes and procedures in compliance with applicable regulations and standards.
- Participate in improving company processes and implement tools for policy management.
- Ensure audit trails and documentation are reviewed periodically and are in compliance with policies and audit requirements.
- Collaboration with management and various company teams to improve and achieve compliance.
- Support company teams with ad hoc requests, including investigation of legislations and regulations, as well as draft the necessary processes or documentation to achieve compliance.
- Follow different compliance evolutions and market trends keeping our company up-to-date.
- Prepare and conduct employee awareness initiatives and training.
- Prepare and oversee audit assessments.
Requirements:
- Degree or equivalent qualification in legal, computer science, IT or related field.
- Professional Information Security Certification (CISSP, CISM, CASP+ or equivalent) will be advantageous.
- At least 3 - 4 years experiences in a similar role.
- Solid working knowledge of the following regulatory requirements: GDPR , POPIA, ECT, OHS, ESG.
- Knowledge of the following security frameworks: ISO/IEC 27001, ISO/IEC 27002, NIST CSF, will be advantageous.
- Ability to articulate to non-technical audience on various compliance topics.
- Effective verbal and written communication skills.
- Effective organisational abilities along with detail-oriented, proactive approach to work.
- Ability to work under time pressure.
- Business acumen.
- Strong administrative skills.
- Team player mentality.
Please note that by submitting your personal information to Deka Minas you free-willingly issue the business consent to make use of such data for the specific purpose of securing you either permanent or temporary employment. Our business makes use of a POPIA compliant database and you have the right to access, right to correction and right to deletion of your personal information