Jobs Career Advice Post Job
X

Send this job to a friend

X

Did you notice an error or suspect this job is scam? Tell us.

Oops! It seems this job from AECI Limited has expired
View current and similar jobs using the button below
View All Latest Jobs Today
  • Posted: Jul 16, 2025
    Deadline: Jul 25, 2025
    • @gmail.com
    • @yahoo.com
    • @outlook.com

  • AECI is a South African based explosive and speciality chemical company focused on providing products and services to a broad spectrum of customers in the mining, manufacturing, agricultural, food and beverage, and general industrial sectors. it has regional and international businesses in Africa,South-East Asia, the USA and Australia. 

    ...
    Read more about this company

     

    Governance Risk and Compliance Lead

    Job Description

    Purpose of the Job

    • The purpose of this role is to lead and strengthen the organisation’s Governance, Risk, and Compliance (GRC) capabilities within the digital and information security domains, with a strong emphasis on Identity Governance and Administration (IGA), Identity and Access Management (IAM), IT Risk Management in line with ISO27001 ,and enterprise-wide Cybersecurity Awareness.
    • The incumbent is accountable for ensuring that identity, access, and compliance practices are secure, efficient, and aligned with regulatory and business requirements.

    Key Internal Stakeholders

    • Information Security Team – to ensure alignment between compliance requirements and technical security controls (e.g., IAM, RBAC, PAM).
    • Internal Audit – for coordinating audit readiness, evidence collection, and control testing.
    • IT Infrastructure and Operations – for implementing and maintaining access controls, provisioning/deprovisioning, and remediation of audit findings.
    • SAP Security and Application Owners – to ensure secure access governance and compliance within enterprise systems.
    • Senior Leadership – for reporting on risk posture, compliance status, and strategic recommendations.

    Key External Stakeholders

    • Regulatory Authorities – for compliance reporting, audit inquiries, and regulatory updates.
    • External Auditors – for formal audits, control assessments, and compliance verification.
    • Third-party Vendors and Service Providers – for vendor risk assessments, compliance assurance, and contract alignment with security standards.
    • Industry Bodies and Certification Authorities – for maintaining certifications (e.g., ISO 27001) and staying current with evolving compliance frameworks

    Identity Governance and Access Management

    • Access certification reports (attestation cycles)
    • Role lifecycle definitions and SoD policy matrices
    • RBAC/PAM audit logs
    • Policy documents, violation logs, compliance dashboards Monitor and enforce compliance by reviewing policies, tracking violations, and driving corrective actions.
    • IAM systems and access review reports Oversee the IAM program, ensuring proper access controls (RBAC, PAM) and conducting periodic access reviews.
    • User provisioning/deprovisioning logs Manage user identities and permissions, enforcing least-privilege principles and ensuring timely access changes.
    • Audit schedules and evidence repositories Lead audit readiness initiatives, preparing documentation and evidence for internal and external audits.
    • Risk metrics and executive dashboards Report on risk posture, providing actionable insights and recommendations to senior leadership.

    Qualifications & Experience

    • Bachelor’s degree in Information Systems, Computer Science, Cybersecurity, or a related technical or business discipline.
    • Postgraduate qualification (e.g., Honours or Master’s degree in Information Security, IT Governance, or Risk Management) is advantageous and preferred for strategic and senior-level roles.
    • Professional certifications in risk, compliance, identity governance, and information security, including at least one or more of the following:
    • Certified Information Systems Auditor (CISA) – for audit, controls, and risk governance
    • Certified Information Security Manager (CISM) – for managing and aligning cybersecurity programs to business goals
    • Certified in Risk and Information Systems Control (CRISC) – for enterprise risk management and control monitoring
    • ISO/IEC 27001 Lead Implementer or Lead Auditor – for governance frameworks and audit readiness
    • Certified Data Privacy Solutions Engineer (CDPSE) – advantageous for aligning access and compliance with data protection regulations (POPIA, GDPR)

    Microsoft Certifications relevant to identity, compliance, and data governance:

    • SC-900: Microsoft Security, Compliance, and Identity Fundamentals
    • SC-300: Microsoft Identity and Access Administrator – for IAM, RBAC, and privileged access oversight
    • SC-400: Microsoft Information Protection Administrator – for data classification, DLP, and compliance tooling in Microsoft Purview

    (Optional but beneficial): Certifications in security awareness and behavioural change:

    • Certified Cybersecurity Awareness Professional (CCAP) or equivalent
    • SANS Security Awareness Professional (SSAP) – for designing and managing enterprise awareness programs
    • Familiarity with SAP security and access governance is highly advantageous, especially for managing SoD, provisioning, and audit trail requirements within ERP environments.
    • Experience or certification in GRC platforms and IGA tools (e.g., SailPoint, Saviynt, Microsoft Entra ID Governance, ServiceNow GRC) will be a strong differentiator.
    • 8–10 years of progressive experience in information security, IT risk management, compliance, or related governance roles, with a demonstrated track record of delivering measurable improvements in cyber risk posture, access governance, and regulatory compliance.
    • Proven experience designing, implementing, and maintaining compliance with international standards and frameworks, including ISO/IEC 27001, NIST CSF, COBIT, POPIA, GDPR, and PCI-DSS.
    • Demonstrated ability to conduct enterprise-wide cyber risk assessments, vendor risk evaluations, and internal control audits, and to lead remediation planning and execution.
    • Substantial experience in preparing for, managing, and responding to internal and external audits, including the development of audit-ready documentation, evidence logs, and management response packs.
    • Exposure to enterprise IT environments, including identity integration with ERP platforms such as SAP, and the ability to design and align technical access controls to compliance and SoD requirements.
    • Experience in the development and enforcement of security policies and standards, including tracking policy violations, root cause analysis, and reporting to executive stakeholders and governance forums.
    • Proven capability in designing and executing organisation-wide cybersecurity awareness and training programs, including simulated phishing campaigns, behavioural metrics tracking, and executive reporting.
    • Strong interpersonal and cross-functional collaboration skills, with the ability to communicate complex risk and compliance issues in a clear, actionable, and business-aligned manner to senior leadership and non-technical audiences.

    Closing Date

    • 2025/07/25

    Check how your CV aligns with this job

    Method of Application

    Interested and qualified? Go to AECI Limited on aeci.erecruit.co to apply

    Build your CV for free. Download in different templates.

  • Send your application

    View All Vacancies at AECI Limited Back To Home
    View Current vacancies at AECI Limited
Jobs You Might Be Interested in

Related Companies Hiring Now

Career Advice

View All Career Advice
 

Subscribe to Job Alert

 

Join our happy subscribers

 
 
Send your application through

GmailGmail YahoomailYahoomail