Governance, Risk, Compliance, and Assurance (GRCA) Lead/Manager at Datacentrix

• Managed Talent Solutions client in the mining sector is looking for a Governance, Risk, Assurance and Compliance Manager with experience in managing the organization’s overall security governance, risk, compliance, and technical assurance activities, aligning security posture with business objectives in both IT and OT environments. This will be a 12 month FTC with the possibility to extend. Must have at least 8 years relevant experience.

Minimum Qualifications & Experience: 

• Bachelor’s degree in Information Security, Business Administration, or related field (Master’s or MBA preferred).
• 8+ years of experience in cybersecurity governance, risk, or compliance roles, with at least 3 years in a leadership/manager role.
• In-depth knowledge of frameworks (NIST CSF, ISO 27001, COBIT) and regulatory standards (SOX, GDPR, etc.).
• Experience with risk assessment methodologies and GRC platforms/tools.
• Familiarity with OT regulatory and compliance requirements (e.g., mining, critical infrastructure).
• Relevant certifications (e.g., CRISC, CISM, CGEIT) are strongly preferred.

Key Responsibilities:

• Develop, implement, and maintain security policies, standards, and procedures.
• Identify, assess, and prioritize security risks; propose remediation strategies to management.
• Lead internal/external security audits and regulatory compliance efforts (ISO 27001, SOX, GDPR, industry-specific regulations).
• Collaborate with cross-functional teams (Legal, HR, Operations, Finance) to ensure enterprise-wide compliance.
• Monitor emerging regulatory and industry requirements, adjusting compliance frameworks as necessary.
• Conduct regular reviews of risk registers, ensuring continuous improvement in risk management processes.
• Provide periodic assurance reports to senior leadership and the board.
• Build and conduct a robust supply-chain and third-party risk management capability.