ICT GOVERNANCE, RISK & COMPLIANCE ANALYST – NSSA 47 views

Key Responsibilities

• Leads the application and continuous improvement of ICT governance frameworks by ensuring that approved policies, procedures and standards are consistently implemented across the Authority and adhered to by all departments. Risk Assessment, Decision Making and Mitigation.
• Drives ICT risk assessment activities by identifying key risks, evaluating the adequacy of existing controls, deciding on required risk treatments, and guiding departments on appropriate actions to reduce exposure. Audit Coordination and Follow-up Management.
• Coordinates internal and external ICT audits, liaises with auditors and business units, ensures the timely provision of required information, and monitoring of agreed corrective measures. Regulatory and Standards Compliance Assurance.
• Oversees compliance with applicable legislation, including the Cyber and Data Protection Act (CDPA), ISO 27001 and related standards, providing authoritative guidance and recommending compliance actions to management. Governance Documentation and Reporting.
• Develops and maintains governance documents such as risk registers, compliance dashboards and control records, ensuring information is accurate and available to support informed decisionmaking. Control Testing and Compliance Monitoring.
• Leads periodic control reviews and compliance checks to assess whether ICT activities align with approved governance requirements, identifying noncompliance and recommending improvements. Policy Compliance Enforcement Across Departments.
• Monitors adherence to ICT policies and procedures throughout the Authority, identifies gaps or deviations, and drives corrective actions to strengthen accountability and compliance. Strategic Support to ICT and Business Units.
• Works closely with ICT teams and business units to guide the integration of governance, risk and compliance requirements into daily operations, projects and change initiatives, ensuring decisions incorporate proper oversight. Business Continuity and Resilience Support.
• Supports business continuity and disaster recovery planning by reviewing documentation, assessing recovery readiness, and coordinating resilience testing activities. Governance, Risk and Compliance Awareness and Training.
• Drives awareness programmes by organising training, workshops and briefings that promote understanding of governance, risk and compliance responsibilities across the Authority. Contract, Vendor and SLA Governance Review.
• Reviews contractual agreements with vendors and service engagements to ensure alignment with governance and compliance requirements, advising on risks and recommending safeguards before approval. Governance, Risk and Compliance Reporting.
• Prepares and presents GRC reports and metrics to ICT Management and relevant committees, providing insights that support decisionmaking and highlight emerging risks or compliance issues.

Requirements

• Degree in Computer Science, Information Systems, Software Engineering or equivalent.
• Data Protection Officer Certification is mandatory.
• At least one of the following certifications is required: ISO 27001 Lead Implementer, ISO 27001 Lead Auditor, CRISC, CISA or CGEIT, COBIT 2019, ISO 27005 Risk Manager, ISO 27701 Lead Implementer, NIST CSF Practitioner.
• A minimum of 5 years’ experience in ICT governance, ICT risk management, ICT audit or cybersecurity compliance. Technical Skills.
• Strong knowledge of ICT governance frameworks (e.g., COBIT, ITIL).
• Understanding of cybersecurity standards (ISO 27001, NIST CSF, CIS Controls).
• Experience working with governance frameworks (COBIT, ITIL), cybersecurity standards (ISO 27001), and risk methodologies.
• Strong knowledge of ICT governance frameworks, regulations and compliance bodies.
• Proficiency in ICT risk assessment methodologies and tools.
• Knowledge of regulatory and legal requirements, including the Zimbabwe Cyber and Data Protection Act (CDPA). Other Requirements and Competencies.

How to Apply