Apply on
Under the direction of management, the incumbent coordinates and performs Trip Biz’s security assessment functions and control testing reporting and activities in accordance with Trip Biz’s Internal Controls compliance, regulatory and departmental policy and procedures.
The GRC Officer updates and maintains control matrices and spreadsheets and provides recommendations for management’s consideration. This position ensures compliance with Trip Biz’s internal controls, regulatory and information security policies and procedures. The incumbent works with internal audit, external audit firms, and regulatory agencies to provide supportive documentation as applicable.
The GRC Officer takes a lead role in ensuring the security of all protected information collected, used, maintained, or released by Trip Biz.
RESPONSIBILITIES
Governance: Support the consistent review of the
- Decisions of the governing bodies
- Alignment between strategic and tactical plans
- Roles and responsibilities; and
- Performance indicators
Risk Management: Support the periodic
- Identification of threats and risk exposures
- Assessment and management of risks
- Monitoring of the implementation of corresponding mitigating controls
- Update of the risk registers
Quality Management and Compliance Programmes
- Design, implement, manage and improve quality and compliance programmes across all Trip Biz offices
- Manage compliance and improve business processes and operations by supporting a programme of internal audits and external assessments against adopted standards (e.g. ISO, SOC2, PCI DSS, etc.)
- Perform and/or manage internal reviews of Trip Biz Projects and Services against the industry standards (e.g. Scrum, Prince2, etc.)
- Document and perform quality and compliance review and testing procedures
Business Processes and Controls
- Support the design, implementation, monitoring and continuous improvement of sound business processes across all Trip Biz offices
- Conduct reviews and monitor compliance with approved business processes and control frameworks
- Using the Continuous Improvement Process, identify processes requiring improvement, coordinate prioritisation and implementation of these improvements using appropriate tools and techniques
- Co-ordinate activities for fulfilling requirements of internal and external audits or assessments
- Prepare relevant reports for Trip Biz Management and Key Stakeholders.
- Perform other duties as required
REQUIREMENTS
Knowledge of
- Applicable information security management, governance, and compliance principles, practices, laws, rules and regulations
- Information technology systems and processes, network infrastructure, data architecture, data processes, and protocols
- Cyber and cloud security standard frameworks, architecture, design, operations, controls, technology, solutions, and service orchestration
- Information systems auditing, monitoring, controlling, and assessment process
- Incident response management
- Risk assessment and management methodology
Skills in
- Developing and implementing enterprise governance, risk, and compliance strategy and solutions
- Researching and locating information related to internal and external organizations using online and other sources
- Security project management and planning
- Troubleshooting and operating a computer and various software packages
- Defining problems, collecting and analysing data, establishing facts and drawing valid conclusions
- Using judgment and ingenuity in maintaining objectives and technical standards
- Handle sensitive and confidential matters, situations, and data
- Remain calm under high pressure/difficult situations