It's fun to work in a company where people truly BELIEVE in what they're doing!
The IT Governance, Risk and Compliance (GRC) Officer supports the effective operation of the organisation’s IT governance, technology risk management, and compliance framework. The role is responsible for maintaining governance documentation, coordinating risk and audit activities, tracking remediation actions, and supporting cybersecurity awareness initiatives to ensure alignment with regulatory, contractual, and organisational requirements.
WHAT YOU WILL DO:
IT Governance & Compliance
Support the development and implementation of IT and information security policies, standards, and procedures.
Maintain approved governance documentation to support effective risk management, audit readiness, and regulatory compliance.
Coordinate periodic review and update cycles for IT and information security policies and standards.
Track policy review dates, approvals, and documented exceptions to support governance oversight and reporting.
IT & Cyber Risk Management
Coordinate and support the identification, assessment, and documentation of IT and cybersecurity risks in line with approved methodologies
Maintain and update IT and cybersecurity risk registers to support accurate risk reporting and governance decision‑making
Track risk treatment plans and remediation actions, monitoring progress to ensure timely closure and risk reduction
Support the preparation of IT and cyber risk reporting for management and governance forums
Audit & Assurance Support
Support internal and external audits by coordinating audit activities, evidence collection, and stakeholder engagement
Track audit findings and agreed remediation actions to support effective issue management and risk reduction
Monitor remediation progress and ensure timely closure of audit issues
Produce audit, risk, and compliance status reporting for management and governance forums
Cybersecurity Awareness & Training
Support the development and delivery of cybersecurity awareness and training programmes
Coordinate ongoing security awareness campaigns (e.g. phishing awareness, acceptable use)
Track staff completion of mandatory IT and cybersecurity training and maintain training records
Assist with measuring awareness effectiveness using defined metrics
Support the development of awareness and training content based on emerging threats, audit findings, and incident trends
Organise awareness initiatives and events to support the development of a strong security‑conscious culture
Collaboration & Stakeholder Engagement
Liaise with IT, cybersecurity, risk, audit, and business stakeholders to support governance, risk, and compliance activities.
Coordinate stakeholder engagement for risk assessments, audits, remediation, and reporting
WHAT YOU WILL BRING TO THE TABLE:
Minimum Education
•Bachelor’s degree in Information Technology, Information Systems, Information Security, Risk Management, or a related field
•Relevant equivalent qualifications or experience in IT governance, risk, or compliance will be considered
•
•
Knowledge & Skills
•Basic to working knowledge of IT governance, risk management, and compliance concepts
•Understanding of cybersecurity controls, awareness practices, and security culture principles
•Knowledge of audit processes, evidence requirements, and remediation tracking
•Exposure to recognised frameworks such as ISO/IEC 27001, NIST Cybersecurity Framework, and COBIT (advantageous)
•Strong attention to detail with the ability to produce and maintain accurate governance documentation
•Ability to coordinate multiple stakeholders, activities, and deadlines
•Clear written and verbal communication skills, including the ability to engage technical and non‑technical stakeholders
•
Experience
•2–3 years’ experience in IT risk management, information security, compliance, or a governance, risk, and compliance (GRC) role
•Experience supporting IT and cybersecurity risk, audit, or compliance activities within an organisational environment
•Exposure to recognised frameworks such as ISO/IEC 27001 and NIST Cybersecurity Framework
•Experience supporting internal or external audits, regulatory reviews, or assurance activities
#LI-KM3
In accordance with the employment equity plan of Tiger Brands and its employment equity goals and targets, preference may be given, but is not limited, to candidates from under-represented designated groups.
