IT Governance and Security Expert

Job Title: IT Governance and Security Specialist

Job Summary:

We are seeking an experienced IT Governance and Security Specialist to drive our organization's IT governance, compliance, and security initiatives.

About the Role:

• IT Governance:
• Develop and implement effective IT governance frameworks, policies, and procedures to ensure alignment with corporate governance principles, regulatory requirements, and industry standards.
• Promote transparency, accountability, and ethical use of IT resources.
• Provide strategic guidance on IT investments, risk management, and service delivery.

• Security Governance and Assurance:
• Design and enforce robust security frameworks, policies, processes, and standards across all IT domains.
• Establish baseline security controls, ensure regular reviews, and align them with regulatory and corporate requirements.
• Develop executive-level dashboards and compliance reporting to provide visibility into risk posture and progress.

• Cloud Security and Compliance:
• Develop and manage governance frameworks for multi-cloud environments, ensuring secure deployments and adherence to regulatory and industry best practices.
• Collaborate with enterprise-wide IT teams to embed security and governance.
• Automate compliance monitoring and reporting using policy as code and infrastructure as code approaches.

• Risk and Audit Management:
• Conduct enterprise-wide IT risk assessments, maintain risk registers, and implement mitigation plans.
• Lead IT-related internal, external, and third-party audits, ensuring evidence is available and findings are resolved on time.
• Continuously improve governance and compliance programs to remain aligned with evolving threats, business priorities, and regulations.

• Security Operations and Controls:
• Oversee deployment and management of key security controls, including Identity and Access Management (IAM), Privileged Access Management (PAM), Email Security Gateway (ESG), endpoint protection, Web Application Firewalls (WAF), network firewalls, and vulnerability management.
• Implement modern security models such as Zero Trust and ensure continuous monitoring of IT and cloud environments.
• Leverage AI-driven monitoring and analytics for anomaly detection, predictive threat intelligence, and real-time risk management.

• Incident Response and Operational Resilience:
• Develop, maintain, and test incident response frameworks compliant with regulatory and industry requirements.
• Lead cross-functional teams during incidents and provide clear, timely communication to senior stakeholders.
• Conduct post-incident reviews and embed lessons learned into governance and operational practices.

• Business Continuity and Disaster Recovery:
• Design, implement, and maintain Business Continuity and Disaster Recovery programs for critical services, aligned with regulatory, industry, and international standards.
• Conduct Business Impact Analyses (BIAs), ensure RTO and RPO compliance, and regularly test recovery strategies.
• Use AI-enabled simulations to assess readiness and strengthen recovery effectiveness.

• Vendor and Third-Party Risk Governance:
• Embed governance and security requirements in vendor and partner contracts, aligned with regulatory and industry standards.
• Ensure vendors and partners adhere to organizational, regulatory, and industry governance standards.
• Conduct third-party risk assessments, monitor remediation activities, and track ongoing compliance.
• Ensure outsourced and partner-operated services consistently meet governance and security requirements.

• Leadership and Stakeholder Engagement:
• Lead and mentor the IT Governance and Security team, building capability, innovation, and resilience.
• Foster a security-first and compliance-driven culture that promotes accountability and responsible innovation.
• Act as the key liaison with executives, regulators, auditors, and other stakeholders.

Qualifications:

• Bachelor's degree in Information Security, Computer Science, IT, or a related field.
• 4+ years progressive experience in IT Governance, Security, or Risk Management.
• Preferred: Experience in cloud governance, multi-cloud security, and hybrid IT environments.
• Proven use of automation and AI-enabled governance, monitoring, and threat detection solutions.
• Professional certifications preferred: CISSP, CISM, CISA, CRISC, ISO 27001 Lead Auditor/Implementer, ITIL.
• Track record in managing audits, regulatory compliance programs, and enterprise-wide risk initiatives.