Specialist - Cyber GRC

When it comes to putting people first, we're number 1. 

The number 1 Top Employer in South Africa. 
Certified by the Top Employer Institute 2025.

Role Purpose/Business Unit:

Defining Cyber Governance, Risk & Compliance in order to:

•    Lead ongoing evaluation of security policies and relevant standards supporting the continuous improvement of the security governance program.
•    Ensure comprehensive Information Security Risk management programs and processes are established.
•    Align Information Security Risk management with the enterprise risk management framework.
•    Manage cyber security risks while collaborating with other departments to identify, recommend, develop, implement, and support a risk-informed decision and action framework.
•    Provide Management with assurance covering controls across the Business environments that are adequately designed and operating effectively.
•    Support Management during audits and implement and track Management audit actions to closure.
•    Assist in the management and rollout of Cyber Training & Awareness initiatives.
•    Provide Management with status update reports as well as insight reporting.

Your responsibilities will include:

•    Plan, execute, track, and report Cyber Security Training and Awareness initiatives.
•    Provide bespoke training for high profile staff based on their potential risk of being attacked (HR, IT, Senior Executives, Executive PAs).
•    Deliver Cyber Security Inductions for all new joiners.
•    Execute routine phishing simulations to assess the posture of staff reporting and click rates.
•    Identify high-risk users through phishing simulations and provide workshops to lower their risks.
•    Roll out Cyber Security training for all staff based on current trending global topics.
•    Deliver presentations to senior management on results of Cyber Security awareness campaigns, pain points, lessons learned and actions going forward for improvement.
•    Research common attack vectors and ways to spot them to reduce the risk.
•    Provide security communications based on risks identified within the organization.
•    Serve as the main point of contact for Cyber Security Training and Awareness.
•    Implement and guide policy compliance across the organization.
•    Review Security Policies, Processes, and Standards for non-conformances.
•    Identify gaps in policies and provide input to improve them.

•    Communicate changes to policies to the organization and the impact of the changes.
•    Review processes with partner departments to ensure good security practices are up to date as per industry standards.
•    Support Cyber Security audits across the organization.
•    Identify and register new risks with the implementation and integration of new systems.
•    Support and advise security measures and other security solutions to ensure the security of all data within the organization.
•    Assess Cyber and IT Risks associated with policy non-conformities and vulnerabilities.
•    Assess and approve policy deviations, track remediation actions, and provide status updates to management.
•    Support Implementation of security controls from a GRC standpoint to provide confidence in the organization’s cyber security posture.
•    Serve as the ISO 27001 & ISO9001 Coordinator for the department to ensure the Risk and Quality Management System is maintained.

Key Accountabilities and Decision Ownership

•    Proactively evaluate cyber security policies to ensure security policy adherence.
•    Promote awareness of security policies, training, and the governance strategy across all levels of the organization.
•    Assess policy needs, train stakeholders in the policy lifecycle, communicate expectations, and collaborate with stakeholders from subject matter experts to senior leaders to develop and manage security content.
•    Maintain and further develop the Cyber Risk Management Program.
•    Actively manage risks on the Cyber Risk Register from intake to resolution.
•    Communicate risk assessment findings with key stakeholders to develop and monitor risk remediation plans.
•    Develop cyber risk portfolios to provide a more holistic view of teams’ risks.
•    Conduct regular compliance assessments with the Business to ensure that current and emerging risks are being monitored and managed.
•    Provide proactive Control design and implementation guidance to the Business.
•    Monitor and report Process and Control Compliance.
•    Support Cyber Security Audits and Review of cyber audit reports.
•    Support Tracking and monitoring of  audit remediation action implementation.
•    Deploy cyber security awareness training through  innovative approaches.
•    Develop and communicate GRC status reports as required by Management.
•    Support GRC report development using automation and reporting tools to generate Cyber Risk metrics such as KPIs, KRIs, and KGIs (KxI)

The ideal candidate for this role will have:

•    Matric is essential.
•    Degree or relevant tertiary qualification in Information Technology.
•    Must have at least once of the following Certifications CISA, CGEIT , CRISC , CISSP , CISM, ISO 27001 Lead Auditor 
•    At least 5+ years of experience in cyber governance, risk, controls, and compliance management in a Cyber Security or technology environment.
•    Knowledge of common information technology management/compliance frameworks such as ISO/IEC 27001, SOC 2, SOX, ITIL, COBIT, NIST, and SANS.
•    Excellent interpersonal skills with the ability to communicate effectively verbally and in writing with all levels within the organization, including both technical and non-technical personnel.
•    Capability communicate in a simple, clear, and concise manner to various communities within the organization

We make an impact by offering:

• Enticing incentive programs and competitive benefit packages
• Retirement funds, risk benefits, and medical aid benefits
• Cell phone and data benefits, advantages fibre connection discounts, and exclusive staff discounts offered in collaboration with partner companies

Closing date for Applications: 29 July 2025. 

The base location for this role is Vodacom Midrand Campus. 

The company's approved Employment Equity Plan and Targets will be considered as part of the recruitment process. As an Equal Opportunities employer, we actively encourage and welcome people with various disabilities to apply.
Vodacom is committed to an organisational culture that recognises, appreciates, and values diversity & inclusion.