Job Summary:The IT Risk & Compliance Specialist is responsible for the operational execution of the IT risk management and compliance monitoring programs. This hands-on role involves conducting risk assessments, testing controls, managing evidence collection, and supporting data privacy efforts to ensure compliance with NCA, DGA, and NDMO requirements. Key Responsibilities:Risk Management: Execute the end-to-end IT risk assessment process. Facilitate risk workshops, maintain the IT risk register in the GRC tool, and track risk treatment plans with control owners. Compliance Monitoring: Map IT controls to regulatory requirements (NCA, DGA, NDMO). Perform periodic testing and audits of IT controls to ensure operating effectiveness. Evidence Collection: Coordinate with IT control owners (e.g., network, system admins) to collect, review, and manage evidence for audits and compliance reporting. Audit Support: Provide direct support to the Head of GRC during internal and external audits by preparing evidence packs and coordinating with control owners. Data Privacy Support: Assist the Head of GRC with operational tasks for the PDPL, such as conducting data mapping exercises, processing DSARs, and contributing to DPIAs. Vendor Risk: Perform security assessments of third-party vendors and partners. Tool Management: Administer and maintain the GRC technology platform on a day-to-day basis. Job Requirements:Education: Bachelor’s degree in Information Technology, Cybersecurity, or a related field. Experience: Minimum of 3+ years of experience in IT risk, IT compliance, or IT audit roles. Technical Knowledge: Strong understanding of IT infrastructure, cloud security (AWS/Azure), and application security. Hands-on experience with risk assessment methodologies and control frameworks (NCA ECC, NIST, ISO 27001). Certifications: Certified Information Systems Auditor (CISA) Certified in Risk and Information Systems Control (CRISC) ISO 27001 Lead Implementer/Auditor Skills: Highly detail-oriented, excellent organizational skills, and the ability to manage multiple tasks simultaneously. Strong interpersonal skills to work effectively with technical teams.