IT Governance Risk Compliance (GRC) Analyst Job, IT Jobs April 2021,

Position: IT Governance Risk Compliance (GRC) Analyst

Location: Nairobi

Job description

Reporting to the Head of Cybersecurity, Africa, the IT Governance Risk Compliance (GRC) Analyst will be responsible for driving the Foundation’s IT GRC activities across our country offices within Africa which helps the Foundation achieve its objectives by evaluating the effectiveness of its IT governance, risk management, operational effectiveness, and internal controls and fostering an environment of continuous improvement. 

The role requires an individual that can support a dynamic and evolving environment helping implement IT security best practices that enable business and program leaders. 

This role supports the Foundation’s growth and strategy by helping to build a sophisticated, world class, global cybersecurity function, while addressing the increasing complexity of the organization’s regional cybersecurity needs.  


Technology & Information Risk Management 

  • Develop IT risk management processes, procedures and contribute to the development of Foundation-wide IT policies and standards. 
  • Manage IT risks through their lifecycle (evaluate, identify, triage, rate, engage stakeholders, remediation, and reporting). 
  • Perform IT related risk assessments on IT controls, information assets and third parties. 
  • Maintain an IT risk register and develop risk profiles for each business unit and operating country. 
  • Maintain a schedule of Business Continuity Plans and IT Disaster Recovery (DR) tests performed by the infrastructure teams. 
  • Track, report and drive IT incidents, risk mitigation activities and audit related remedial actions. 
  • Research and incorporate best practices including leveraging technology, third party relationships and data analytics to identify trends and potential risk areas. 
  • Participate in meetings and perform an IT risk advisory role to the Foundation, projects, and vendors & third-party suppliers. 
  • Engage with Internal and external stakeholders as required, including but not limited to, Audit & ERM. 

Education & Awareness 

  • Drive Cybersecurity awareness in line with the cybersecurity strategy. 
  • Promote IT risk through education and awareness including phishing simulations, new employee onboarding, and annual security awareness training for all Foundation staff. 

IT policies and controls framework 

  • Develop and maintain IT controls framework. 
  • Implement IT controls framework and educate infrastructure and Enterprise Applications teams on the controls requirements. 
  • Review and maintain IT policy framework and policies annually.  

Decisionmaking and accountabilities 

  • Provide audit reports to management that articulate the potential impact of issues identified and provide practical recommendations. Collaborate with management on implementation and track progress.  
  • Report on the status of IT audit activities, emerging risks and potential exposures, and provide guidance with respect to IT risk management and IT control best practices. 
  • Ensure IT controls are documented and establish an internal monitoring function to ensure compliance. 
  • Other duties and responsibilities as required. 


  • Bachelor’s degree in Information Technology, Information Security, Chartered Accounting, or related fields. 
  • Minimum 3 – 5 years’ experience in accounting, audit, or risk roles within large and/or global organizations. 
  • You have experience building capabilities of an IT risk management function in high growth organizations including multi-jurisdictional and multi-regulated environments.  
  • You have a deep technical understanding of different technology stacks and IT service model types including Cloud, On-premises infrastructure, PaaS, SaaS, Network Security, etc. 
  • Experience working with best practice control frameworks (e.g., NIST, COBIT, ISO27K, etc.). 
  • You are able to ‘connect the dots’ and successfully identify anomalies in data and systems. 
  • Intellectually curious and receptive to new ideas and open to change, when presented with best options. 
  • You are innovative, entrepreneurial, and able to formulate and develop new or creative approaches to solve problems and inspires others on the team to do so. 
  • You are results driven and motivated by a high sense of performance excellence and a sense of urgency; possesses a proactive and ‘self-starter’ mentality. 
  • Demonstrates high comfort level with supporting the business through transformational change and championing for continuous improvement. 
  • Possesses a high degree of integrity and forethought in their approach to making decisions and driving results while always considering what is best for the organization.  
  • A natural collaborative and encourages others to share the spotlight and visibly celebrates and supports the success of the team. 
  • Creates a sense of purpose for the team, which generates followership beyond his/her own personality and engages others to the greater purpose for the organization. 
  • An excellent collaborator who interacts with all levels organization-wide, and with external vendors. 
  • An understanding of organizational mission, values, and goals and consistent application of this knowledge. 
  • Fluency in English is required. Ability to speak local language(s) and/or French are an asset. 
  • Flexible, adaptable, and able to execute a range of job duties and changing priorities. 
  • Excellent verbal, written, and presentation skills with the ability to articulate information to a variety of constituents across cultures. 
  • Professional maturity, sensitivity with different cultures, and impeccable integrity that exemplify the Foundation’s values. 
  • You have a commitment to Mastercard Foundation’s values and vision. 

How to apply

Click here to apply

Deadline for Applications is April 29, 2021. 

N.B: Looking For A New Job? Find Your Next Job With Us. Click Here To Register Your CV. It’s Free.