Governance, Risk & Compliance Specialist

Job Description

Join one of South Africa’s leading fashion retailers and be part of a team where expertise, consistency, and long-term contribution truly matter.

We are looking for a suitably qualified and experienced Governance, Risk and Compliance Specialist to join Truworths. In this role, you will collaborate with teams across the business to improve business continuity plans, oversee information security, drive IT improvement initiatives and support ad hoc projects that contribute to effective governance and risk management. By providing expert guidance to leadership and monitoring robust controls, you will help foster a culture of integrity, accountability, and sustainability across the organization.

This role suits individuals who value personal accountability and commitment to building excellence over time. Growth in this role comes from depth, reliability and sustained performance.

Key Responsibilities

Business Continuity Manager

• Work with teams to ensure the review and improvement of the existing departmental Business Continuity Plans (BCP); and
• Ensure that updated plans are published and that all team members are properly briefed and aware of their responsibilities in terms of the BCP.
• Perform Business Impact Assessments with the Business Continuity Management Team to ensure relevance of the existing plans.
• Update the overarching Business Continuity documents and policies.
• Facilitate the execution of system and business recovery tests.
• Present quarterly to the Business Continuity Management Team – feedback on progress; priorities for next quarter; ensure that new and emerging risks have been properly considered e.g. electricity crisis.
• Facilitate the review and update of the current BCP’s to ensure that the likelihood of major business impact is limited when a major Cyber incident occurs at Truworths.
• Prepare Management Reports – Board, Risk Committee and Audit Committee.

Information Security

• Take on the role of Information Officer as legally required by the POPI Act.
• Act as the Chief Information Security Officer (CISO) and implement and manage the Information Privacy and Security Charter.
• Manage on-going security improvement initiatives in the Information Security space:
  • Collaborates with IT teams to ensure regular penetration testing and timely remediation.
  • Collaborate with IT teams on Active Directory improvement and implementation project.
  • Work on the current Active Directory systems and process upgrade in partnership with Cloud essentials.
  • Ensure completion of the implementation phases.
  • Identity Access Management Project – work with Security Operations and the relevant business areas to further mature Identity Access Management and Privilege Access management.
  • Cyber Insurance – manage the renewal process for cyber insurance and ensures all insurer requirements are met
• Manage the coordination and roll out of the Information Security Training Programmes
• Manage the coordination of external assessments required by PCI, Insurance and as may be required by the Information Regulator.
• Investigate and coordinate responses to POPI complaints received from the Information Regulator and customers
• Coordinate and present at the quarterly Information Security Steerco meetings – risks, priorities, progress, new initiatives compliance matters.

IT Improvement Initiatives

• Continue with current IT management workshops to ensure adoption of critical controls and best practices to mitigate risk associated with process control weaknesses.
• Facilitate the review of the ISD Risk Register.

Other

• Support the business with all IT Security improvement and compliance initiatives, and Business Continuity initiatives.
• Coordinate, facilitate and ensure the successful completion of the IT Audit components for the financial year end audit.

Qualifications and Experience

Qualifications:

• Bachelor’s degree in Commerce, IT, Risk, or relevant field (aligned with FSCA’s approved qualifications list).
• Security/governance certifications such as Security+, CISA, or ISO 27001 are advantageous.

Experience:

• 10–15 years in assurance, IT audit, security compliance, governance, risk and compliance (GRC), and regulatory compliance (including POPIA).”
• Demonstrated ability to manage compliance frameworks and deliver on governance objectives.

Competencies

• Strong organizational awareness with excellent communication and stakeholder management skills.
• Ability to work independently, proactively manage upwards, and consistently deliver against targets.
• Sound judgment, integrity, and the ability to prioritize effectively based on risk.
• Skilled in building constructive relationships and collaborating across all levels of the organization.
• Quick learner with the ability to upskill in new domains and apply knowledge effectively
• Highly self-driven, hands-on, and results-oriented, with a proactive approach to problem-solving.