IT Governance and Compliance Engineer

Overview: We are seeking for IT G&C Engineer to support the management, governance, and continuous improvement of assigned enterprise systems. The role focuses on system assurance, risk management, audit readiness, and coordination of system changes across multiple stakeholders. Key Responsibilities: 1.    Conduct System Criticality Assessment a.    Perform periodic system criticality assessments in accordance with prevailing company IT policies. b.    Assess and document the business impact, security classification, and operational criticality of assigned Enterprise systems. c.    Ensure assessments are reviewed and updated when there are material changes to system usage, hosting model, integrations, or business reliance. d.    Support submission of criticality outcomes for governance review and audit reference.  2.    Conduct System Risk Assessments  a.    a) Lead or support annual (or policy‑triggered) system risk assessments covering security, availability, data protection, and operational risks.  b.    Work with system owners, vendors, and ITSS to identify, assess, and document system risks.  c.    Track risk treatment actions and ensure residual risks are formally accepted or mitigated in line with IT governance requirements.  d.    Maintain risk assessment artefacts for audit and compliance purposes.  3.    Quarterly Scorecard & Assurance Against Agency‑Wide Technical Architecture (AWTA) / Security Requirements  a.    Maintain system documentation in accordance with the IT Project Management SOP.  b.    b) Ensure documentation reflects approved system configurations, integrations, and change requests.  c.    Document key system changes arising from enhancements, fixes, or vendor updates (Microsoft / Wellspring).  d.    Ensure documentation is stored in approved repositories and remains audit‑ready.  e.    Timely update of system changes in approved repositories and system register  4.    Prepare for System Audits & Remediation Tracking  a.    Support system audit preparation by consolidating required artefacts, evidence, and responses.  b.    Coordinate with the System Owner, who interfaces directly with auditors, and provide technical support when required.  c.    Work with managed resources, vendors, and ITSS to clarify technical findings.  d.    Track remediation actions, owners, and timelines until closure and report status during audit cycles.  5.    Establish & Support Disaster Recovery and Cyber Incident Recovery  a.    Support the establishment and maintenance of system disaster recovery (DR) and cyber incident recovery expectations for SaaS‑based systems.  b.    Align DR and incident recovery considerations with vendor‑provided capabilities (Microsoft / Wellspring) and company IT policies.  c.    Assist in documenting recovery assumptions, escalation paths, and dependencies.  d.    Support post‑incident reviews or assurance checks when required.   6.    Manage System Integration Certificates & Keys  a.    Track system integration certificates, API keys, or similar authentication artefacts used by the assigned Enterprise systems.  b.    Ensure timely renewal of certificates and keys at required frequency to prevent service disruption.  c.    Coordinate with vendors, integration partners, and ITSS for renewal and replacement activities.  d.    Maintain records of certificate lifecycle and renewal actions for audit purposes.  7.    Conduct and Report Routine Access Log Reviews  a.    Perform routine access log reviews in accordance with company IT Security Policy requirements.  b.    Review access activities for anomalies, policy deviations, or potential security concerns.  c.    Prepare access review summaries and escalate findings to System Owners or ITSS where necessary.  d.    Ensure log retention and review practices align with established IT security requirements.  8.    Timely Removal of Access for Resigned or Transferred Personnel  a.    Ensure access rights are removed or disabled for resigned personnel within stipulated IT policy timelines.  b.    Coordinate with HR triggers, system access administrators, and ITSS to execute user deprovisioning.  c.    Verify completion of access removal and retain evidence for audit and compliance needs.  d.    Support ad‑hoc checks arising from audit findings or security reviews.  9.    Manage System Changes, Enhancements, Security Assessments & Overall System Oversight  a.    Coordinate and manage system changes, enhancements, and fixes across the assigned Enterprise systems from initiation to closure.  b.    Track progress of approved change requests, enhancements, and remediation actions to ensure delivery aligns with scope, timelines, and IT governance requirements.  c.    Coordinate with System Owners, ITSS, vendors, and managed resources to monitor implementation status and resolve dependencies or delays.  d.    Ensure system changes undergo required architecture, security, and compliance reviews where applicable, and that outcomes are properly documented.  e.    Provide regular status updates on system changes, risks, and issues to relevant stakeholders.  f.     Manage and oversee Vulnerability Assessment/Penetration Test review, security remediation and overall system health to ensure compliance with IT governance, security, and audit requirements. Qualifications & Experience: • Degree in Information Technology, Computer Science, Information Systems, or related field • Preferably 5 years of experience in IT systems support, governance, or security-related roles • PMP Certified will be advantageous • Exposure to enterprise systems (e.g. CRM, SaaS platforms, or workflow systems) is advantageous • Familiarity with IT policies, security standards, risk assessment and audit processes is preferred • Experience working with vendors or managed service providers will be an added advantage • Candidates with knowledge of government or regulated environment IT practices are preferred