IT Governance Consultant

Overview: We are looking for a highly skilled IT Governance Consultant to guide the development, implementation, and enforcement of IT governance frameworks and policies across the organization. This role requires deep expertise in IT risk management, compliance, governance frameworks (COBIT, ITIL, ISO 27001), and regulatory requirements. The ideal candidate will work closely with senior management, IT, and audit teams to ensure that the IT operations align with business objectives while minimizing risks and ensuring compliance with industry standards. Key Responsibilities: IT Governance Framework Development: -Design, implement, and maintain IT governance frameworks based on industry standards such as COBIT, ITIL, ISO 27001, and NIST. -Develop policies, procedures, and guidelines to ensure governance objectives are met, focusing on risk management, performance, and compliance. -Collaborate with business units to ensure that IT governance aligns with the overall corporate governance strategy. Risk Management & Compliance: -Conduct IT risk assessments and develop mitigation strategies to manage and minimize risks across IT environments. -Ensure the organization’s compliance with regulatory requirements (e.g., GDPR, SOX, HIPAA) and industry best practices. -Develop and maintain a comprehensive Risk and Compliance Management framework, identifying gaps in existing processes and implementing improvements. Audits and Control Assessments: -Lead IT audits and reviews of systems, policies, and procedures to ensure the effectiveness of governance controls. -Work with internal and external auditors to address compliance and security gaps, ensuring audit readiness and accurate reporting. -Track remediation efforts for identified risks, vulnerabilities, and audit findings, and report progress to senior management. -Performance Metrics and Monitoring: -Define and monitor key IT governance metrics (KPIs) such as SLA performance, risk exposure, and compliance adherence. -Implement IT performance measurement systems and dashboards that provide insight into governance effectiveness and inform continuous improvement efforts. -Produce detailed reports for senior management and stakeholders, highlighting governance metrics and recommending necessary improvements. Policy Implementation & Enforcement: -Lead the development and enforcement of security, risk, and governance policies across all IT operations, ensuring consistency and compliance across departments. -Review and update IT policies to reflect changes in regulations, industry standards, and organizational needs. -Promote a culture of compliance and risk awareness by providing guidance and training to staff on governance policies and best practices. Governance Tools and Automation: -Assess and implement governance, risk, and compliance (GRC) tools and technologies to streamline processes and ensure comprehensive risk management. -Use automated monitoring systems to track compliance, identify deviations from policies, and enforce IT controls across the organization. Qualifications: Educational Background: -Bachelor's or Master’s degree in Information Technology, Cybersecurity, Information Systems, Business Administration, or related field. Experience: -5+ years of experience in IT governance, risk management, and compliance. -Proven experience with governance frameworks such as COBIT, ITIL, ISO 27001, NIST, and experience in implementing them in an enterprise environment. -Experience conducting risk assessments, internal audits, and developing IT control processes. Certifications: -Relevant certifications such as CGEIT (Certified in the Governance of Enterprise IT), CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager), ITIL, or ISO 27001 Lead Implementer are highly desirable. Skills & Competencies: -Deep understanding of IT governance frameworks, control objectives, and regulatory requirements. -Strong analytical and problem-solving skills with a focus on risk management and compliance. -Excellent communication skills, with the ability to interact effectively with both technical and non-technical stakeholders. -Experience in creating and enforcing IT governance policies, procedures, and controls. Preferred Tools & Technologies: -GRC platforms (e.g., RSA Archer, ServiceNow GRC, MetricStream). -SIEM and compliance monitoring tools (e.g., Splunk, QRadar, Tenable). -Audit and risk assessment tools.