Key skills
SDLCServiceNowAIVersion ControlRepositorySaaSCollaboration
About this role
Role Overview
- Privacy Framework Ownership | Supports the ongoing implementation and continuous improvement of our Privacy Information Management System (PIMS) aligned to ISO 27701. Maintain Records of Processing Activities (RoPA), data flow maps, and consent registers, ensuring compliance with GDPR, UK GDPR, and applicable regional data protection regulations.
- AI Governance | Supports the operational maintenance of our AI governance programme under ISO 42001. Facilitate AI impact assessments across product and engineering initiatives, identifying bias, explainability, and transparency risks. Maintain the AI systems register and escalate findings to relevant stakeholders.
- GRC Documentation & Tooling | Collaborate with the team to maintain a clean, audit-ready repository of GRC artefacts within our GRC platform (e.g. ServiceNow, Drata, or equivalent). Enforce version control discipline across policies, standards, and procedures. Support evidence collection for ISO 27001, SOC 2, and internal audits.
- Risk Assessments | Compliment the existing risk assessment process by operating privacy and AI-specific risk assessments, Data Protection Impact Assessments (DPIAs), and AI Impact Assessments (AIIAs) across product and business initiatives. Identify control gaps, document risk treatment decisions, and track remediation activities through to closure in line with NIST or other similar methodologies.
- Stakeholder Engagement | Act as a trusted advisor to product, engineering, and data science teams. Translate regulatory requirements into practical, actionable guidance. Champion privacy-by-design and security-by-default principles throughout the software development lifecycle (SDLC). You will be comfortable engaging directly with business stakeholders and, where required, with external clients — representing the Security GRC function with confidence and clarity.
- Vendor & Third-Party Risk | Support third-party risk assessments with a focus on data processor obligations, AI sub-processor relationships, and contractual compliance. Review Data Processing Agreements (DPAs) and standard contractual clauses (SCCs) in partnership with Legal.
- Incident & Audit Support | Participate in privacy-related incident response activities, including breach notification workflows under GDPR Article 33/34. Prepare materials for internal and external audits, managing evidence requests and auditor queries.
Requirements
- A formal degree in Law (LLB), Computer Science, Information Systems, or Business (BCom) is advantageous, but we value substance over credentials. Equivalent experience, diplomas, higher certificates, or vocational qualifications that demonstrate analytical rigour and a structured approach to problem-solving are equally welcomed.
- Professional certifications in privacy or GRC are a welcome addition to your profile — not a requirement. Relevant examples include CIPP/E, CIPM, CISA, or ISO 27001 Foundation. If you’re working towards one, tell us.
- 3–5 years of experience in a GRC, compliance, information security, or data privacy role, ideally within a tech, SaaS, or data-driven environment.
- Working knowledge of GDPR and/or UK GDPR, including practical experience drafting or reviewing DPIAs, RoPAs, and DPAs.
- Familiarity with ISO 27001, ISO 27701, and an awareness of ISO 42001 or equivalent AI governance frameworks (NIST AI RMF, EU AI Act).
- Demonstrable experience maintaining GRC documentation to audit-ready standard, with strong version control discipline.
- Experience conducting risk assessments and translating findings into prioritised, business-relevant recommendations.
Tech Stack
- SDLC
- ServiceNow
Benefits
- Unlimited holidays – we want well rested and motivated teams so encourage people to take plenty of time off. We don’t cap your allowance, but do set a minimum of at least 20 days per year plus national holidays
- Three company-paid mental health days of rest every year (these are pre-scheduled, so the entire company can take the same days off regularly to reset)
- Thoughtfully designed offices to support both individual work and collaboration without interrupting others
- Private medical healthcare cover
- Medical Aid
- Group risk, life & disability contributions
- Wellbeing benefits such as free yoga and access to trained therapists / counsellors
- Paid 24h secure parking in Cape Town
- Free coffee, lunches and in-office snacks
- Tailored personal development through training allowances, coaching, mentorship and career framework