IT GRC Administrator

About Sand 

Sand Technologies is a fast-growing enterprise AI company that solves real-world problems for large blue-chip companies and governments worldwide. 

We’re pioneers of meaningful AI: our solutions go far beyond chatbots. We are using data and AI to solve the world’s biggest issues in telecommunications, sustainable water management, energy, healthcare, climate change, smart cities, and other areas that have a real impact on the world. For example, our AI systems help to manage the water supply for the entire city of London. We created the AI algorithms that enabled the 7th largest telecommunications company in the world to plan its network in 300 cities in record time. And we built a digital healthcare system that enables 30m people in a country to get world-class healthcare despite a shortage of doctors. 

We’ve grown our revenues by over 500% in the last 12 months while winning prestigious scientific and industry awards for our cutting-edge technology. We’re underpinned by over 300 engineers and scientists working across Africa, Europe, the UK and the US. 

About the role 

We are seeking a detail-oriented and proactive IT GRC Administrator to support our Governance, Risk, and Compliance team in managing and improving our IT security and compliance frameworks. The ideal candidate will assist in monitoring risks, maintaining compliance documentation, and ensuring that the organization adheres to security and regulatory requirements such as ISO 27001, SOC 2, and NIST standards. 

This role is perfect for someone with a strong interest in IT security, risk management, and compliance who enjoys working in a fast-paced, technology-driven environment. 

Specific Responsibilities 

Governance & Compliance Management 

● Assist in developing, maintaining, and tracking IT security policies, procedures, and controls. 

● Support compliance efforts for ISO 27001, SOC 2, and other relevant frameworks, ensuring adherence to security best practices. 

● Help coordinate internal and external audits, including gathering evidence and preparing documentation. 

● Maintain a compliance calendar to track security and regulatory deadlines. 

Risk Identification & Assessment 

● Support IT risk assessments by helping to gather, analyze, and document risks related to IT systems, cloud security, and third-party vendors. 

● Assist in maintaining and updating the IT risk register, tracking risk mitigation efforts across departments. 

● Contribute to the development of risk assessment reports, incident logs, and remediation plans. 

Security Monitoring & Incident Response 

● Assist in monitoring IT security controls, including access management, vulnerability assessments, and policy adherence. 

● Help document and track security incidents and non-compliance issues, ensuring timely resolution and escalation when necessary. 

● Support the implementation of security awareness training for employees. 

Policy Development & Implementation 

● Assist in drafting, reviewing, and updating IT security policies in line with regulatory changes and industry best practices. 

● Support the rollout and enforcement of new IT compliance policies across the organization. 

● Ensure employees understand and adhere to secure access controls, endpoint security policies, and data protection standards. 

Documentation & Reporting 

● Maintain accurate records of compliance activities, risk assessments, and security incidents. 

● Assist in preparing risk and compliance reports for management, auditors, and regulatory bodies. 

● Track and document security gaps, remediation actions, and control improvements. 

General Administration & Support 

● Provide administrative support to the IT GRC team, including scheduling meetings, tracking action items, and managing compliance communications. 

● Assist in maintaining an organized repository of IT security and compliance documentation. 

Requirements - Essential 

● Bachelor’s degree in IT Security, Computer Science, Business Administration, or a related field. 

● Certifications (or willingness to pursue): ISO 27001 Foundation, CompTIA Security+, Certified Information Systems Auditor (CISA), or similar. 

● 1-2 years of experience in IT risk management, security compliance, or GRC-related roles. 

● Familiarity with IT security standards such as ISO 27001, SOC 2, NIST, or CIS controls. 

● Basic understanding of IT security concepts, including access management, endpoint security, and vulnerability management. 

● Experience with compliance tracking tools, GRC platforms, or security monitoring tools is a plus. 

● Strong analytical, documentation, and reporting skills. 

Personal Attributes 

● Courage: Willingness to speak up, challenge the status quo, and embrace new challenges. 

● Humility: Openness to learning, seeking help when needed, and a focus on serving others. 

● Adventure: A passion for setting ambitious goals, tackling difficult tasks, and finding joy in the journey. 

● Initiative: Proactive problem-solving, a sense of ownership, and a willingness to go above and beyond. 

● Resilience: The ability to bounce back from setbacks, persevere through challenges, and emerge stronger. 

Due to the considerable amount of virtual work and interaction with colleagues and customers in different physical locations internationally, it is essential that the successful applicant has the drive and ethic to succeed in working in small teams physically but in larger efforts virtually. Self-drive to communicate constantly using web collaboration and video conferencing is essential.