Analyst, Group Cybersecurity and IT GRC

First Capital Shared Services Ltd is looking to hire a motivated Analyst, Group Cybersecurity and IT GRC to join its Cybersecurity and IT GRC Team, reporting to the Group, Chief Information Security Officer (CISO).

Join Our Team at First Capital Shared Services Ltd!

The Analyst, Group Cybersecurity and IT GRC will be responsible for delivering cybersecurity and IT governance, risk, and compliance (GRC) services across First Capital Banks in Botswana, Malawi, Mozambique, Zambia, and Zimbabwe, as well as the First Capital Shared Services Limited (FCSSL).

Key Responsibilities

• Monitor security events, assess vulnerabilities, support risk evaluations, maintain compliance documentation, assist with incident response, and ensure         that IT security controls align with regulatory requirements.
• Monitor computer networks and systems for security threats, anomalies, and breaches.
• Investigate and respond to cybersecurity incidents, including documenting breaches and assessing impact.
• Assist with vulnerability assessments, penetration testing, and risk analysis to identify security gaps.
• Support the maintenance and enforcement of IT governance policies, compliance requirements, and regulatory standards.
• Assist in internal and external cybersecurity and IT audits, prepare compliance reports, and manage third-party/ vendor risk assessments.
• Manage and coordinate with vendors and third-party service providers during project implementation.
• Maintain cybersecurity and IT GRC documentation and promote security best practices.
• Collaborate with cross-functional teams to ensure cybersecurity awareness and adherence to policies.
• Stay up to date with emerging cybersecurity threats, trends, and mitigation techniques.
• Mentor junior staff and provide guidance on cybersecurity governance, risk and compliance matters.

Qualifications & Skills

• Minimum of a Diploma or Degree, preferably in Computer Science, Cybersecurity, Information Technology, Engineering, or a closely related discipline.
• Minimum 3 years of work experience in IT, with at least 2 years of proven experience in cybersecurity, IT governance, risk management, or compliance roles.
• Hands-on experience supporting risk assessments, control design, compliance monitoring, and audit activities within enterprise environments.
• Good understanding of information security frameworks and regulatory standards such as PCI DSS, NIST, or similar industry standards.
• Professional certifications such as CISSP, CISM, CEH, CRISC, Security+, or equivalent would constitute an added advantage.
• Familiarity with security tools and technologies, including vulnerability management platforms, SIEM, file integrity monitoring, and SOC operations.
• Good analytical, communication, and problem-solving skills, with the ability to engage both technical and non-technical stakeholders.
• Ability to work under pressure, manage multiple priorities, and deliver effectively in a fast-paced, multi-country or group environment.
• High level of integrity and accountability, with attention to detail and commitment to data protection and regulatory compliance.