IT Governance, Risk Compliance and Security Specialist

Right to Care

Right to Care is at the vanguard in supporting and delivering prevention, care, and treatment services for HIV and associated diseases. We work with government and communities to find pioneering solutions to build and strengthening public healthcare.

We embrace a strong entrepreneurial culture and focuses on innovation and the use of technology to enhance services, address skills shortages, and deliver quality healthcare outcomes. Our areas of expertise include HIV and TB care and treatment, pharmacy automation, medical male circumcision, and cervical cancer diagnosis and treatment.

Right to Care Zambia has been awarded a five (5) year project funded by the USAID through the PEPFAR mechanism. The Maintained Epidemic Control of HIV (MECH) Project aims to reduce HIV mortality, morbidity and transmission by achieving the UNAIDS and PEPFAR goal of 95/95/95 HIV treatment coverage by providing comprehensive HIV Prevention, Care and Treatment maintenance services in Luapula, Northern and Muchinga provinces of Zambia. The MECH project will work closely with and in support of the Ministry of Health.


Date advertised: 11th October 2021

Position: IT Governance, Risk Compliance and Security Specialist x1

Contract type: Fixed Term

Reporting to: Senior IT Manager

Contact Email: [email protected]

Qualifications And Experience

Minimum Required Qualifications and Experience:

  • Bachelor’s degree from an accredited tertiary institution in a technology related field.
  • Minimum 5 years’ job-related experience in IT risk and compliance management, with a technology background and a good understanding of IT governance.
  • CRISC / CISA /CISM or other relevant accredited courses in IT risk management and compliance / or information security.
  • High proficiency in the Microsoft Office suite and other software tools.
  • Experience on Donor funded projects.

Desirable Qualifications and Experience:

  • Postgraduate qualification from an accredited tertiary institution in a technology related field.
  • 7 years’ job-related experience in IT risk and compliance management, with a technology background and a good understanding of IT governance.

Technical And Behavioural Competencies

  • Planning and Organizing
  • Initiative
  • Ethics and Integrity
  • Professionalism
  • Good communication skills
  • Good interpersonal skills
  • Ability to work in a team
  • Self-starter with proactive work ethic

Key Performance Areas

  • Work with the Senior IT Manager to identify and manage all risks applicable to RTCZ’s environment.
  • Embed a culture of consciousness and transparency for risk management and ensure the nature and size of IT risks is well understood and owned at the right levels in the business.
  • Monitor, identify and communicate external new and emerging IT risk/threats and testing adequacy of existing controls in relation to this and recommending actions for improvement
  • Regularly review key technology processes to determine compliance and control gaps, including facilitation of root cause analysis to identify trends and appropriate solutions.
  • Provide guidance and support in the implementation of process-based IT risk and control assessments in business.
  • Continuous monitoring of levels of IT risks across the business by tracking implementation of management action plans to mitigate or address identified risk, and issues as well as audit findings raised.
  • End to end management of the reporting process and consolidation for regular internal and periodic statutory reporting to communicate an accurate and complete view of the IT risk profile and in a manner that guides actionable management decisions.
  • Identify policy and process improvement opportunities, develop recommendations, and communicate with stakeholders in a collaborative manner
  • Advise management on risk and control issues and provide practical recommendations to ensure risks are appropriately managed.
  • Organise and lead Risk/Privacy/Compliance training programs across departments, to educate and inform employees about our practices and standards, raise the level of cooperation and help people to understand the rationale for the rules.
  • Manage internal and external audit and testing programs, reporting risks and areas that need correction to the senior management team and prioritizing compliance work.
  • Identify all legal, regulatory, and contractual requirements as well as organisational policies and procedures related to information technology.
  • Ensure that staff adhere to the identified legal, regulatory and contractual requirements as well as the organisational policies and procedures.
  • Constantly communicate and education of all users with regards to applicable legal, regulatory and contractual requirements.
  • Lead education and awareness on organisational policies and procedures.
  • Report on the status of compliance to Information Security leadership and ICT management.
  • Manage information security compliance findings, issues, and risks.
  • Establishes and Manages information security continuous compliance program.
  • Balance information security compliance risks and business constraints to provide risk-based mitigation recommendations to management.
  • Provide visibility into current compliance status through timely tracking, trending, & escalation of issues.
  • Establish a sound risk management culture through awareness of campaigns to influence behaviour and drive the importance of compliance.
  • Maintain expert knowledge on relevant legislative amendments, industry best practices and provision of proactive advice and solutions to relevant stakeholders.
  • Drive continuous improvement to the information technology compliance related processes.
  • Manage the IT disaster recovery plan including making updates, changes, business impact assessment and testing the plan regularly.
  • Assist with the improvement of processes for change management, penetration testing, vulnerability assessment, patch management and other security related processes for the continuous improvement of RTCZ’s environment.
  • Conduct regular information security awareness campaigns and programs to all staff.
  • Be a key role player in all IT related projects to act as an advisor or risk related issues.
  • Ensure that all IT projects risks are identified and mitigated against.
  • Play a proactive role in the management of risks within IT projects.
  • Identify and advise on information security related matters in all IT projects.
  • Ensure that all processes and procedures are adequately followed during ICT projects.
  • Shape and drive the company strategy for security controls, compliance, and audit, that supports the company’s business units and enables risk management and regulatory compliance
  • Prepare risk, vulnerability, and compliance reports monthly.


By applying for the above-mentioned position, you consent to Right to Care to conduct qualification, ID, criminal and reference checks (internal and external) which forms part of the Company’s recruitment policy and procedure. Should you not receive a response to your application from Right to Care within one month of this advert being placed, kindly consider your application as being unsuccessful.

Only applicants meeting the strict criteria outlined above will be contacted as part of the shortlisting process.  Right to Care reserves the right to withdraw the vacancy at any time for whatever reason.

Right to Care is an equal opportunity affirmative action employer. The Company’s approved Employment Equity Plan and Targets will be considered as part of the recruitment process.  As an Equal Opportunities Employer, we actively encourage and welcome people with various disabilities to apply.

To apply for this job email your details to

Share this with Family and Friends