Description

We are seeking a highly organized and detail-oriented Manager, IT GRC to lead and manage our audit readiness and IT compliance initiatives. This individual will serve as the primary liaison with external auditors, overseeing the coordination and delivery of evidence for SOC II and other compliance frameworks. The ideal candidate will have a strong background in IT audit, risk management, and compliance, as well as excellent communication and project management skills.

Key Responsibilities

External Audit Management

• Serve as the main contact for external auditors and ensure timely, clear communication.
• Lead all phases of the SOC 2 audit lifecycle, including planning, evidence collection, walkthroughs, and remediation.
• Coordinate and track evidence collection across IT, security, and business units.

Compliance Program Execution

• Maintain and enhance controls to meet SOC 2 Trust Services Criteria.
• Partner with internal stakeholders to ensure effective control ownership and execution.
• Maintain accurate documentation of compliance processes, controls, and audit trails.

Risk and Control Management

• Support ongoing risk assessments and identify control gaps.
• Perform control testing, manage remediation, and monitor effectiveness.
• Recommend improvements to strengthen controls.

Governance and Reporting

• Deliver compliance reports and dashboards to leadership on audit status, control health, and risk trends.
• Provide training and guidance on compliance obligations and audit best practices.

Process Improvement

• Identify opportunities to automate and optimize evidence collection and audit workflows.

• Contribute to the expansion of the IT GRC program into other frameworks (e.g., ISO 27001, NIST CSF).

Skills, Knowledge & Expertise

Required:

• Bachelor’s degree in Information Systems, Computer Science, Cybersecurity, or related field.
• 5+ years of experience in IT compliance, audit, or GRC roles.
• Hands-on experience managing SOC 2 audits in SaaS or cloud-native environments.
• Strong knowledge of IT general controls, risk management, and compliance frameworks.
• Proven ability to manage multiple priorities under tight deadlines.

Preferred:

• Certifications such as CISA, CRISC, CISSP, or CGEIT.

• Experience with GRC tools.

• Familiarity with frameworks such as ISO 27001, HIPAA, NIST, PCI-DSS.

Job Benefits

At Dye & Durham we strive to be visionaries! As a leader in our field, we ensure our employees are ready for the next challenge in their journey with us by offering internal and external training opportunities. We offer competitive salaries and a whole host of benefits including healthcare, pension, company discounts, wellness programs, and paid days off to move house or volunteer for your favourite charity.

Please note, if this role is based in South Africa, all applicants must have the legal right to live and work in South Africa. Proof will be required during the recruitment process

Do you share our DNA?

• We ask how tomorrow can be better than today

• We are passionate about solving our customer's challenges

• Our ideas break boundaries

• We value different perspectives and encourage dialogue

• We take ownership and celebrate together

About Dye & Durham

Dye & Durham is a global leader in legal technology. The company’s three categories of integrated solutions – practice management, data insights and due diligence, and client onboarding – give solicitors the essential tools they need to run their firms, from client acquisition to case management and legal accounting, and everything in between.

Trusted by thousands of legal practitioners globally, Dye & Durham helps law firms achieve more growth with less effort.