Business Information Security Officer

Sanlam Developing Markets [SDM] (a wholly-owned subsidiary of Sanlam Life Limited) is one of the top financial services providers in the South African entry-level and emerging middle market. It aims to understand the unique requirements of clients and offers a wide range of simple and affordable financial solutions that cover needs such as funeral insurance, savings for education, life cover and personal accident plans. In terms of the Sanlam Group Governance Policy, SDM is managed by the SA Retail Mass cluster, which is part of the Sanlam Life and Savings cluster within the Sanlam Group. The cluster focuses on retail products, as well as group schemes.

What will you do?

1. Establish and manage a BU Information Security Programme.
2. Participation in Group Information Security Programme (GISP) initiatives.
3. Information Security Incident response and Cyber Crisis Management.
4. Information Security Governance and assurance.
5. Application (including cloud) and Infrastructure Security.
6. Cybersecurity Education, Training and Awareness.

The BISO will implement processes and controls as agreed with the CISO and the Business CIO.

The BISO will be responsible for quality and cost effectiveness of delivery of information security services in the BU and will report on these metrics to the GISP.

Be accountable for IT’s Risk and Compliance (it SRM and Sanlam Group standards).

What will make you successful in this role?

• Knowledge of ISO27k, Cobit, ITIL, CIS T20 and ISF best practices.
• Knowledge of Information Risk Methodologies (ideally IRAM2), threat modelling and Operational Risk management methodologies.
• Knowledge of the key business processes, key stakeholders and have their contact details readily available.
• Understanding of the risk management and governance structures within the Cluster.
• Experience in policy writing and reviews.
• Familiarity with security practices and standards in development like the security development life cycle (e.g., OWASP).
• Understanding of the technical and application environment of the Cluster / BU.
• Experience in analysis and control design, strong written and verbal communication skills.

Qualification and Experience:

Degree or Diploma with 6 to 8 years related experience.

Knowledge and Skills:

• Cyber Security Administration
• Cyber Security Audits
• Cyber Security Compliance
• Assessing security risks
• Assessment risk mitigation for the organisation

Personal Attributes

• Plans and aligns - Contributing through others.
• Decision quality - Contributing through others.
• Optimises work processes - Contributing through others.
• Interpersonal savvy - Contributing through others.

Build a successful career with us

We’re all about building strong, lasting relationships with our employees. We know that you have hopes for your future – your career, your personal development and of achieving great things. We pride ourselves in helping our employees to realise their worth. Through its five business clusters – Sanlam Fintech, Sanlam Life and Savings, Sanlam Investment Group, Sanlam Allianz, Santam, as well as MiWay and the Group Office – the group provides many opportunities for growth and development.

Core Competencies

• Being resilient - Contributing through others.
• Collaborates - Contributing through others.
• Cultivates innovation - Contributing through others.
• Customer focus - Contributing through others.
• Drives results - Contributing through others.

Turnaround time

The shortlisting process will only start once the application due date has been reached. The time taken to complete this process will depend on how far you progress and the availability of managers.

The Sanlam Group is committed to achieving transformation and embraces diversity. This commitment is what drives us to achieve a diverse, inclusive and equitable workplace as we believe that these are key components to ensuring a thriving and sustainable business in South Africa. The Group's Employment Equity plan and targets will be considered as part of the selection process.