Sanlam

Business Information Security Officer

Sanlam

full-time

Posted on:

Location Type: Office

Location: BellvilleSouth Africa

Visit company website

Explore more

AI Apply
Apply

About the role

  • Identify and assess the Information Security requirements of the business
  • Establish and maintain an Information Security Management System (ISMS)
  • Ensure that appropriate Information Security controls are implemented and aligned with the Group Governance requirements
  • Participate in Group Information Security bodies and initiatives
  • Manage logical access, incident response, vulnerability management, and IT audit coordination
  • Provide management assurance regarding the Cyber and Information Security posture of the Business
  • Review and improve existing IT and Information Risk assessment practices
  • Document and maintain Business IT and Information Security Risk register

Requirements

  • Grade 12
  • Bachelor’s degree in Information Technology, Commerce, Science, or Social Science (preferable)
  • In force Information Security Certifications such as CISM, CISSP, CCSP, CISA, ISO 27000 Lead Implementer/ Auditor
  • Experience in policy writing and reviews
  • Experience in agile/ relevant solution development methodologies
  • Familiarity with security practices and standards in development like the security development life cycle (e.g. OWASP)
  • Understanding of the technical and application environment of the Cluster/ Business
  • Experience in analysis and control design, strong written and verbal communication skills
  • Knowledge of ISO27k, Cobit, ITIL, CIS and ISF best practices
  • Knowledge of Information Risk Methodologies (ideally ISF IRAM2), threat modelling and Operational Risk management methodologies
Benefits
  • Health insurance
  • 401(k) matching
  • Flexible work hours
  • Paid time off
  • Remote work options

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills
Information Security Management System (ISMS)incident responsevulnerability managementIT audit coordinationpolicy writingsecurity development life cyclethreat modellingOperational Risk managementInformation Risk assessmentcontrol design
Soft skills
strong written communicationstrong verbal communication
Certifications
CISMCISSPCCSPCISAISO 27000 Lead ImplementerISO 27000 Auditor