Jobs at Sanlam Group

What will you do?

• This role will be reporting into the SCI Chief Operations Officer (COO), and you will be responsible for managing all SCI projects linked to the client value proposition of Sanlam Collective Investments (SCI) and other strategic initiatives.

Key Responsibilities:

• Work closely with the relevant Business Owner to understand their vision and target project roadmap.
• Unpack the detail behind high-level prioritised projects and define an implementable project roadmap (“the program”) which is then driven out by the PMO.
• Build and maintain strong working relationships with the Business and System Owner/s.
• Liaise with capability leads to secure the required resource allocation for effective project delivery in advance.
• Oversee delivery of the projects being run by other project managers.
• Consolidate and review the weekly project status reporting, ensuring consistency and overall quality.
• Identify and manage program interdependencies.
• Prepare adequately and present knowledgeably at the weekly status meetings.
• Play the role of project manager on individual projects as required and as appropriate.
• Responsible for being the single point of contact for specific third-party areas (e.g. Sanlam Group PMO, vendors).
• Cultivate and manage objective working relationships with a variety of stakeholders, including endmembers.
• Conduct scope and change request management with dependency identification and management.
• Ensure 100% adherence to audit and governance requirements.
• Track and manage projects against budget.
• Plan and manage performance, skills development, employment equity, talent and culture of team to improve innovation, achieve efficiencies and increase competencies.

What will make you successful in the role?

• Behave ethically: Understand ethical behaviours and business practices, and ensure that own behaviours and the behaviours of others are consistent with these standards and align with the values of the organisation.
• Build relationships: Establish and maintain positive working relationships with others, both internally and externally, to achieve the goals of the organisation.
• Creativity & Innovation: Develop new and unique ways to improve the operations of the organisation and to create new opportunities.
• Focus on client needs: Anticipate, understand, and respond to the needs of internal and external clients to meet or exceed their expectations within the organisational parameters.
• Fostering teamwork: Work cooperatively and effectively with others to set goals, resolve problems, and make decisions that enhance organisational effectiveness.
• Organising & planning: Set priorities, develop a work schedule, monitor progress towards goals, and track details, data, information and activities.
• Problem solving: Assess problem situations to identify causes, gather and process relevant information, generate possible solutions, and make recommendations and/or resolve the problem.

Qualification and Experience:

• Relevant Degree or Diploma and/or required Certification.
• 5+ years related programme management experience at a senior level.
• Investment or asset management industry knowledge will be advantageous.

Knowledge and Skills:

• Proven experience as a Programme Manager at a senior management level.
• Strong Project Management and planning skills.
• Ability to integrate various areas such as Business Architecture, processes, digital, etc., into a cohesive operational process and plan that will enhance the client experience.
• Knowledge of project budget and resource allocation.

Personal Atrributes:

• Critical and strategic thinker.
• Creative and innovative.
• Analytical and detail-oriented.
• Strong interpersonal skills with the ability to work in a cross-functional team.
• Adaptable, functions well in a changing environment.
• Sound budget management and project management skills.

Core Competencies

• Cultivates innovation - Contributing strategically
• Customer focus - Contributing strategically
• Drives results - Contributing strategically
• Collaborates - Contributing strategically
• Being resilient - Contributing strategically

go to method of application »

What will make you successful in this role?

• Establish and manage a Business Information Security Programme, effective participation in Group Information Security Programme (GISP) initiatives, Information Security Incident response and Cyber Crisis Management, Information Security Governance and assurance, Application (including cloud) and Infrastructure Security, and Cybersecurity Education, Training and Awareness.
• The BISO will implement processes and controls as agreed with the CISO and the Business CIO. The BISO will be responsible for quality and cost effectiveness of delivery of information security services in the BU andwill report on these metrics to the GISP.

Outputs

• Regular feedback to Business Manco on Group-wide information security issues.
• The BISO must have an action plan to implement these initiatives in the Business .
• The BISO will report to the GISP Manager on new initiatives, plans and progress which will be discussed at the Cyber Steering Committee.
• Review and improve existing IT and Information Risk assessment, reporting and management practices.
• Up to date and complete Business IT and Information Security Risk register.
• Documented Security risk management action plan. This must include relative priorities of agreed actions; Ownership of the actions; Agree timelines. Priorities will be aligned to Business and GIS Ppriorities.
• Up to date and complete Business Cloud register (if these services are used in the Business).
• Review and respond to Policies, Standards, Procedures and Guidelines and Risk Acceptance requests within the agreed time.
• Document processes and artefacts that prove that the relevant Governance and Assurance processes were implemented as designed.
• Clear and timely communication to management and users regarding planned group awareness campaigns.
• Risk assessment that identifies a requirement for additional awareness or targeted education, training and awareness interventions.
• Maintenance of Business/ Cluster and alignment with the Group annual security education, training and awareness plan.
• Documented Logical Access review schedule for Line of Business Applications, review results, facilitate resolution, progress report on resolution of issues that were identified during the reviews.
• Review and respond to audit findings related to application logical access and other Business specific Information Security findings. Ensure that the ratings are accurate.
• Provide management comment to the audit observations/ findings, that is specific as far as actions anddue dates are concerned.
• Track and follow up on audit finding commitments.
• Report all cyber security incidents, or information security incidents (including privacy related incidents) where the compromise was through technology to the SGT CSIRT.
• Be contactable or provide alternative contact details for Cybersecurity incidents that are identified by the SGT CSIRT.
• Ensure appropriate actions are taken when policy breaches are identified in the Business.
• Assist by facilitating engagement and communication with key stakeholders in the Cluster during amajor incident.
• Provide context on system and process criticality.
• Produce Quarterly Group ISO Forum and GISP reports.
• Provide input into requirements documents - ensure security roles; auditing; data protection (in transit and rest); monitoring etc. are defined in line with approved. Information Security policies and standards.
• Ensure that Security 'gates' are a formal part of the SDLC/ Agile/ relevant solution development methodology.
• Interventions and role-players must be clearly specified.
• Active participation in Sanlam sanctioned industry bodies (e.g. ISF Live, ISACA).
• Timeous escalation of new, high or escalating risks.
• Engage with application owners and Group Cyber Security Centre Operations Team to ensure that system vulnerabilities are addressed that were identified during Penetration tests, Red Team exercises or Vulnerability scans. Ensure that the Business CIO’s are aware of risk and actions required.
• Facilitate workshops and risk documentation during Control Self Assessments, or Crown Jewel Risk Assessment processes.

Qualifications

• Grade 12
• Bachelor’s degree in Information Technology, Commerce, Science, or Social Science (preferable).
• In force Information Security Certifications such as CISM, CISSP, CCSP, CISA, ISO 27000 Lead Implementer/ Auditor.

Experience and Knowledge

• Experience in policy writing and reviews.
• Experience in agile/ relevant solution development methodologies.
• Familiarity with security practices and standards in development like the security development life cycle (e.g. OWASP).
• Understanding of the technical and application environment of the Cluster/ Business.
• Experience in analysis and control design, strong written and verbal communication skills.
• Knowledge of ISO27k, Cobit, ITIL, CIS and ISF best practices.
• Knowledge of Information Risk Methodologies (ideally ISF IRAM2), threat modelling and Operational Risk management methodologies.
• Knowledge of the key business processes, key stakeholders and have their contact details readily available.
• Understanding of the risk management and governance structures within the Cluster.

Knowledge and Skills

• Infiltration testing (hacking)
• Risk management
• Project Management Tools
• Reporting and Administration
• Research and trend analysis on IT security leading practice
• Personal Attributes
• Tech savvy - Contributing through others
• Manages complexity - Contributing through others
• Optimises work processes - Contributing through others
• Communicates effectively - Contributing through others
• Build a successful career with us
• We’re all about building strong, lasting relationships with our employees. We know that you have hopes for your future – your career, your personal development and of achieving great things. We pride ourselves in helping  our employees to realise their worth. Through its five business clusters – Sanlam Fintech, Sanlam Life and Savings, Sanlam Investment Group, Sanlam Allianz, Santam, as well as MiWay and the Group Office – the group provides many opportunities for growth and development.

Core Competencies

• Cultivates innovation - Contributing through others
• Customer focus - Contributing through others
• Drives results - Contributing through others
• Collaborates - Contributing through others
• Being resilient - Contributing through others