Cyber Security Vulnerability & Tech Compliance Manager JG6
Bellville, Western Cape, South Africa
CAREER OPPORTUNITY
Santam BITS has a career opportunity for a senior role as Cyber Security Vulnerability and Technical Compliance Manager in the Business Information and Technology Services (BITS) department, which is based in the Western Cape or Gauteng.
KEY RESPONSIBILITIES
- Receive weekly Qualys scans of IT systems, networks, and applications for internal and external vulnerabilities uploaded to the QlikView reporting system.
- Prioritise the vulnerabilities from most critical too least threatening.
- Conduct weekly meetings with accountable departments to highlight, prioritise and solution their vulnerabilities.
- Design a process for the departments to accept responsibility and commit to a timeline in which they will resolve and fix the vulnerability.
- Keep track of commitments and escalate to senior management as required.
- Promote these vulnerabilities to risks in the Cura system should the outstanding time reach the threshold.
- Develop and implement a comprehensive technical compliance program based on relevant industry standards and regulations.
- Ensure alignment with frameworks such as ISO 27001, NIST, GDPR, HIPAA, or other applicable standards depending on the industry.
- Conduct regular compliance audits and assessments to verify adherence to established technical standards and policies.
- Provide guidance to cross-functional teams on compliance requirements and assist in the resolution of compliance-related issues.
- Coordinate and oversee the deployment of security patches and updates to address vulnerabilities promptly. This is done in conjunction with infrastructure management and our service provider.
- Establish and maintain a structured process for patch management, ensuring minimal disruption to ongoing operations.
- Support the implementation of patch management using tools implemented by our services providers.
- Collaborate with the incident response team to develop and enhance incident response plans related to vulnerabilities.
- Participate in the investigation and resolution of security incidents related to vulnerabilities.
- Maintain detailed records of vulnerabilities, assessments, and compliance activities.
- Generate and present regular reports on the status of vulnerabilities, compliance posture, and remediation progress to key stakeholders.
- Conduct training sessions to educate employees on security best practices and compliance requirements.
- Foster a culture of security awareness and compliance throughout the organization.
- Evaluate and enhance security and compliance processes continually.
- Stay abreast of emerging technologies and industry trends to recommend and implement improvements to the organization's security posture.
QUALIFICATIONS AND EXPERIENCE
- Bachelor’s degree in information security, Computer Science, or a related field.
- Professional certifications such as CISSP, CISM, or equivalent.
- 5 years of experience in vulnerability management, technical compliance, and information security.
- 5 years of strong knowledge of security frameworks, standards, and regulations.
- Familiarity with security technologies and tools, including vulnerability scanning tools.
- Excellent communication and collaboration skills.
- Ability to work effectively in a dynamic and fast-paced environment.
COMPETENCIES
- Building and maintaining relationships.
- Teamwork and ability to function independently.
- Facilitation Skills.
- Adaptability.
- Attention to detail.
- Planning and organising.
- Ability to work independently.
- Interpersonal savvy.
- Decision quality.
- Plans and aligns.
- Optimises work processes.
- Being resilient.
- Collaborates.
- Cultivates innovation.
- Customer focus.
- Drives results.
- Curiosity and Open-Mindedness
- Negotiation
- Reporting and Administration
ADDITIONAL COMPETENCIES AND SKILLS
- Honesty, integrity, and respect.
- Positive, enthusiastic, can-do attitude.
- Ability to co-operate and thrive both within an independent and team environment.
- Project Management.
- Reporting and Administration.
- Business Requirements Definition.
- Compliance Monitoring.
ABOUT THE COMPANY
Santam is the leading short-term insurer in South Africa. Along with its subsidiaries, the business transacts all classes of short-term insurance. Santam is a large, diversified, and transforming company and our success is rooted in our passion for our clients. Everything we do is centered on our delivery of Insurance Good and Proper.
Please note this appointment will be made in line with the Divisional Employment Equity targets. People with disabilities are welcome to apply.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Audits CISM CISSP Compliance Computer Science GDPR HIPAA Incident response ISO 27001 Monitoring NIST Qualys Vulnerabilities Vulnerability management
Perks/benefits: Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Cybersecurity Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Security Operations Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Information Security Officer jobs
- Open Principal Security Engineer jobs
- Open Senior Product Security Engineer jobs
- Open Information Security Specialist jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Network Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open IT Security Analyst jobs
- Open Manager Pentest H/F jobs
- Open Security Consultant jobs
- Open Security Operations Analyst jobs
- Open Information Security Architect jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open SOC-related jobs
- Open Network security-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Threat intelligence-related jobs
- Open Vulnerability management-related jobs
- Open DevOps-related jobs
- Open DoD-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open APIs-related jobs
- Open CEH-related jobs
- Open Security assessment-related jobs
- Open EDR-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open SaaS-related jobs
- Open DevSecOps-related jobs