Cyber Security Vulnerability & Tech Compliance Manager JG6

Bellville, Western Cape, South Africa


Santam BITS has a career opportunity for a senior role as Cyber Security Vulnerability and Technical Compliance Manager in the Business Information and Technology Services (BITS) department, which is based in the Western Cape or Gauteng.


  • Receive weekly Qualys scans of IT systems, networks, and applications for internal and external vulnerabilities uploaded to the QlikView reporting system.
  • Prioritise the vulnerabilities from most critical too least threatening. 
  • Conduct weekly meetings with accountable departments to highlight, prioritise and solution their vulnerabilities. 
  • Design a process for the departments to accept responsibility and commit to a timeline in which they will resolve and fix the vulnerability. 
  • Keep track of commitments and escalate to senior management as required. 
  • Promote these vulnerabilities to risks in the Cura system should the outstanding time reach the threshold.
  • Develop and implement a comprehensive technical compliance program based on relevant industry standards and regulations.
  • Ensure alignment with frameworks such as ISO 27001, NIST, GDPR, HIPAA, or other applicable standards depending on the industry.
  • Conduct regular compliance audits and assessments to verify adherence to established technical standards and policies. 
  • Provide guidance to cross-functional teams on compliance requirements and assist in the resolution of compliance-related issues.
  • Coordinate and oversee the deployment of security patches and updates to address vulnerabilities promptly. This is done in conjunction with infrastructure management and our service provider.
  • Establish and maintain a structured process for patch management, ensuring minimal disruption to ongoing operations.
  • Support the implementation of patch management using tools implemented by our services providers.
  • Collaborate with the incident response team to develop and enhance incident response plans related to vulnerabilities.
  • Participate in the investigation and resolution of security incidents related to vulnerabilities.
  • Maintain detailed records of vulnerabilities, assessments, and compliance activities.
  • Generate and present regular reports on the status of vulnerabilities, compliance posture, and remediation progress to key stakeholders.
  • Conduct training sessions to educate employees on security best practices and compliance requirements. 
  • Foster a culture of security awareness and compliance throughout the organization.
  • Evaluate and enhance security and compliance processes continually. 
  • Stay abreast of emerging technologies and industry trends to recommend and implement improvements to the organization's security posture.


  • Bachelor’s degree in information security, Computer Science, or a related field.
  • Professional certifications such as CISSP, CISM, or equivalent. 
  • 5 years of experience in vulnerability management, technical compliance, and information security. 
  • 5 years of strong knowledge of security frameworks, standards, and regulations. 
  • Familiarity with security technologies and tools, including vulnerability scanning tools. 
  • Excellent communication and collaboration skills. 
  • Ability to work effectively in a dynamic and fast-paced environment.


  • Building and maintaining relationships.
  • Teamwork and ability to function independently.
  • Facilitation Skills.
  • Adaptability.
  • Attention to detail.
  • Planning and organising.
  • Ability to work independently.
  • Interpersonal savvy.
  • Decision quality.
  • Plans and aligns.
  • Optimises work processes.
  • Being resilient.
  • Collaborates.
  • Cultivates innovation.
  • Customer focus.
  • Drives results.
  • Curiosity and Open-Mindedness
  • Negotiation
  • Reporting and Administration


  • Honesty, integrity, and respect.
  • Positive, enthusiastic, can-do attitude.
  • Ability to co-operate and thrive both within an independent and team environment.
  • Project Management.
  • Reporting and Administration.
  • Business Requirements Definition.
  • Compliance Monitoring.


Santam is the leading short-term insurer in South Africa.  Along with its subsidiaries, the business transacts all classes of short-term insurance. Santam is a large, diversified, and transforming company and our success is rooted in our passion for our clients. Everything we do is centered on our delivery of Insurance Good and Proper. 

Please note this appointment will be made in line with the Divisional Employment Equity targets. People with disabilities are welcome to apply.

Apply now Apply later
  • Share this job via
  • or

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: Audits CISM CISSP Compliance Computer Science GDPR HIPAA Incident response ISO 27001 Monitoring NIST Qualys Vulnerabilities Vulnerability management

Perks/benefits: Team events

Region: Africa
Country: South Africa
Job stats:  2  0  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.