Vacancies at Sanlam

What will you do?

The Business Information Security Officer (BISO) is responsible for identifying and assessing the information security requirements of the business. The BISO in conjunction with the Business CIO, is responsible for the establishment and maintenance of an Information Security Management System (ISMS) and ensure that the appropriate information security controls are implemented, maintained and aligned with the Group governance and assurance requirements (i.e. PSPGs, Cyber Resilience Framework, external requirements).The BISO is responsible for security awareness, cyber risk management and translating these risks and the impacts thereof to lines of business to ensure informed risk assessment. Other responsibilities include participation in Group information security bodies and initiatives, logical access management, cyber incident response, vulnerability management, IT audit coordination, ensuring new systems adhere to security governance and providing management assurance regarding the cyber and information security posture of the business.

Once the engagement processes have been followed and agreed to, the BISO’s responsibility areas will include the following key areas:

• Establish and manage a BU information security programme,

• Participation in Group Information Security Programme (GISP) initiatives,

• Information security incident response and cyber crisis management,

• Information security governance and assurance,

• Application (including cloud) and infrastructure Security, and

• Cybersecurity Education, Training and Awareness

• The BISO will implement processes and controls as agreed with the Group CISO and the Business CIO.

• The BISO will be responsible for quality and cost effectiveness of delivery of information security services in the BU and will report on these metrics to the GISP

What will make you successful in this role?

Outputs

• Regular feedback to BU Manco on Group-wide information security issues.

• The BISO must have an programme plan to implement these initiatives in the BU .

• The BISO will report to the GISP Manager on new initiatives, plans and progress which will be discussed at the Cyber Sub-Committee.

• Review and improve existing IT and information risk assessment, reporting and management practices.

• Up to date and complete BU IT and information security risk register.

• Documented security risk management action plan. This must include relative priorities of agreed actions; ownership of the actions; agree timelines.  Priorities will be aligned to Business and GISP priorities.

• Up to date and complete BU cloud register (if these services are used in the BU)

• Review and respond to PSPG and Risk Acceptance requests within the agreed time.

• Document processes and artefacts that prove that the relevant governance and assurance processes were implemented as designed.

• Clear and timely communication to management and users regarding planned group awareness campaigns.

• Risk assessment that identifies a requirement for additional awareness or targeted education, training and awareness interventions. 

• Maintenance of BU/ Cluster and alignment with the Group annual security education, training and awareness plan.

• Documented logical access review schedule for line of business applications, review results, facilitate resolution, progress report on resolution of issues that were identified during the reviews.

• Review and respond to audit findings related to application logical access and other BU specific information security findings. Ensure that the ratings are accurate.

• Provide management comment to the audit observations/ findings, that is specific as far as actions and due dates are concerned.

• Track and follow up on audit finding commitments.

• Report all cyber security incidents, or information security incidents (including privacy related incidents) where the compromise was through technology to the SGT CSIRT.

• Be contactable or provide alternative contact details for Cybersecurity incidents that are identified by the SGT CSIRT

• Ensure appropriate actions are taken when policy breaches are identified in the BU.

• Assist by facilitating engagement and communication with key stakeholders in the Cluster during a major incident. 

• Provide context on system and process criticality.

• Produce Quarterly Group ISO Forum and GISP reports.

• Provide input into requirements documents - ensure security roles; auditing; data protection (in transit and rest); monitoring etc. are defined in line with approved Information Security policies and standards.

• Ensure that security 'gates' are a formal part of the SDLC/ Agile/ relevant solution development methodology. 

• Interventions and role-players must be clearly specified.

• Active participation in Sanlam sanctioned industry bodies (e.g. ISF, FS-ISAC, ISACA).

• Timeous escalation of new, high or escalating risks.

• Engage with application owners and GCSC Operations Team to ensure that system vulnerabilities are addressed that were identified during Penetration tests, red team exercises or vulnerability scans. Ensure that the Business CIO’s are aware of risk and actions required.

• Facilitate workshops and risk documentation during Control Self Assessments, or Crown Jewel Risk Assessment processes.

Qualifications

• Matric

• Bachelor’s degree in Information Technology, Commerce, Science, or Social Science (preferable)

• In force Information Security Certifications (CISM, CISSP, CCSP, CISA, ISO 27000 Lead Implementer/ Auditor)

Knowledge and Experience

Knowledge

• Knowledge of ISO27k, Cobit, ITIL, CIS T20 and ISF best practices.
• Knowledge of Information Risk Methodologies (ideally IRAM2), threat modelling and Operational Risk management methodologies
• Knowledge of the key business processes, key stakeholders and have their contact details readily available.
• Understanding of the risk management and governance structures within the Cluster

Experience

• Experience in policy writing and reviews.
• Experience in agile/ relevant solution development methodologies.
• Familiarity with security practices and standards in development like the security development life cycle (e.g. OWASP).
• Understanding of the technical and application environment of the Cluster/ Busiess Unit
• Minimum 5 years related experience

Knowledge and Skills

• Infiltration testing (hacking)
• Risk management
• Project Management Tools
• Reporting and Administration
• Research and trend analysis on IT security leading practice

Personal Attributes

• Tech savvy - Contributing through others
• Manages complexity - Contributing through others
• Optimises work processes - Contributing through others
• Communicates effectively - Contributing through others

Core Competencies

• Cultivates innovation - Contributing through others
• Customer focus - Contributing through others
• Drives results - Contributing through others
• Collaborates - Contributing through others
• Being resilient - Contributing through others

go to method of application »

What will you do?

Job Description:

• An experienced Sales Manager to lead our outbound call centre team in the Cross-Sell team. The successful candidate will be responsible for managing and motivating a team of sales agents and administrators to achieve sales targets and KPIs.

Key Responsibilities and Deliverables:

• Develop and implement sales strategies to achieve sales targets and KPIs.
• Manage and motivate a team of sales agents to achieve sales targets and KPIs.
• Monitor and analyse sales performance data to identify areas for improvement.
• Provide coaching and training to sales agents to improve their performance.
• Ensure compliance with company policies and procedures.
• Ensure that all sales activities are conducted in accordance with regulatory requirements.
• Develop and maintain relationships with key stakeholders.
• Prepare reports on sales performance data for senior management.
• Participate in the recruitment and selection of new sales agents.
• Manage the new business capturing, in line with product terms and conditions and applicable regulations.
• Manage the sales leads process
• Ensure that Sales targets are met (Quality sales) and manage the leads quality.
• Review and approve all new business

Quality monitoring

• Ensure that outbound agents adhere to the sales scripts
• Ensure quality capturing of all accepted policies on different systems
• Achievement on quality audits (% achieved)
• Ensure that all processes, procedures and systems are in line with regulatory requirements and that the team are kept up to date with regulatory changes.
• Trends will be identified and communicated to management with recommendations as to how to improve / address issues identified

Enabling capacity management

• Sufficient staff are available to perform the work 

• Staff have access to the required enablers to perform their work

Operational work planning and priority setting – delegation of incoming work/ Capacity management

• Ensure that work is equally distributed by the team leaders
• Ensure effective planning that enables dealing with the workload 
• Ensure clear and timeous communication to all relevant teams by the team leaders 

Operational performance monitoring and reporting 

• Ensure, with the assistance of team leaders that all key indicators are monitored continuously and deviations addressed timeously 
• Adherence to Standard operating procedures guides
• Adherence to Service level agreements
• Achievement of targets (volumes)
• Achievement of quality measure targets
• Consider alternative measure to accommodate the client and to speed up the process
• All communication or actions will be documented

Reporting – weekly and monthly to relevant stakeholders

• Accuracy 
• Timeously

What will make you successful in this role?

Qualifications & experience 

• Grade 12/Matric
• diploma/degree – Business Management
• RE 1 & RE 5 qualification
• 2 years’ experience in approving of new business in life/funeral insurance industry 
• At least  2 years’  experience as a Sales Manager in outbound call centre environment.

Knowledge and skills

• Excellent communication and interpersonal skills.
• Strong leadership skills.
• Ability to motivate and manage a team of sales agents.
• Strong analytical skills.
• Knowledge of life insurance products and services.
• Knowledge of regulatory requirements for the insurance industry.
• Computer literacy – MS Office – standard Excel 
• Exposure to working with capturing / workflow systems 
• Insurance product knowledge  
• Knowledge of in-house systems (advantageous)
• Verbal and written communication skills is essential

Core Competencies

• Cultivates Innovation
• Client Focus
• Drives results
• Meet sales targets
• Collaborates
• Flexible and Adaptable

Behavioural Competencies

• Interpersonal Savvy
• Build effective teams 
• Plans and aligns
• Optimises work processes
• Promote and enforce the company culture

Personal Attributes

• Builds effective teams - Contributing independently
• Decision quality - Contributing independently
• Directs work - Contributing independently
• Plans and aligns - Contributing independently