Jobs at Santam Insurance

KEY RESPONSIBILITIES

• Establish and manage a Santam Business Unit (SBU) Information Security Programme.
• Implement cybersecurity awareness campaigns.
• Participate in Group Information Security Programme (GISP) initiatives.
• Information Security Governance and Assurance.
• Document processes and artefacts that prove that the relevant governance and assurance processes were implemented as designed.
• Information Security Incident Response and Cyber Crisis Management.
• Application (including cloud), Infrastructure Security, and Cybersecurity Education, Training and Awareness.
• The BISO will implement processes and controls as agreed with the Group Information Security Officer (GISO), GISP and the Group CIO.
• The BISO will be responsible for the quality and cost-effectiveness of information security services delivery in the SBU and will report on these metrics to the GISP and GISO.
• Provide regular feedback to Santam Manco on Group-wide information security issues.
• The BISO will report to the GISO on new initiatives, plans, and progress, which will be discussed with the Group Information Security Committee.
• Review and improve existing IT and Information Risk assessment, reporting and management practices.

KEY RESPONSIBILITIES

• Update the Santam IT and Information Security Risk register.
• Document a security risk management action plan. This must include the relative priorities of agreed-upon actions, ownership of the actions, and agreed-upon timelines.
• Priorities will be aligned to Santam and GISP priorities. The BISO must have an action plan to implement these initiatives in Santam.
• Up to date and complete Santam cloud technology outsourcing and third-party register (where applicable).
• Review and respond to PSPG and risk acceptance requests within the agreed time.
• Clear and timely communication to management and users regarding planned group awareness campaigns.
• Risk assessment that identifies a requirement for additional awareness or targeted education, training, and awareness interventions.
• Alignment with the Group's annual security education, training and awareness plan.
• Document the logical access review schedule for Line of Business Applications, review the results, facilitate resolution, and report on the progress made in resolving issues identified during the reviews.
• Review and respond to all security-related audit findings.
• Report all cyber security incidents, or information security incidents (including privacy-related incidents) where the compromise was through technology to the Sanlam Group Technology (SGT) CSIRT.
• Be a primary contact for cybersecurity incidents identified by the SGT CSIRT.
• Ensure appropriate actions are taken when policy breaches are identified in the SBU.
• Assist by facilitating engagement and communication with key stakeholders in the Santam during a major incident.
• Produce Quarterly Group ISO Forum and GISP reports.
• Ensure that security 'gates' are a formal part of the SDLC/ Agile/ relevant solution development methodology.
• Interventions and role-players must be clearly specified.
• Active participation in Sanlam-sanctioned industry bodies (e.g. ISF Live, ISACA, FS-ISAC)
• Timeous escalation of new, high or escalating cybersecurity risks.
• Engage with application owners and the Group Cyber Security Centre (GCSC) Operations Team to ensure that system vulnerabilities identified during penetration tests, Red Team exercises, or vulnerability scans are addressed.
• Ensure that the Group CIO is aware of risks and actions required.
• Facilitate workshops and risk documentation during Control Self Assessments or Crown Jewel Risk Assessment processes.
• Find & provide root cause analysis and implement permanent and/or long-term fixes for cyber-related incidents.
• Strong understanding of integration between Workstations and Network/Servers.
• Installations and monitoring of devices using automated tools (e.g. SCCM) & scripting.
• Responsible for maintaining a configuration register of assets and licenses.

QUALIFICATIONS AND EXPERIENCE

• Bachelor’s Degree or Diploma in Computer Science, Information Systems or other related field, or equivalent work experience
• Minimum 7 years of relevant experience
• Cyber and information security certifications (such as CISM, CISSP, CCSP, CISA, ISO 27000 Lead Implementer/ Auditor) are in force. If the candidate does not possess such certifications, evidence is required that the candidate is studying toward them.

go to method of application »

What will make you successful in this role?

• The purpose of the role is to support Personal Lines and Outsourced Business:
• The incumbent will be responsible and accountable for compiling, updating, reviewing and maintaining of policy wordings, endorsements, addendums, terms, conditions, PPR/ Disclosure notices etc.
• Responsible to give sound claims and personal lines underwriting advice both from a legal and underwriting perspective.
• Responsible for adherence to all regulatory requirements within the Personal Lines Underwriting
• Integrate and update existing Underwriting manuals/policies, operational manuals and underwriting guidelines, etc 
• Create new underwriting guidelines and procedures if required.
• Assist in formulating and sign-off of underwriting circulars and media articles.
• Analysis, interpretation, review, recommend and communicate policy wording / endorsement changes to Binderholders / relevant stakeholders
• Assist with product changes and associated projects 
• Alignment of product changes to that of policy wordings, endorsements etc. 
• Drive implementation and monitor results thereof.

Qualifications & Experience

• Min of 8 years’ experience in Short Term insurance - Personal Lines
• Report writing experience
• Strong Technical product underwriting knowledge and proficiency – Personal Lines
• Understanding of Risk management
• Degree in Insurance & Risk Management or similar disciplines would be an advantage.
• Computer literate (extensive experience of Excel, Word, Acrobat Pro and PowerPoint)
• Knowledge of the short term insurance legal framework 

Knowledge & Skills

• High analytical thinking
• Ability to grasp concepts quickly
• Exceptional problem solving skills 
• Strong ability to manipulate and interpret policy wording
• Strong communication and presentation skills 
• Proactive and self-motivated
• Ability to perform under pressure
• Time management and focussed delivery of deadlines
• Good planning, analytical and decision-making skills
• A good team player – integrates and shares knowledge and skills
• Displays keen insight and intuition