×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security IT Consultant Data Security

Business Information Security Officer

Job in Bellville, 7530, South Africa
Listing for: Sanlam
Full Time position
Listed on 2026-01-07
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, IT Consultant, Data Security
Job Description & How to Apply Below

Who are we?

Sanlam Group Technology is responsible for the provision of a digitally enabled technology service as a group COE, drive business and transformation and provide group-wide digital and data architecture. We operate the various technology platforms and shared services, ensure Cyber and Information Security resilience, and act as technology governance and risk orchestrator for technology across Sanlam.

What will you do?

The Business Information Security Officer (BISO) is responsible for identifying and assessing the Information Security requirements of the business. The BISO in conjunction with the Business CIO, is responsible for the establishment and maintenance of an Information Security Management System (ISMS) and ensure that the appropriate Information Security controls are implemented, maintained and aligned with the Group Governance requirements (. Policies, Standards, Procedures and Guidelines and Cyber Resilience Framework).

The BISO is responsible for Security Awareness, Information Risk Management and translating risks and the effect thereof to Lines of Business to ensure informed risk assessment. Other responsibilities include:
Participation in Group Information Security bodies and initiatives, logical access management,incident response, vulnerability management, IT audit coordination, ensuring new systems adhere to security policy and Providing management assurance regarding the Cyber and Information Security posture of the Business.

What will make you successful in this role?

Establish and manage a Business Information Security Programme, effective participation in Group Information Security Programme (GISP) initiatives, Information Security Incident response and Cyber Crisis Management, Information Security Governance and assurance, Application (including cloud) and Infrastructure Security, and Cybersecurity Education, Training and Awareness.
The BISO will implement processes and controls as agreed with the CISO and the Business CIO. The BISOwill be responsible for quality and cost effectiveness of delivery of information security services in the BU andwill report on these metrics to the GISP.

Outputs

  • Regular feedback to Business Manco on Group-wide information security issues.
  • The BISO must have an action plan to implement these initiatives in the Business .
  • The BISO will report to the GISP Manager on new initiatives, plans and progress which will be discussed at the Cyber Steering Committee.
  • Review and improve existing IT and Information Risk assessment, reporting and management practices.
  • Up to date and complete Business IT and Information Security Risk register.
  • Documented Security risk management action plan. This must include relative priorities of agreed actions;
    Ownership of the actions;
    Agree timelines. Priorities will be aligned to Business and GIS Ppriorities.
  • Up to date and complete Business Cloud register (if these services are used in the Business).
  • Review and respond to Policies, Standards, Procedures and Guidelines and Risk Acceptance requests within the agreed time.
  • Document processes and artefacts that prove that the relevant Governance and Assurance processes were implemented as designed.
  • Clear and timely communication to management and users regarding planned group awareness campaigns.
  • Risk assessment that identifies a requirement for additional awareness or targeted education, training and awareness interventions.
  • Maintenance of Business/ Cluster and alignment with the Group annual security education, training and awareness plan.
  • Documented Logical Access review schedule for Line of Business Applications, review results, facilitate resolution, progress report on resolution of issues that were identified during the reviews.
  • Review and respond to audit findings related to application logical access and other Business specific Information Security findings. Ensure that the ratings are accurate.
  • Provide management comment to the audit observations/ findings, that is specific as far as actions anddue dates are concerned.
  • Track and follow up on audit finding commitments.
  • Report all cyber security incidents, or information security incidents (including privacy related…
    • Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
    To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
     
     
     
    Search for further Jobs Here:
    (Try combinations for better Results! Or enter less keywords for broader Results)
    Location
    Increase/decrease your Search Radius (miles)

    Job Posting Language
    Employment Category
    Education (minimum level)
    Filters
    Education Level
    Experience Level (years)
    Posted in last:
    Salary
    Advanced Search