South Africa

Information Assurance Manager

Company Telesure Investment Holdings
Reference # IAM/03/12/21
Published 22/12/2021
Contract Type Permanent
Salary Market Related
Location Gauteng Area, Gauteng, South Africa
Manage a team to ensure Information Assurance, IT Governance, Internal Risk assessment and reporting, IT compliance, documentation, Human resources management, audit and assurance, improvements, asset management and manage Third parties for TIH information systems regarding legislation, regulation and relevant and applicable industry standards.
Job Functions Information Technology,Management
Industries Insurance,IT - Information Technology
Information Security Governance
Define business impact of security incidents and identify and drive recommendations for change to prevent similar incidents. Collect business requirements using a variety of methods such as interviews, document analysis, workshops, and workflow analysis to express the requirements in terms of target user roles and goals. Facilitate information security governance through the implementation of a hierarchical governance project, including the formation of an information security steering committee or advisory board.

Audit Compliance
Plan and manage the delivery of an audit program in a single discipline, ensuring that it addresses identified risk areas. Monitor the closeout of audit findings to ensure that agreed corrective actions are implemented and that risks are managed effectively; refer major issues or inadequate responses through the management line. Ensure that relevant governance committees are informed of significant issues and the actions being taken to resolve these. Conduct Policy Reviews. Ensure comprehensive IT Risk Assessment and oversight of IT risk management. Propose the selection of safeguards. Propose the deadlines for safeguards implementation
Compliance reviews / Compliance reporting. Conduct Audits – IT Security related. Access reviews – Super users, AD and other systems Drive IT Security Compliance.

Risk Management & Reporting
Develop and/or deliver a contingency plan for significant aspects of the risk management and/or control process. Define and facilitate the information security risk assessment process, including the reporting and oversight of treatment efforts to address negative findings. Work directly with the business units to facilitate IT risk assessment and IT risk management processes. Work with stakeholders throughout the enterprise on identifying acceptable levels of residual risk. Communicate the benefits of information security. Propose information security objectives. Report on results. Propose security improvements and corrective actions.
Report important requirements of business stakeholders. Report about the implementation of safeguards. Perform risk assessment for activities to be outsourced.

Stakeholder Engagement
Identify and manage stakeholders up to management level, finding out their needs/issues/concerns and reacting to these by leading and coordinating the development of stakeholder engagement plans to support the communication of business information and decisions. Deliver key information assurance projects and/or ad hoc services; ensure business objectives and requirements are clearly understood, monitor and report on outcomes, and driving appropriate remedial action where necessary. Liaise and align on projects and initiatives with the Corporate Risk, Legal & Compliance and Audit & Forensics stakeholders. Liaise with external agencies to ensure the company maintains a strong security posture. Coordinate the use of external resources involved in the information security program.

Make authoritative recommendations about technical or professional solutions including but not limited to CAB approvals, vulnerability remediation plans, etc. that would significantly improve risk posture.

Operational Compliance Reporting
Monitor and review performance within area of responsibility to identify and resolve non-compliance with the organization's policies and relevant regulatory codes and codes of conduct. Coordinate the approval process, training, and dissemination of security policies
and practices. Periodic reporting of risk assessment progress, challenges and impediments along with the status and tracking of various information assurance initiatives. Conducting audits of policy and compliance to standards, including managing relationships and interactions with internal and external auditors and risk management bodies, and reviewing and reporting on open issues both prior to and subsequent to issuance. collaborate with Group Risk, Compliance, Audit and Forensics to ensure accurate and consistent reporting such as risk registers, audit remediation's, etc.

Policies and Procedures Development
Draft standards and procedures, and related guidelines within an area of expertise to meet defined key principles and ensure compliance with external requirements and integration with the broader corporate policy framework. Coordinate policy review process and policy compliance audits. Monitor and review processes to ensure risk/security and compliance arrangements are in place.

Leadership and Direction
Explain the local action plan to support team members in their understanding of what needs to be done and and how this relates to the broader business plan and the organization's strategy, mission and vision; motivate people to achieve local business goals.

Information and Business Advice
Provide specialist advice on the interpretation and application of policies and procedures, resolving complex or contentious queries and issues and enabling others to take appropriate actions.

Improvement / Innovation
Identify shortcomings in existing business practices, then suggest and implement improvements while developing and delivering projects or a work stream within the organization's change management program. Involves working with guidance from senior colleagues.

Organizational Capability Building
Use the organization's formal development framework to identify the team's individual development needs. Plan and implement actions to build their capabilities. Provide training or coaching to others throughout the organization in own area of expertise to enable others to improve performance and fulfill personal potential.

Personal Capability Building
Act as subject matter expert in an area of technology, policy, regulation, or operational management for the team. Maintain external accreditations and in-depth understanding of current and emerging external regulation and industry best practices through continuing professional development, attending conferences, and reading specialist media.
General Education
University degree in an information technology or related domain
(Advantageous); Relevant industry certifications, such as CISM, CGEIT, CRISC,
COBIT, CISA etc (Advantageous)

General Experience
5 or more years' experience in Information Security (Essential); Project/Portfolio
Management experience (Advantageous)

Managerial Experience
3 or more years' management experience (Advantageous)

*SAQA Accredited Equivalent* - It is the onus of the applicant to provide TIH and its subsidiaries with certified evidence that their qualification(s) meet the equivalent NQF level required for this role at time of application.

Financial Sector Conduct Authority (FSCA)** competency requirements: FAIS recognized qualifications / Regulatory Examinations / Class of Business Certification and / or CPD according to your DOFA (where applicable) - As a registered Financial Service Provider, we are mandated to ensure that all our representatives are always and remain fit and proper at all times. By applying for this role, you consent to having your relevant qualification and or accreditation or confirm that you are working towards meeting the competency requirements. You further consent to the relevant information being verified.

Employment Equity

The Company's approved Employment Equity Plan and Targets will be considered as part of the recruitment process. As an Equal Opportunities employer, we actively encourage and welcome people with various disabilities to apply. TIH is committed to an organisational culture that recognises, appreciates and values diversity & inclusion.

Should you not hear from our team in 30 days, kindly consider your application unsuccessful.

Unlock your greatness & be unstoppable

About TIH

Telesure Investment Holdings (Pty) Ltd (TIH), is the holding company of some of South Africa’s leading financial service providers. Our portfolio includes short-term insurers, a long-term insurer, health insurance as well as an insurance and personal finance comparison platform. We’re pioneers with a hunger for best, bringing customer-focused innovation and service excellence to the financial services industry. We’re an undivided team of diverse thinkers and doers who believe in leading through technology and pushing past their limits.

What we offer

TIH offers an exceptional benefits programme, and competitive compensation packages. You have options for Life Cover, Disability Benefits, Provident Fund, Medical Aid, and more. Office benefits include free undercover parking, free Wi-Fi, ATMs, an onsite gym, subsidised meals, convenience store, coffee shop, free seasonal fruits – every day, and an Active Access walking programme
Job Closing Date 16/01/2022
Share on
Last Updated: 30-6-2021 []
Webserver: SkillsMap (NLBB)