Third Party Risk Manager

CAREER OPPORTUNITY

Santam Group has a career opportunity for a Third-Party Risk Manager in the Santam Technology Services (STS) department which will be based at Santam Head Office in Bellville in the Western Cape.

KEY RESPONSIBILITIES

The primary responsibility of the Third-Party Risk Manager:

• Implement the Third-Party Governance and Risk Management Framework in alignment with the System of Governance for IT across the Santam Group.
• Assist in designing and implementing policies, standards, and procedures to protect sensitive data and ensure operational continuity.
• Identifying, monitoring and responding to third-party incidents and risks, and advising management on mitigation strategies.
• Assist with the preparation of the Santam Group IT Governance, Risk and Information Security Report for the Santam Risk Committee and Board.
• Prepare the Third-Party IT-related risks
• Conduct regular training and awareness sessions (in person, virtual or training material) regarding third-party risk management and the roles the various parties play in the management of IT Risk at third parties.

QUALIFICATIONS AND EXPERIENCE

• Relevant Bachelor’s Degree, e.g. B.Com (Information Systems)
• CISA / CRISC or CCSP or similar certification
• 3 to 5 years of IT Audit / IT Risk Management / Third-Party Risk Management work experience
• Solid technical skills around IT and cybersecurity controls.

COMPETENCIES

Influence and Communication:

• Stakeholder Engagement: Skill in engaging and building rapport with stakeholders at all levels, effectively communicating third-party IT risk management concepts and concerns.
• Persuasion: Promoting a risk-conscious culture across the organisation.

Collaboration and Teamwork:

• Cross-Functional Collaboration: Proficiency in collaborating with diverse teams, including IT, legal, compliance, and the business units.
• Build Partnerships: Building partnerships and working collaboratively with others to meet shared objectives.
• Team Leadership: Ability to lead, motivate, and manage the various teams, fostering a collaborative and high-performance work environment. Be a team player and willingness to assist others as well as ability to work independently.

Adaptability and Continuous Learning:

• Adaptability: Ability to adapt to change and challenges. Ability to rebound from setbacks and adversity when facing difficult situations.
• Continuous Improvement: Eagerness to stay updated with trends and a commitment to ongoing self-improvement.

Learning Agility:

• Curiosity and Open-Mindedness: Demonstrating a willingness to learn, adapt, and explore new concepts. 

Cultural Influence and Education:

• Education and Training: Capability to educate employees about risks, fostering a culture of risk awareness.

Regulatory and Compliance Knowledge:

• Regulatory Awareness: Understanding of relevant legislation that has a bearing on IT matters, industry regulations, and compliance requirements relevant to the organization's industry.

Conflict Resolution and Negotiation:

• Conflict Management: Skill in resolving conflicts and disagreements constructively.
• Negotiation: Ability to negotiate with stakeholders to balance risk-based requirements with business requirements.

ADDITIONAL COMPETENCIES AND SKILLS

Technical Proficiency:

• Risk Assessment: Proficiency in conducting thorough IT risk assessments, identifying weaknesses, and evaluating potential risks.
• Technical Compliance: Strong understanding of industry standards, regulations, and best practices such as Cobit, ISO 27000 series, applicable Joint Standards, ITIL and King IV

Report Writing: Excellent report writing skills

• Presentations: Proficiency in building PowerPoint decks to assist in conveying key messages

Risk Expertise:

• Risk Management: Skill in assessing and prioritising risks, as well as developing and implementing risk mitigation strategies.

Communication and Collaboration:

• Stakeholder Engagement: Strong communication skills to engage with executives, technical teams, and non-technical stakeholders about risk matters.
• Cross-Functional Collaboration: Ability to collaborate with IT, legal, compliance, and business teams to integrate security practices across the organization.Problem Solving and Decision Making:
• Analytical Thinking: Proficiency in analysing complex issues, assessing potential impacts, and making informed decisions.
• Critical Thinking: Capability to evaluate incidents and risks to devise effective solutions.

ABOUT SANTAM

Santam is the market leader in the general insurance industry in Southern Africa. As a large, diversified, and expanding company, we are committed to transformation and growth. While our headquarters are in South Africa, we are rapidly extending our presence into emerging markets across Africa and Asia.

With a client base of over 1 million policyholders, Santam serves individuals, commercial enterprises, specialist business owners, and institutions—including 80 of the Top 100 companies listed on the JSE. Our commitment to Insurance, Good and Proper goes beyond just providing cover—we offer peace of mind, ensuring our clients can focus on living in the moment, not worrying about the unexpected. Because at Santam, we believe the freedom to seize every day is worth protecting.

People drive our business, and we are committed to attracting the best talent, whether for permanent roles or short-term opportunities. 

Santam is committed to diversity, inclusion, and belonging. As an equal opportunity employer, we encourage applications from candidates of all backgrounds, including persons with disabilities. We are dedicated to neuro-inclusivity and fostering a workplace where everyone can thrive. 

Take the next step in your career—apply now and be part of a company that’s shaping the future of insurance. This is Freedom!