Cyber Security Risk and Assurance Specialist | Based in either Sandton or Tygervalley

What will you do?

The Cyber Security Risk and Assurance Specialist will be responsible for conducting cyber security risk assessments, third party and cloud risk evaluations, and supporting the execution of the Group Cyber Resilience Maturity Programme. The role focuses on execution, assurance, and enablement, ensuring consistent cyber risk visibility and maturity uplift across a federated, multi country environment. 
This role does not own cyber strategy, policy approval, or risk acceptance, but operates as a trusted execution and assurance extension of the Group CISO function. 
The successful candidate will report to the Group CISO & Head of IT Governance and provide hands on cyber security risk and assurance support across SanlamAllianz operating entities.

What will make you successful in this role?

In this role, you will be expected to deliver the following outputs:

Cyber Security Risk Assessments
•    Conduct entity level cyber security risk and control assessments across the Group.
•    Identify key security control gaps, risk concentrations, and systemic weaknesses.
•    Translate technical assessment outcomes into clear, business relevant risk insights.
•    Ensure assessments are repeatable, defensible, and audit ready.

Third Party and Cloud Risk Management
•    Perform Third Party, Operator, and Cloud Security Risk Assessments.
•    Review cloud security architectures and shared responsibility models.
•    Validate third party security controls against SanlamAllianz minimum requirements.
•    Track remediation actions and unresolved residual risks.

Cyber Resilience Maturity Enablement
•    Execute and maintain the Group Cyber Resilience Maturity Programme.
•    Assess operating entities against approved cyber security frameworks and standards.
•    Define pragmatic, entity specific uplift actions to improve cyber maturity.
•    Provide advisory support and guidance to local IT and security teams.

Assurance, Governance and Reporting
•    Prepare cyber risk dashboards, maturity heatmaps, and trend analysis.
•    Provide structured assurance inputs to Group cyber governance forums.
•    Support Internal Audit, regulatory, and assurance activities as required.
•    Act as a quality control layer prior to escalation of issues to the Group CISO.

Stakeholder Engagement and Advisory Support
•    Build strong working relationships with business, IT, and risk stakeholders.
•    Act as a trusted advisor, supporting businesses without adopting a policing stance.
•    Support post incident risk reviews and control improvement initiatives.
•    Travel across operating entities to perform on site assessments and enablement.

Qualification and Experience

•    Relevant degree in Information Security, Information Technology, Risk Management, or a related discipline. 
•    5+ years’ experience in cyber security, IT risk, or assurance roles. 
•    Proven experience in: 

•    Cyber security risk assessments
•    Third party and cloud security risk
•    Cyber maturity assessments and uplift programmes

•    Experience in financial services or other regulated environments is advantageous. 
•    Exposure to multi country or federated organisational environments is beneficial.

Knowledge and Skills

•    Strong working knowledge of cyber security frameworks (ISO 27001/27002, NIST CSF). 
•    Practical understanding of cloud security models (IaaS, PaaS, SaaS). 
•    Knowledge of third party and outsourcing security risk management practices. 
•    Ability to analyse complex technical environments and articulate risk clearly. 
•    Strong written and verbal communication skills for technical and non technical audiences.

Personal Attributes

•    Methodical, analytical, and detail‑oriented approach.
•    High level of integrity and professionalism when handling sensitive information.
•    Self‑motivated, accountable, and comfortable operating without direct authority.
•    Pragmatic, collaborative, and business‑aligned mindset.
•    Resilient and adaptable, with the ability to operate across diverse cultural and maturity contexts.

Core Competencies

Turnaround time

The shortlisting process will only start once the application due date has been reached. The time taken to complete this process will depend on how far you progress and the availability of managers. 

Build a successful career with us

We’re all about building strong, lasting relationships with our employees. We know that you have hopes for your future – your career, your personal development and of achieving great things. We pride ourselves in helping  our employees to realise their worth. Through its five business clusters – Sanlam Fintech, Sanlam Life and Savings, Sanlam Investment Group, Sanlam Allianz, Santam, as well as MiWay and the Group Office – the group provides many opportunities for growth and development.

Our commitment to transformation