IT Risk Manager | Based in either Sandton or Tygervalley

What will you do?

The IT Risk Manager is responsible for establishing, embedding, and driving a consistent and effective IT Risk Management Programme across SanlamAllianz. The role operates as a Second Line of Defence function and provides independent oversight, challenge, and guidance to ensure that IT‑related risks are appropriately identified, assessed, managed, monitored, and reported. 

The role ensures that all SanlamAllianz reporting businesses have appropriate IT risk structures, processes, and governance in place, aligned to the SanlamAllianz IT Risk Framework, Enterprise Risk Management Framework, and international best practices. 

The IT Risk Manager coordinates IT risk assessments across SanlamAllianz, ensures that IT risks are formally identified, recorded, owned, and managed, and provides consolidated oversight and reporting on the overall IT risk posture. The role is a key contributor to the SanlamAllianz IT Risk Forum, providing quarterly updates, tracking key decisions, and ensuring follow‑through on agreed actions. 

The role reports directly to the CISO, GRC and Business Continuity Manager and operates as a mid‑level management function with significant cross‑functional stakeholder engagement across SanlamAllianz.

What will make you successful in this role?

In this role, you will be expected to deliver the following outputs:

IT Risk Management Framework & Programme (Second Line of Defence)
• Establish, implement, and enhance the SanlamAllianz IT Risk Management Framework aligned to IT Risk Policy, ERM, and global standards (ISO, COBIT, NIST).
• Define minimum IT risk standards for all reporting businesses.
• Ensure consistent IT risk methodologies, taxonomies, assessment criteria, and reporting.
• Provide independent oversight and challenge to first‑line IT and business risk management.
• Ensure alignment across IT risk, cybersecurity, third‑party risk, and technology resilience.
• Drive adoption and use of the Group IT Risk Management system.
• Establish, contribute to, and report on IT Risk Appetite across the cluster.
SanlamAllianz‑wide IT Risk Assessments
• Plan, coordinate, and oversee periodic IT risk assessments (inherent, residual, target).
• Ensure consistency and quality of risk assessments across reporting businesses.
• Support business units during assessments while retaining governance responsibility.
• Facilitate thematic and emerging risk assessments (cloud, data, resilience, third‑party IT risk).
IT Risk Register & Risk Treatment Oversight
• Maintain and govern the SanlamAllianz IT Risk Register.
• Ensure material risks include statements, causes, impacts, controls, owners, and treatment plans.
• Monitor progress of risk treatment actions, escalating overdue or ineffective items.
• Govern risk acceptance decisions and ensure correct approvals.
IT Risk Governance & Forums
• Coordinate and participate in the SanlamAllianz IT Risk Forum.
• Prepare quarterly IT risk reports covering risk profile, trends, key/emerging risks, concentrations, and treatment status.
• Record, track, and follow up on forum decisions, actions, and risk acceptances.
Monitoring, Reporting & Assurance
• Develop and maintain IT risk dashboards and management information for executives, committees, and boards.
• Provide consolidated IT risk inputs for enterprise risk, audit, and regulatory reporting.
• Support internal and external assurance reviews with risk management evidence.
• Track and oversee remediation of audit findings and technology‑related risk issues.
Regulatory, Policy & Standards Alignment
• Ensure IT risk practices meet regulatory and supervisory expectations (FSCA, PA, data protection, resilience).
• Monitor regulatory and industry changes affecting IT and technology risk.
• Contribute to development and upkeep of IT risk policies, standards, and procedures.
• Promote alignment to recognised frameworks such as ISO, COBIT, and NIST.
Stakeholder Engagement & Risk Enablement
• Engage with IT, Security, Enterprise Risk, Compliance, Internal Audit, and business stakeholders.
• Provide guidance on IT risk identification, assessment, and treatment.
• Promote IT risk awareness through workshops, communication, and forums.
• Act as a trusted partner while maintaining independent oversight.
• Train and support in‑country IT Risk managers/champions to ensure consistent practices.

Qualification and Experience

•    Relevant degree in Information Technology, Information Systems, Risk Management, or a related discipline. 
•    5–8 years’ experience in IT risk management, technology risk, cybersecurity risk, or IT governance. 
•    Demonstrated experience operating in a second line risk, GRC, or oversight role. 
•    Proven experience coordinating IT risk activities across multiple business units. 
•    Experience in a regulated or financial services environment is advantageous. 

Knowledge and Skills

•    Strong working knowledge of IT risk and governance frameworks (ISO 31000, ISO/IEC 27005, COBIT, NIST). 
•    Sound understanding of IT architectures, cybersecurity risks, cloud services, and third party IT risk. 
•    Ability to interpret regulatory requirements and translate them into practical risk management controls. 
•    Strong analytical, documentation, and reporting capabilities. 
•    Fluent in English, French is a benefit 
•    Excellent stakeholder engagement, facilitation, and influencing skills. 

Personal Attributes

•    Independent, objective, and confident in providing risk-based challenge. 
•    Structured, analytical, and detail oriented. 
•    Professional and credible when engaging with senior stakeholders. 
•    Pragmatic and business aware, balancing risk management with enablement. 
•    High ethical standards and integrity 

Core Competencies

Turnaround time

The shortlisting process will only start once the application due date has been reached. The time taken to complete this process will depend on how far you progress and the availability of managers. 

Build a successful career with us

We’re all about building strong, lasting relationships with our employees. We know that you have hopes for your future – your career, your personal development and of achieving great things. We pride ourselves in helping  our employees to realise their worth. Through its five business clusters – Sanlam Fintech, Sanlam Life and Savings, Sanlam Investment Group, Sanlam Allianz, Santam, as well as MiWay and the Group Office – the group provides many opportunities for growth and development.

Our commitment to transformation