Third Party Risk Manager

Santam Group has a career opportunity for a Third-Party Risk Manager in the Santam Technology Services (STS) department which will be based at Santam Head Office in Bellville in the Western Cape.

The primary responsibility of the Third-Party Risk Manager:

• Implement the Third-Party Governance and Risk Management Framework in alignment with the System of Governance for IT across the Santam Group.
• Assist in designing and implementing policies, standards, and procedures to protect sensitive data and ensure operational continuity.
• Identifying, monitoring and responding to third-party incidents and risks, and advising management on mitigation strategies.
• Assist with the preparation of the Santam Group IT Governance, Risk and Information Security Report for the Santam Risk Committee and Board.
• Prepare the Third-Party IT-related risks
• Conduct regular training and awareness sessions (in person, virtual or training material) regarding third-party risk management and the roles the various parties play in the management of IT Risk at third parties.

• CISA / CRISC or CCSP or similar certification
• 3 to 5 years of IT Audit / IT Risk Management / Third-Party Risk Management work experience
• Solid technical skills around IT and cybersecurity controls.

• Stakeholder Engagement: Skill in engaging and building rapport with stakeholders at all levels, effectively communicating third-party IT risk management concepts and concerns.
• Persuasion: Promoting a risk-conscious culture across the organisation.

• Cross-Functional Collaboration: Proficiency in collaborating with diverse teams, including IT, legal, compliance, and the business units.
• Build Partnerships: Building partnerships and working collaboratively with others to meet shared objectives.
• Team Leadership: Ability to lead, motivate, and manage the various teams, fostering a collaborative and high-performance work environment. Be a team player and willingness to assist others as well as ability to work independently.

• Adaptability: Ability to adapt to change and challenges. Ability to rebound from setbacks and adversity when facing difficult situations.
• Continuous Improvement: Eagerness to stay updated with trends and a commitment to ongoing self-improvement.

• Curiosity and Open-Mindedness: Demonstrating a willingness to learn, adapt, and explore new concepts.

• Education and Training: Capability to educate employees about risks, fostering a culture of risk awareness.

• Regulatory Awareness: Understanding of relevant legislation that has a bearing on IT matters, industry regulations, and compliance requirements relevant to the organization's industry.

• Conflict Management: Skill in resolving conflicts and disagreements constructively.