Cyber Security Vulnerability & Tech Compliance Manager JG6
Sanlam
- Bellville, Cape Town
- Permanent
- Full-time
- Receive weekly Qualys scans of IT systems, networks, and applications for internal and external vulnerabilities uploaded to the QlikView reporting system.
- Prioritise the vulnerabilities from most critical too least threatening.
- Conduct weekly meetings with accountable departments to highlight, prioritise and solution their vulnerabilities.
- Design a process for the departments to accept responsibility and commit to a timeline in which they will resolve and fix the vulnerability.
- Keep track of commitments and escalate to senior management as required.
- Promote these vulnerabilities to risks in the Cura system should the outstanding time reach the threshold.
- Develop and implement a comprehensive technical compliance program based on relevant industry standards and regulations.
- Ensure alignment with frameworks such as ISO 27001, NIST, GDPR, HIPAA, or other applicable standards depending on the industry.
- Conduct regular compliance audits and assessments to verify adherence to established technical standards and policies.
- Provide guidance to cross-functional teams on compliance requirements and assist in the resolution of compliance-related issues.
- Coordinate and oversee the deployment of security patches and updates to address vulnerabilities promptly. This is done in conjunction with infrastructure management and our service provider.
- Establish and maintain a structured process for patch management, ensuring minimal disruption to ongoing operations.
- Support the implementation of patch management using tools implemented by our services providers.
- Collaborate with the incident response team to develop and enhance incident response plans related to vulnerabilities.
- Participate in the investigation and resolution of security incidents related to vulnerabilities.
- Maintain detailed records of vulnerabilities, assessments, and compliance activities.
- Generate and present regular reports on the status of vulnerabilities, compliance posture, and remediation progress to key stakeholders.
- Conduct training sessions to educate employees on security best practices and compliance requirements.
- Foster a culture of security awareness and compliance throughout the organization.
- Evaluate and enhance security and compliance processes continually.
- Stay abreast of emerging technologies and industry trends to recommend and implement improvements to the organization's security posture.
- Bachelor's degree in information security, Computer Science, or a related field.
- Professional certifications such as CISSP, CISM, or equivalent.
- 5 years of experience in vulnerability management, technical compliance, and information security.
- 5 years of strong knowledge of security frameworks, standards, and regulations.
- Familiarity with security technologies and tools, including vulnerability scanning tools.
- Excellent communication and collaboration skills.
- Ability to work effectively in a dynamic and fast-paced environment.
- Building and maintaining relationships.
- Teamwork and ability to function independently.
- Facilitation Skills.
- Adaptability.
- Attention to detail.
- Planning and organising.
- Ability to work independently.
- Interpersonal savvy.
- Decision quality.
- Plans and aligns.
- Optimises work processes.
- Being resilient.
- Collaborates.
- Cultivates innovation.
- Customer focus.
- Drives results.
- Curiosity and Open-Mindedness
- Negotiation
- Reporting and Administration
- Honesty, integrity, and respect.
- Positive, enthusiastic, can-do attitude.
- Ability to co-operate and thrive both within an independent and team environment.
- Project Management.
- Reporting and Administration.
- Business Requirements Definition.
- Compliance Monitoring.