Head of Information Technology Governance, Risk Management, Compliance & Security

Lets Write Africas Story Together!

Old Mutual is a firm believer in the African opportunity and our diverse talent reflects this.

Job Description

This role combines the strategic management of IT governance risk management compliance and cybersecurity with the operational leadership expected of a Chief Information Security Officer (CISO). The incumbent will define and execute a comprehensive GRC&S strategy that aligns with enterprise objectives regulatory requirements and evolving cyber threats.

This role will provide thought leadership on IT governance with a focus on how it will evolve as the organisation grows and is accountable to execute tactical initiatives within the OM Insure Group that is aligned to achieving the requirements of the Old Mutual Group Governance Framework.

IT Governance

• Manage and lead the IT governance process including adherence to policy procedures and standards across the organisation.
• Conduct assessment / review of IT processes and controls as part of first line assurance activities recommending actions for improvement using relevant reference frameworks.

Risk Management

• Conduct regular risk assessments to identify evaluate and prioritise IT and security risks.
• Assist risk owners in developing and implementing relevant risk treatment strategies to enable effective risk management.
• Oversee third-party risk management from an IT perspective and assist in the completion of third-party security assessments where required and relevant.

Compliance and Regulatory Adherence

• Oversee and assist in defining processes and controls to achieve compliance with internal policies local and international regulations.
• Maintain documentation and evidence to demonstrate compliance with local and international regulations.
• Facilitate internal and external audit processes as well as the timely and sustainable remediation of audit findings.

Information Security Strategy & Governance

• Define implement and maintain an enterprise-wide information security strategy aligned with business goals and regulatory frameworks.
• Establish maintain and enforce security governance frameworks policies and procedures to enable compliance and risk management.
• Develop deploy and maintain a Security Operating Model and RACI to clarify roles and responsibilities across IT Legal Enterprise Risk Management and Business Units.

Security Architecture and Technology Oversight

• Oversee the design and implementation of secure IT architectures including cloud network and application security.
• Evaluate and manage security technologies and tools.
• Ensure integration of security into system and software development practices.

Incident Response and Threat Management

• Develop maintain and test incident response plans to manage and contain security breaches.
• Lead the Security Operations Centre (SOC) threat detection and threat hunting functions.
• Coordinate post-incident reviews and ensure lessons learned are integrated into future prevention strategies.
• Co-ordinate plans and activities with other CTOs in the organisation and the Business / Operational Resilience teams in second line.

Data Protection and Privacy

• Implement controls to protect sensitive data from unauthorised access breaches and loss.
• Ensure alignment with data privacy laws and internal data classification standards.

Awareness Training and Culture

• Lead enterprise-wide security awareness and training programs.
• Foster a culture of security and compliance through engagement and education.

Leadership and Stakeholder Engagement

• Lead and mentor cross-functional teams across IT GRC cybersecurity and compliance domains.
• Engage with executive leadership regulators and relevant Board committees to report on IT GRC&S strategic initiatives results and achievements.
• Represent the organisation in industry forums and regulatory engagements.

Ensure cost efficiency through sound financial management

• Contribute to the development and implementation of fit for purpose budgets.
• Manage supplier relationships and budgets associated with IT GRC&S projects.

Nurture a culture of high performance

• Align own behaviour with the organisations culture and values.

Build a culture where unique employee experiences can be created new work experiences can be designed deep business know-how and experiences are openly shared new ideas are encouraged without fear of reprisal and employees feel inspired to enable positive futures through coaching and mentoring.

Minimum Requirements:

• Bachelors or Masters degree in Information Security Risk Management or related field.
• 10 years of experience in IT governance cybersecurity and compliance with at least 5 years in a senior leadership role.
• At least 3 years experience as a leader in an IT governance operational risk management or compliance function within the Financial Services industry.
• Certifications such as CISSP CISM CRISC CGEIT or CISA are strongly preferred.
• Proven experience in leading security operations managing audits and implementing enterprise-wide GRC frameworks.
• Working knowledge of COBIT and ITIL would be advantageous.

Skills

Action Planning Adaptive Thinking Business Requirements Analysis Change Management Current State Analysis Management Accounting Oral Communications Organization Design and Development Planning and organisational skills Policies & Procedures Presenting Solutions Strategic Planning

Competencies

Education

Bachelor of Commerce (BCom): ManagementInformation Systems & Technology (Required) Bachelor of Commerce (BCom): Risk Management (Required) NQF Level 9 Masters (Required)

Closing Date

28 July 2025 23:59

The appointment will be made from the designated group in line with the Employment Equity Plan of Old Mutual South Africa and the specific business unit in question.

The Old Mutual Story!