Chief Information Security Officer

Job Description

We are representing a cornerstone of the South African financial services landscape with a legacy spanning over a century. As a mission-driven trusted service provider our client is dedicated to delivering value and security to its members. This is an opportunity to join an organisation that prides itself on strong values employee development and rewarding excellent performance while leading a critical function in a stable and respected institution.

As the new Chief Information Security Officer you will inherit the critical mission of evolving and leading the enterprise-wide cybersecurity strategy for the entire Group. This is not a maintenance role. You will be the central figure in protecting the organizations digital assets systems and data against an ever-evolving threat landscape. Your success will be measured by your ability to balance robust security with business innovation ensuring the company can confidently adopt new technologies while strengthening its reputation as a secure and trustworthy partner for its clients.

Performance Objectives for Year One

Success in this role will be defined by achieving the following key outcomes within the first 12 months:

• Develop and Launch the Next-Generation Security Strategy: Within the first nine months conduct a comprehensive review of the current security posture and develop gain executive approval for and begin executing a future-focused information security strategy. This strategy must align with the Groups business goals and securely enable key digital innovation initiatives including the adoption of cloud AI and advanced data analytics.
• Lead a Comprehensive Compliance & Governance Overhaul: Drive a thorough assessment of all information security policies and controls to ensure robust compliance with key regulations and standards including POPIA GDPR and ISO 27001. You will lead all related initiatives to mitigate gaps and successfully guide the organization through all security and compliance audits within the first year.
• Strengthen Cyber Resilience and Incident Response: Within the first six months lead the project to re-engineer test and enforce a modernized Cyber Incident Response Plan (CIRP) and disaster recovery framework. The goal is to create a highly responsive capability that demonstrably minimizes legal reputational and financial risk from potential cyber threats like ransomware and data breaches.
• Build a Company-Wide Culture of Security Awareness: Design and implement a new engaging cybersecurity awareness and training program that extends to all departments. Success will be measured by a significant verifiable increase in employee vigilance and a corresponding reduction in user-related security incidents.
• Architect Security for Key Technology Transformation: Serve as the primary security advisor and architect for the enterprise. You will collaborate with ICT and business leaders to embed security-by-design principles into the adoption of new technologies ensuring the secure deployment of new cloud services IAM solutions and data platforms.

Profile for Success

To accomplish these objectives you will need a track record of past performance including:

• Demonstrated experience developing and executing an enterprise-level information security strategy in a complex organization preferably within the financial services or insurance sectors.
• Proven success in leading compliance initiatives for frameworks such as ISO 27001 POPIA or GDPR.
• A history of architecting and maturing an organizations cyber defense and incident response capabilities.
• Experience leading complex cross-functional technology projects where you were the senior-most security leader.
• Tangible examples of having built a security-conscious culture through effective training and stakeholder communication.
• Professional certifications such as CISSP CISM or CISA are highly indicative of the required expertise.