Jobs in Go!

Let's Write Africa's Story Together Old Mutual is a firm believer in the African opportunity and our diverse talent reflects this. To support the Head of Governance, Risk and Compliance by embedding and maturing the Information Security and Information Technology capabilities, and posture. The candidate is primarily responsible for defining, creating and monitoring of policies, frameworks, controls and related standards in alignment with legislation, regulatory compliance and to support strategy delivery. The Information Security Officer (ISO) will support enablement and embedding of the Information Security Assessment Centre. They will provide information security risk management and cybersecurity expertise to the business segments. The ISO is expected to work independently to advise and influence technology, and business personnel regarding the safeguarding of information, applications, systems, infrastructure to manage information risks. Governance Develop and maintain Information Security and IT Risk Policies, supporting controls catalogue and related standards across the group to manage / mitigate associated risks. Design required legislative control frameworks applicable to Old Mutual. Manage the capability maturity assessments of various IS and IT capabilities per the frameworks adopted (NIST CSF, COBIT, ITIL) bi-annually drive ownership of the improvement plan to achieve agreed targets and to manage associated risks. Analyse outcomes and information to create meaning insights, to influence focus and budget decisions where input is required. Provide feedback to senior leadership teams (Steering committees, IT leadership forums). Develops and embeds reporting structures per the Information Security and IT management requirements, aligning with Old Mutual Risk and Compliance Governance structures, for risk aggregation and concentration of Old Mutual's risk exposures. Manage and review various requests and submission of information to group wide cyber insurers to determine the best premium for the organisation. Educate and inform employees about our practices and standards. Regulatory Ensure that the relevant legislative and regulatory requirements are implemented and enforced in the organisation based on risk appetite, risk tolerance and capability maturity levels (e.g., Cybercrimes Act, joint standard: Cybersecurity and Cyber Resilience, joint standard: IT Governance and Risk Management). Manage and review various requests and submission of information to the regulator / provide commentary on draft standards issues by the regulator prior to government approval. Compliance Ensure compliance with Old Mutual's Information Security and IT requirements set out in policies, the controls catalogue, related standards, regulatory requirements, and industry guidelines. Achieve agreed policy compliance targets for the Information Security and IT risk policies. Leadership Collaborate / partner with various stakeholders at different levels across the organisation (IT, Audit, Business Units, Project teams, etc.) to obtain buy-in, ensure alignment and achieve deliverables. Manage and lead an internal team of professionals, third party service providers to achieve the agreed objectives per Old Mutual's values, timelines, and budget. Recommended or support optimisation / efficiency / enhancement opportunities aligned to the IT strategy, e.g., automation. Business Segment Risk Embedment and Oversight To lead and shape the Information/Cybersecurity initiatives and support business segments in the implementation and execution of the Information/Cybersecurity framework, policies, and reporting of all segment specific Information/Cybersecurity elements. Act as a primary interface between business segments and the CISO Office. Participate in design reviews and identify potential mitigation strategies for security risks. Review and/or analyse business impact and exposure based on emerging security threats. Assists with the strategic planning and tactical execution of information security controls. Work closely with architects, functional area specialists, and security staff to ensure adequate security solutions are in place throughout all IT systems and platforms to mitigate identified risks sufficiently, and to meet business objectives and regulatory requirements. Facilitates and co-ordinates the integration of the business -related security risk requirements into the broader governance structures, by initiating relevant discussions, and ensuring the evidencing of key risk-related decisions. Tracks and reports risk management trends, opportunities and remediation monthly, and provides updates to the business segments and the CISO Office Ensure delivery of the IT/IS service catalogue and business demand management through the central ITSM, GRC and IRM capabilities, and produce monthly reporting insights that inform continuous improvement initiatives for the CISO Office. Manage stakeholders at all levels, ensuring strong relationships are built and maintained. Instil confidence across the business that information security risks are identified and mitigated Requirements: Relevant tertiary qualification (Degree / Honours) in Information Technology, IT Auditing, IT Risk, IT or Operational Compliance, IT Governance or equivalent. 6 - 8 years of experience in Information Technology, Information/Cyber Security, IT Auditing, IT or Operational Risk, IT Compliance, or IT Governance. 2 - 4 years managerial / leadership experience. Strong understanding of IT Governance frameworks, methodologies, and related standards. At least two relevant industry certifications: ISO27001/27002, COBIT 5/2019, CISM, CRISC, CGEIT, CGRC etc. Cloud Certifications an advantage: AWS Cloud Practitioner, AWS Certified Security - Specialty or related. Agile training and knowledge of Agile Frameworks. Strong analytical & problem-solving skills and facilitation, negotiation, conflict resolution skills. Excellent written & oral communication and networking skills A motivated self-starter, capable of working on own initiative with a high level of integrity. A resourceful, proactive, and confident communicator ensuring adequate quality and timely deliverables. Ability to work professionally and constructively as a leader and team member providing advice and consultancy. ADDITIONAL QUALIFICATIONS/EXPERIENCE (PREFERRED, NOT A REQUIREMENT) Proficient in MS Suite (Excel, Word, Visio and PowerPoint) A background in audit, assurance within financial services. Makes increased contributions by broadening individual skills Skills Education Closing Date 30 March 2024 The appointment will be made from the designated group in line with the Employment Equity Plan of Old Mutual South Africa and the specific business unit in question. Old Mutual Limited is pro-vaccination and encourages its workforce to be fully vaccinated against Covid-19. All prospective employees are required to disclose their vaccination status as part of the recruitment process. Please refer to the Old Mutual's Covid-19 vaccination policy for further detail. Kindly note that Old Mutual reserves the right to reinstate the requirement to vaccinate at any point if it is of the view that it is imperative to do so. The Old Mutual Story Apply Now

---

Want to do another search?

Jobs in Go!