Job Description

Let's Write Africa's Story Together!

Old Mutual is a firm believer in the African opportunity and our diverse talent reflects this.

The Information Security Officer is responsible for championing and embedding the organisation’s security strategy within assigned business units. The role acts as the primary security partner to business and technology leadership, translating group security objectives, policies, standards and control requirements into practical actions that support business priorities, regulatory obligations and risk reduction. The role also serves as the key conduit between the central security function and the business, providing security advisory support, driving the adoption of required controls, and influencing stakeholders to strengthen the protection of information, applications, systems and infrastructure.

Group Technology & Transformation | IT Governance Risk & Compliance

Governance

• Develop and maintain Information Security and IT Risk Policies, supporting controls catalogue and related standards across the group to manage / mitigate associated risks.

• Manage the capability maturity assessments of various IS and IT capabilities per the frameworks adopted (NIST, COBIT, ITIL) bi-annually drive ownership of the improvement plan to achieve agreed targets and to manage associated risks.

• Analyze outcomes and information to create meaningful insights, to influence focus and budget decisions where input is required.

• Provide feedback to senior leadership teams (Steering committees, IT leadership forums).

• Develops and embeds reporting structures per the Information Security and IT management requirements, aligning with Old Mutual Risk and Compliance Governance structures, for risk aggregation and concentration of Old Mutual’s risk exposures.

• Manage and review various requests and submissions of information to group-wide cyber insurers to determine the best premium for the organisation.

• Educate and inform employees about our practices and standards.

Regulatory

• Ensure that the relevant legislative and regulatory requirements are implemented and enforced in the organisation based on risk appetite, risk tolerance, and capability maturity levels (e.g., Cybercrimes Act, draft joint standard: Cybersecurity and Cyber Resilience, draft joint standard: IT Risk Management).

• Manage and review various requests and submissions of information to the regulator / provide commentary on draft standards issued by the regulator prior to government approval.

Compliance

• Ensure compliance with Old Mutual’s Information Security and IT requirements set out in policies, the controls catalogue, related standards, regulatory requirements, and industry guidelines.

• Achieve agreed policy compliance targets for the Information Security and IT risk policies.

Leadership

• Collaborate / partner with various stakeholders at different levels across the organization (IT, Audit, Business Units, Project teams, etc.) to obtain buy-in, ensure alignment, and achieve deliverables in support of the both the IT and business strategy

• Lead a team of professionals and third-party service providers to achieve the agreed objectives per Old Mutual’s values, timelines, and budget.

• Recommended or support optimisation/efficiency enhancement opportunities aligned to the IT strategy, e.g., automation.

Business Unit Security Strategy Embedment and Oversight

• Champion and drive the execution of the information and cybersecurity strategy within assigned business units, ensuring alignment to group security objectives, business priorities, and segment-specific risk requirements.

• Act as the primary security interface between assigned business units / entities and the Governance, Risk and Compliance function within the CISO office, providing trusted advice, challenge, and coordination on security priorities, risks, and decisions.

• Participate in design reviews and identify potential mitigation strategies for security risks.

• Analyze business impact and exposure based on emerging security threats.

• Support the strategic planning and tactical execution of information security initiatives and controls within assigned business units to improve resilience, compliance, and risk management outcomes.

• Work in collaboration with architects, functional domain / area specialists, and security teams to continuously validate fit-for-purpose security controls and architectures to ensure adequate security solutions are in place throughout all IT systems and platforms to mitigate identified risks sufficiently, and to meet business objectives and regulatory requirements.

• Facilitate and coordinate the integration of the business-related security risk requirements into the broader governance structures by initiating relevant discussions and ensuring the evidencing of key risk-related decisions.

• Track and report risk management trends, emerging risks, and remediation activities and provide structured monthly reporting and insights to the Security team to support risk-informed decision-making and continuous improvement.

• Establish and maintain operational reporting, issue management, and problem resolution processes to ensure timely remediation of security control defiencies and drive continuous improvement in effectiveness, evolution and maturity of Information security services.

• Manage and influence stakeholders across assigned business units, building strong relationships and enable business confidence to promote a security-aware culture that ensures material information security risks are effectively identified, understood, and addressed.

Qualifications, Experience and Skills

• Relevant tertiary qualification (Degree / Honours) in Information Security, Cybersecurity, Information Technology, IT Risk, IT Governance, IT Audit, or a related discipline.

• 8 - 10 years of experience in information security, cybersecurity, IT risk, technology governance, security assurance, or related control functions, including experience partnering with business and technology stakeholders.

• Demonstrated experience leading security initiatives, coordinating cross-functional stakeholders, and influencing delivery across business and technology teams.

• Experience in analyzing security and assurance reports, including penetration testing reports, vulnerability assessments, and SOC 2 Type 2 Reports, etc.

• Strong understanding of information security risk management frameworks, control design, security governance practices, and third-party security risk management.

• Strong understanding of information security governance frameworks, regulatory requirements, and industry good practice, including standards such as NIST CSF, ISO/IEC 27001, COBIT and related control frameworks.

• Relevant professional certifications such as CISSP, CISM, CRISC, CISA, ISO/IEC 27001, or equivalent will be advantageous.

• Cloud Certifications an advantage, such as AWS Cloud Practitioner, AWS Certified Security – Specialty or equivalent.

• Working understanding of cloud services and associated security best practices.

• Knowledge of Agile methodologies and frameworks.

• Strong analytical & problem-solving skills with the ability to facilitate, negotiate, resolve conflict.

• Excellent written & verbal communication skills, with strong stakeholder management and networking capability

• A motivated self-starter with an ability to work independently and demonstrate high level of integrity, accountability and professionalism.

• Resourceful, proactive, and confident communicator, with a strong focus quality and timely deliverables.

• Ability to operate effectively as both a leader and team member, providing trusted advisory and consultancy support .

Skills

Business Requirements Analysis, Confidentiality, Current State Assessment, Database Administration, Database Queries, Database Reporting, Data Classification, Data Compilation, Data Compression, Data Controls, Data Encoding, Data Modeling, Executing Plans, Gateway Servers, IT Architecture

Competencies

Action OrientedBuilds Effective TeamsCommunicates EffectivelyCultivates InnovationEnsures AccountabilityManages ComplexityOptimizes Work ProcessesPersuades

Education

NQF Level 7 - Degree, Advance Diploma or Postgraduate Certificate or equivalent

Closing Date

02 July 2026 , 23:59

The appointment will be made from the designated group in line with the Employment Equity Plan of Old Mutual South Africa and the specific business unit in question.

The Old Mutual Story!