OM Bank: Head IT GRC (Governance, Risk and Compliance)

Let's Write Africa's Story Together!

Old Mutual is a firm believer in the African opportunity and our diverse talent reflects this.

Job Description

We are seeking a dynamic and experienced Head to lead and mature our First Line of Defense of IT GRC capabilities. This role is critical in embedding robust governance, risk management, and compliance practices directly into the IT operations.

The successful candidate will serve as the primary interface between IT teams and second-line oversight and third line functions (e.g., enterprise risk, compliance, internal audit), ensuring that risk is proactively managed and aligned with corporate objectives.

KEY RESULT AREAS

Delivery of Services

IT GRC Leadership & Strategy

· Develop and implement first-line GRC frameworks aligned with enterprise-wide policies and regulatory standards. ·

 Serve as the GRC lead within the IT units, championing a culture of risk awareness, ethical conduct, and compliance.

· Serve as a trusted advisor to the CIO, CRO, and executive leadership on IT risk and compliance matters.

· Work closely with information security, internal audit, operations, and product teams.

· Promote a culture of risk awareness and compliance across technology functions.

 IT Risk Management

· Identify, assess, and monitor IT and cyber risks across the organization.

· Lead the development of risk mitigation strategies and track remediation efforts.

· Oversee regular risk assessments, audits, and penetration testing.

 IT Governance & Controls

· Ensure robust internal controls are implemented and adhered to across operational and IT processes.

· Establish IT controls and assurance mechanisms that support strategic business goals.

· Define and maintain IT governance frameworks, policies, and procedure

 · Support internal and external audits, regulatory inspections, and compliance reviews.

IT Compliance & Regulatory Adherence

· Ensure compliance with applicable laws, regulations, and standards (e.g., POPIA ,PCI-DSS, local financial regulatory frameworks).

· Lead the preparation and response to regulatory inspections and IT audits.

· Collaborate with legal and compliance teams to interpret new regulations and drive implementation.

Incident Management & Reporting:

· Oversee IT incident response and ensure timely escalation and root cause analysis.

· Provide regular risk, compliance, and control performance reports to executive leadership and the board.

Reporting & Communication

· Prepare GRC reports, dashboards, and key risk indicators (KRIs) for senior leadership.

· Act as a liaison between IT teams and second/third line functions (e.g., Compliance, Risk, Audit).  

Training & Awareness

· Lead GRC training and awareness initiatives for IT teams. · Promote continuous improvement in risk and compliance capabilities through education and engagement.

ROLE REQUIREMENTS

Qualifications & Professional Affiliations

•  Relevant University Degree & Professional Qualification.
•  Risk related degree, CISA, CGEIT and/or CRISC advantageous.

Experience:

• 10+ years of experience in IT governance, risk management, and compliance roles, preferably within the financial services or digital banking sector.
• Deep knowledge of regulatory and cybersecurity frameworks · Strong leadership, communication, and stakeholder management skills.

Skills

Action Planning, Adaptive Thinking, Business Requirements Analysis, Change Management, Current State Analysis, Management Accounting, Oral Communications, Organization Design and Development, Planning and organisational skills, Policies & Procedures, Presenting Solutions, Strategic Planning

Competencies

Education

Closing Date

24 July 2025 , 23:59

The appointment will be made from the designated group in line with the Employment Equity Plan of Old Mutual South Africa and the specific business unit in question.

The Old Mutual Story!