Head of Information Technology Governance, Risk Management, Compliance & Security

Let's Write Africa's Story Together!

Old Mutual is a firm believer in the African opportunity and our diverse talent reflects this.

Job Description

This role combines the strategic management of IT governance, risk management, compliance, and cybersecurity with the operational leadership expected of a Chief Information Security Officer (CISO). The incumbent will define and execute a comprehensive GRC&S strategy that aligns with enterprise objectives, regulatory requirements, and evolving cyber threats.

This role will provide thought leadership on IT governance, with a focus on how it will evolve as the organisation grows, and is accountable to execute tactical initiatives within the OM Insure Group that is aligned to achieving the requirements of the Old Mutual Group Governance Framework.

IT Governance

• Manage and lead the IT governance process including adherence to policy, procedures and standards across the organisation.
• Conduct assessment / review of IT processes and controls as part of first line assurance activities, recommending actions for improvement using relevant reference frameworks.

Risk Management

• Conduct regular risk assessments to identify, evaluate, and prioritise IT and security risks.
• Assist risk owners in developing and implementing relevant risk treatment strategies to enable effective risk management.
• Oversee third-party risk management from an IT perspective and assist in the completion of third-party security assessments where required and relevant.

Compliance and Regulatory Adherence

• Oversee and assist in defining processes and controls to achieve compliance with internal policies, local and international regulations.
• Maintain documentation and evidence to demonstrate compliance with local and international regulations.
• Facilitate internal and external audit processes, as well as the timely and sustainable remediation of audit findings.

Information Security Strategy & Governance

• Define, implement and maintain an enterprise-wide information security strategy aligned with business goals and regulatory frameworks.
• Establish, maintain and enforce security governance frameworks, policies, and procedures to enable compliance and risk management.
• Develop, deploy, and maintain a Security Operating Model and RACI to clarify roles and responsibilities across IT, Legal, Enterprise Risk Management, and Business Units.

Security Architecture and Technology Oversight

• Oversee the design and implementation of secure IT architectures, including cloud, network, and application security.
• Evaluate and manage security technologies and tools.
• Ensure integration of security into system and software development practices.

Incident Response and Threat Management

• Develop, maintain, and test incident response plans to manage and contain security breaches.
• Lead the Security Operations Centre (SOC), threat detection, and threat hunting functions.
• Coordinate post-incident reviews and ensure lessons learned are integrated into future prevention strategies.
• Co-ordinate plans and activities with other CTO’s in the organisation and the Business / Operational Resilience teams in second line.

Data Protection and Privacy

• Implement controls to protect sensitive data from unauthorised access, breaches, and loss.
• Ensure alignment with data privacy laws and internal data classification standards.

Awareness, Training, and Culture

• Lead enterprise-wide security awareness and training programs.
• Foster a culture of security and compliance through engagement and education.

Leadership and Stakeholder Engagement

• Lead and mentor cross-functional teams across IT GRC, cybersecurity, and compliance domains.
• Engage with executive leadership, regulators, and relevant Board committees to report on IT GRC&S strategic initiatives, results and achievements.
• Represent the organisation in industry forums and regulatory engagements.

Ensure cost efficiency through sound financial management

• Contribute to the development and implementation of fit for purpose budgets.
• Manage supplier relationships and budgets associated with IT GRC&S projects.

Nurture a culture of high performance

• Align own behaviour with the organisations culture and values.

Build a culture where unique employee experiences can be created, new work experiences can be designed, deep business “know-how” and experiences are openly shared, new ideas are encouraged without fear of reprisal, and employees feel inspired to enable positive futures through coaching and mentoring.

Minimum Requirements:

• Bachelor’s or Master’s degree in Information Security, Risk Management, or related field.
• 10+ years of experience in IT governance, cybersecurity, and compliance, with at least 5 years in a senior leadership role.
• At least 3 years’ experience as a leader in an IT governance, operational risk management, or compliance function within the Financial Services industry.
• Certifications such as CISSP, CISM, CRISC, CGEIT, or CISA are strongly preferred.
• Proven experience in leading security operations, managing audits, and implementing enterprise-wide GRC frameworks.
• Working knowledge of COBIT and ITIL would be advantageous.

Skills

Action Planning, Adaptive Thinking, Business Requirements Analysis, Change Management, Current State Analysis, Management Accounting, Oral Communications, Organization Design and Development, Planning and organisational skills, Policies & Procedures, Presenting Solutions, Strategic Planning

Competencies

Education

Bachelor of Commerce (BCom): Management,Information Systems & Technology (Required), Bachelor of Commerce (BCom): Risk Management (Required), NQF Level 9 – Masters (Required)

Closing Date

28 July 2025 , 23:59

The appointment will be made from the designated group in line with the Employment Equity Plan of Old Mutual South Africa and the specific business unit in question.

The Old Mutual Story!