Cyber Security Risk Specialist

Let's Write Africa's Story Together!

Old Mutual is a firm believer in the African opportunity and our diverse talent reflects this.

Job Description

Position Overview:

We are seeking a proactive and detail-oriented Cyber Security Risk Specialist to join our Cyber Security team. Reporting to the Cyber Risk Lead, you will be responsible for assessing and ensuring the effectiveness of controls in our cloud environment, performing comprehensive security due diligence reviews, and conducting ongoing security posture monitoring of new and existing third-party vendors.

Key Responsibilities:

• Perform security risk assessments on the organization’s cloud infrastructure to ensure controls are in place and effective.
• Conduct third-party security due diligence reviews for new vendors and ongoing assessments for existing vendors.
• Collaborate with cross-functional teams to identify and mitigate security risks in the supply chain and cloud environment.
• Maintain and improve the third-party risk management framework, ensuring compliance with internal policies and external regulations.
• Develop and present risk assessment reports to stakeholders, providing actionable recommendations.
• Monitor the security posture of third-party vendors through continuous assessment processes and industry-standard tools.
• Support incident response activities related to third-party vendors and cloud environments.
• Keep up-to-date with emerging cyber threats, technologies, and regulatory changes affecting third-party risk management.

Key Performance Indicators (KPIs):

• Risk Assessment Completion Rate: Complete 100% of scheduled third-party and cloud risk assessments within the designated timeframes.
• Risk Mitigation Effectiveness: Achieve a reduction in identified high-risk issues by at least 80% within six months of discovery.
• Vendor Compliance Rate: Ensure at least 95% of third-party vendors meet the organization’s security requirements.
• Incident Response Timeliness: Respond to third-party and cloud-related security incidents within the defined SLA (e.g., 4 hours for critical incidents).
• Audit Readiness: Maintain 100% readiness for internal and external audits with no major findings related to third-party or cloud security controls.
• Stakeholder Satisfaction: Achieve high satisfaction scores of in  performance feedback surveys.

Qualifications:

• Bachelor’s degree in Cyber Security, Information Technology, or a related field.
• Relevant certifications (e.g., CISSP, CISM, CRISC, CCSK, or equivalent) are highly desirable.
• Minimum of 3-5 years of experience in cyber security risk management, with a focus on cloud environments and third-party risk.
• Understanding of cloud security frameworks (AWS) and third-party risk management processes.
• Experience with security assessment tools, cloud security monitoring solutions, and regulatory compliance standards.
• Excellent analytical, communication, and stakeholder management skills.
• Ability to work independently and collaboratively in a fast-paced environment.

Why Join Us?

• Opportunity to work with cutting-edge cloud technologies in the digital banking sector.
• Collaborative and innovative work environment.
• Competitive salary and comprehensive benefits package.
• Professional development and continuous learning opportunities.
• Be part of a team that values integrity, transparency, and excellence in cyber security.

The appointment will be made from the designated group in line with the Employment Equity Plan of Old Mutual South Africa and the specific business unit.

Designs and builds the organisation's cybersecurity systems and infrastructure. Provides specialist knowledge on maintaining a secure cyber security framework. Analyses and monitors the organisation’s cybersecurity measures and responds to actual penetration attempts by malicious hackers.

Responsibilities

Information Security

Lead in detecting and analyzing security incidents, including attacks, breaches, and identified vulnerabilities, and remediate any security gaps in line with the security incident management procedure.

Company Data Protection

Design and implement disaster recovery and contingency plans to protect company data.

Horizon Scanning

Explore and develop a detailed understanding of external developments or emerging issues and evaluate their potential impact on, or usefulness to, the organization.

Data Exploration

Conduct research and select relevant information to enable analysis of key themes and trends using primary data sources and business intelligence tools.

Policies and Procedures Development

Contribute to the drafting of policies, procedures, and related guidelines within an area of expertise to meet defined key principles and ensure compliance with external requirements.

Business Requirements Identification

Collect business requirements using a variety of methods, such as interviews, document analysis, workshops, and workflow analysis, to express the requirements in terms of target user roles and goals.

Faults Diagnosis and Correction

Provide fault isolation and resolution for complex challenges to limit and address issues promptly.

Technical Developments Recommendation

Discuss and recommend technical developments to improve the quality of the website/portal/applications software and supporting infrastructure to better meet users’ needs.

Operational Compliance

Maintain and renew a deep knowledge and understanding of the organization's policies and procedures and of relevant regulatory codes and codes of conduct, and ensure own work adheres to required standards. Or identify, within the team, patterns of noncompliance with the organization's policies and procedures and with relevant regulatory codes and codes of conduct, taking appropriate action to report and resolve these and escalating issues as appropriate.

Database Specifications

Contribute to the approval process for database specifications to ensure all agreed standards and protocols are followed and data integrity is preserved.

Personal Capability Building

Develop own capabilities by participating in assessment and development planning activities as well as formal and informal training and coaching; gain or maintain external professional accreditation, where relevant, to improve performance and fulfill personal potential. Maintain an in-depth understanding of technology, external regulation, and industry best practices through ongoing education, attending conferences, and reading specialist media.

Skills

Adaptive Thinking, Application Development, Computer Literacy, Confidentiality, Data Compilation, Data Compression, Data Controls, Data Modeling, Data Privacy, Data Recovery, Digital Literacy, Gateway Servers, IT Network Security, Probing Questions, Test Case Management

Competencies

Action Oriented

Communicates Effectively

Cultivates Innovation

Ensures Accountability

Manages Complexity

Nimble Learning

Optimizes Work Processes

Persuades

Education

Closing Date

04 March 2025 , 23:59

The appointment will be made from the designated group in line with the Employment Equity Plan of Old Mutual South Africa and the specific business unit in question.

Old Mutual Limited is pro-vaccination and encourages its workforce to be fully vaccinated against Covid-19.

All prospective employees are required to disclose their vaccination status as part of the recruitment process.

Please refer to the Old Mutual’s Covid-19 vaccination policy for further detail. Kindly note that Old Mutual reserves the right to reinstate the requirement to vaccinate at any point if it is of the view that it is imperative to do so.

The Old Mutual Story!