Information Security Officer

About the role

Let's Write Africa's Story Together! Old Mutual is a firm believer in the African opportunity and our diverse talent reflects this. Job Description The Information Security Officer is responsible for championing and embedding the organisation's security strategy within assigned business units. The role acts as the primary security partner to business and technology leadership, translating group security objectives, policies, standards and control requirements into practical actions that support business priorities, regulatory obligations and risk reduction. The role also serves as the key conduit between the central security function and the business, providing security advisory support, driving the adoption of required controls, and influencing stakeholders to strengthen the protection of information, applications, systems and infrastructure. Group Technology & Transformation | IT Governance Risk & Compliance Job Description Governance Develop and maintain Information Security and IT Risk Policies, supporting controls catalogue and related standards across the group to manage / mitigate associated risks. Manage the capability maturity assessments of various IS and IT capabilities per the frameworks adopted (NIST, COBIT, ITIL) bi-annually drive ownership of the improvement plan to achieve agreed targets and to manage associated risks. Analyze outcomes and information to create meaningful insights, to influence focus and budget decisions where input is required. Provide feedback to senior leadership teams (Steering committees, IT leadership forums). Develops and embeds reporting structures per the Information Security and IT management requirements, aligning with Old Mutual Risk and Compliance Governance structures, for risk aggregation and concentration of Old Mutual's risk exposures. Manage and review various requests and submissions of information to group-wide cyber insurers to determine the best premium for the organisation. Educate and inform employees about our practices and standards. Regulatory Ensure that the relevant legislative and regulatory requirements are implemented and enforced in the organisation based on risk appetite, risk tolerance, and capability maturity levels (e.g., Cybercrimes Act, draft joint standard: Cybersecurity and Cyber Resilience, draft joint standard: IT Risk Management). Manage and review various requests and submissions of information to the regulator / provide commentary on draft standards issued by the regulator prior to government approval. Compliance Ensure compliance with Old Mutual's Information Security and IT requirements set out in policies, the controls catalogue, related standards, regulatory requirements, and industry guidelines. Achieve agreed policy compliance targets for the Information Security and IT risk policies. Leadership Collaborate / partner with various stakeholders at different levels across the organization (IT, Audit, Business Units, Project teams, etc.) to obtain buy-in, ensure alignment, and achieve deliverables in support of the both the IT and business strategy Lead a team of professionals and third-party service providers to achieve the agreed objectives per Old Mutual's values, timelines, and budget. Recommended or support optimisation/efficiency / enhancement opportunities aligned to the IT strategy, e.g., automation. Business Unit Security Strategy Embedment and Oversight Champion and drive the execution of the information and cybersecurity strategy within assigned business units, ensuring alignment to group security objectives, business priorities, and segment-specific risk requirements. Act as the primary security interface between assigned business units / entities and the Governance, Risk and Compliance function within the CISO office, providing trusted advice, challenge, and coordination on security priorities, risks, and decisions. Participate in design reviews and identify potential mitigation strategies for security risks. Analyze business impact and exposure based on emerging security threats. Support the strategic planning and tactical execution of information security initiatives and controls within assigned business units to improve resilience, compliance, and risk management outcomes. Work in collaboration with architects, functional domain / area specialists, and security teams to continuously validate fit-for-purpose security controls and architectures to ensure adequate security solutions are in place throughout all IT systems and platforms to mitigate identified risks sufficiently, and to meet business objectives and regulatory requirements. Facilitate and coordinate the integration of the business-related security risk requirements into the broader governance structures by initiating relevant discussions and ensuring the evidencing of key risk-related decisions. Track and report risk management trends, emerging risks, and remediation activities and provide structured monthly reporting and insi

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at oldmutual? Share your experience