Old Mutual is a firm believer in the African opportunity and our diverse talent reflects this.
Job Description
The CISO oversees Old Mutual’s information, cyber and technology security strategy, vision, and implementation. The CISO's responsibilities include developing, implementing, and enforcing security policies to protect critical organization data.
The Chief Information Security Officer (CISO) will be a thought leader in the area of information security for the organization. The CISO will establish information security strategy for the organization and direct the implementation and monitoring of information security standards and policies. The CISO will provide information security guidance to executive leadership within the organization by recommending information security investments which mitigate risks, strengthen defenses, and reduce vulnerabilities for development, internal and client-facing systems and products. This role is part of the leadership team of Operations and Corporate Governance across OML. The role is accountable for achieving strategic objectives through other managers and their teams over periods of 3 to 5 years.
Key Responsibilities
- Information security strategy and governance: Develop and implement an information security strategy that aligns with Old Mutual’s overall business goals and objectives. Establish and enforce security governance frameworks, policies, and procedures to ensure compliance and risk management.
- Risk management: Oversee the regular conduct of risk assessments to identify, evaluate, and prioritize security risks to Old Mutual. Develop and implement risk mitigation strategies and controls to address identified security risks and vulnerabilities.
- Incident management and response: Develop, maintain, and test an incident response plan to address and manage security incidents effectively. Lead and coordinate the response to security incidents, including communication with stakeholders and external parties.
- Compliance and regulatory adherence: Ensure compliance with relevant laws, regulations, and industry standards related to information security.
- Security architecture and technology: Design and oversee the implementation of security architecture to protect Old Mutual’s information systems and data. Evaluate, select, and manage security technologies and solutions that support Old Mutual’s security objectives.
- Data protection and privacy: Implement measures to protect sensitive and critical data from unauthorized access, breaches, and loss.
- Agile software development frameworks and implementation: Demonstrate an understanding of Agile frameworks (e.g., Scrum, SAFe, LeSS) including their principles, roles, ceremonies, and artifacts. Be able to articulate the differences and benefits of each framework and apply them to different project scenarios.
- Evaluate emerging technology and trends: Identify opportunities for technology-driven improvements to enhance information security productivity and performance. Explore and pilot innovative technologies and solutions that can provide a competitive advantage or significantly improve information security capabilities.
- Stakeholder and team collaboration: Build trust through strong delivery and product management practices for engaging within teams and stakeholders.
- Leadership and mentorship: Provide leadership, guidance, and mentorship to various levels within Information Security teams.
Minimum Qualifications
Bachelor of Computer Science (BCoSc): Information Technology (Required)
Closing Date
20 November 2024
The appointment will be made from the designated group in line with the Employment Equity Plan of Old Mutual South Africa and the specific business unit in question.
Old Mutual Limited is pro-vaccination and encourages its workforce to be fully vaccinated against Covid-19.
All prospective employees are required to disclose their vaccination status as part of the recruitment process.
Please refer to Old Mutual’s Covid-19 vaccination policy for further detail. Kindly note that Old Mutual reserves the right to reinstate the requirement to vaccinate at any point if it is of the view that it is imperative to do so.