Information Security Officer
Job in
Durban, 4056, South Africa
Listed on 2026-06-27
Listing for:
Old Mutual Limited
Full Time
position Listed on 2026-06-27
Job specializations:
-
IT/Tech
Cybersecurity, Information Security, IT Consultant, Data Security
Job Description & How to Apply Below
Hybrid locations:
Cape Town:
Johannesburg:
Durban time type:
Full time posted on:
Posted Todayjob requisition :
JR-80681
** Let's Write Africa's Story Together!
** Old Mutual is a firm believer in the African opportunity and our diverse talent reflects this.
** Job Description
** The Information Security Officer is responsible for championing and embedding the organisation’s security strategy within assigned business units. The role acts as the primary security partner to business and technology leadership, translating group security objectives, policies, standards and control requirements into practical actions that support business priorities, regulatory obligations and risk reduction. The role also serves as the key conduit between the central security function and the business, providing security advisory support, driving the adoption of required controls, and influencing stakeholders to strengthen the protection of information, applications, systems and infrastructure.
Group Technology & Transformation | IT Governance Risk & Compliance##
** Job Description
**** Governance
* ** Develop and maintain Information Security and IT Risk Policies, supporting controls catalogue and related standards across the group to manage / mitigate associated risks.
* Manage the capability maturity assessments of various IS and IT capabilities per the frameworks adopted (NIST, COBIT, ITIL) bi-annually drive ownership of the improvement plan to achieve agreed targets and to manage associated risks.
* Analyze outcomes and information to create meaningful insights, to influence focus and budget decisions where input is required.
* Provide feedback to senior leadership teams (Steering committees, IT leadership forums).
* Develops and embeds reporting structures per the Information Security and IT management requirements, aligning with Old Mutual Risk and Compliance Governance structures, for risk aggregation and concentration of Old Mutual’s risk exposures.
* Manage and review various requests and submissions of information to group-wide cyber insurers to determine the best premium for the organisation.
* Educate and inform employees about our practices and standards.
** Regulatory
* ** Ensure that the relevant legislative and regulatory requirements are implemented and enforced in the organisation based on risk appetite, risk tolerance, and capability maturity levels (e.g., Cybercrimes Act, draft joint standard: Cybersecurity and Cyber Resilience, draft joint standard: IT Risk Management).
* Manage and review various requests and submissions of information to the regulator / provide commentary on draft standards issued by the regulator prior to government approval.
** Compliance
* ** Ensure compliance with Old Mutual’s Information Security and IT requirements set out in policies, the controls catalogue, related standards, regulatory requirements, and industry guidelines.
* Achieve agreed policy compliance targets for the Information Security and IT risk policies.
** Leadership
* ** Collaborate / partner with various stakeholders at different levels across the organization (IT, Audit, Business Units, Project teams, etc.) to obtain buy-in, ensure alignment, and achieve deliverables in support of the both the IT and business strategy
* Lead a team of professionals and third-party service providers to achieve the agreed objectives per Old Mutual’s values, timelines, and budget.
* Recommended or support optimisation/efficiency / enhancement opportunities aligned to the IT strategy, e.g., automation.
** Business Unit Security Strategy Embedment and Oversight
*** Champion and drive the execution of the information and cybersecurity strategy within assigned business units, ensuring alignment to group security objectives, business priorities, and segment-specific risk requirements.
* Act as the primary security interface between assigned business units / entities and the Governance, Risk and Compliance function within the CISO office, providing trusted advice, challenge, and coordination on security priorities, risks, and decisions.
* Participate in design reviews and identify potential mitigation strategies for security risks.
* Analyze business impact and exposure based on emerging security threats.
* Support the strategic planning and tactical execution of information security initiatives and controls within assigned business units to improve resilience, compliance, and risk management outcomes.
* Work in collaboration with architects, functional domain / area specialists, and security teams to continuously validate fit-for-purpose security controls and architectures to ensure adequate security solutions are in place throughout all IT systems and platforms to mitigate identified risks sufficiently, and to meet business objectives and regulatory requirements.
* Facilitate and coordinate the integration of the business-related security risk requirements into the broader governance structures by initiating relevant…
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
Search for further Jobs Here:
×