Information Security Officer: Risk Officer at Old Mutual

The Information Security Officer (ISO) will provide information security risk management and Cybersecurity expertise to the business segments. The expertise will take the form of risk analysis, consultancy, policy, standards and best practice guidance, and process improvements. The ISO will be required to work with project teams, service providers, and business units internal and external to the IT function. The candidate is expected to bring pragmatic Information security experience allowing for the business segment to meet its present and emergent business needs but in compliance to Old Mutual Information security polices and standards and within risk appetite. The candidate is expected work independently to advise and influence technology and business personnel regarding the value and methods of safeguarding information, applications, systems, infrastructure, and work practices are optimized so that the information risks are managed.

Key Result Areas

• To lead and shape the Information/Cybersecurity initiatives and support business segments in the implementation and execution of the Information/Cybersecurity framework, policies, and reporting of all segment specific Information/Cybersecurity elements.
• Primary interface between business segments and the CISO office.
• Participate in design reviews and identify potential mitigation strategies for security risks.
• Analyse business impact and exposure based on emerging security threats.
• Assists with the strategic planning and tactical execution of information security controls.
• Work closely with architects, functional area specialists, and security staff to ensure adequate security solutions are in place throughout all IT systems and platforms to mitigate identified risks sufficiently, and to meet business objectives and regulatory requirements.
• Lead, conduct and document investigations relating to IT security and incidents ensuring compliance
• Facilitates and co-ordinates the integration of the business -related security risk requirements into the broader governance structures, by initiating relevant discussions, and ensuring the evidencing of key risk-related decisions.
• Tracks and reports risk management trends, opportunities and remediation monthly and provides updates to the Security team
• Create and maintain reporting, problem resolution, and other tasks necessary to continuous improvement and evolution of services.
• Manage stakeholders at all levels, ensuring strong relationships are built and maintained. Instil confidence across the business that information security risks are identified and mitigated

Role Requirements

• Relevant tertiary (3yr) qualifications in a IT risk discipline required
• A certification from ISACA (CISM, CRISC), ISC2 (CISSP) is advantageous
• 6 - 8 years relevant industry experience IT risk management or security role.
• Experience within the Insurance and /or financial services sector advantageous
• Knowledge of IT risk management principles and practices
• Strong understanding of IT Governance, and technology and life cycle development processes (SDLC, technology operations, business continuity, etc).
• Broad knowledge of range of standards, frameworks and methodologies— for example, International Standards Organization (ISO) 27001/2, NIST Cyber Security Framework, IT Infrastructure Library (ITIL), COBIT
• Experience in developing Technology risk and Information Security strategy and frameworks
• Excellent written and oral communication skills
• Strong facilitation, negotiation and conflict resolution skills
• Strong analytical and problem solving skills
• Strong networking skills