Qualifications and Experience

Qualification
-Bachelor’s Degree in Information Security discipline or Computer-related field. An Honours or Master’s Degree is preferred.
-Relevant ISO trainings and certifications from a recognised institution
-Agile certification from a recognised institution is advantageous

Experience
10+ years of experience in information security industry or similar
Experience with Agile methodologies, e.g. SAFe, Scrum, LeSS, etc.

ADDITIONAL QUALIFICATIONS/EXPERIENCE (PREFERRED, NOT A REQUIREMENT)
Skills and Knowledge:
Security architecture and design
Security frameworks and methodologies i.e. NIST, ISO 27001, CIS Controls, etc.
Risk management and incident response
Network, application and cloud security principles
Expert understanding of compliance and regulatory frameworks and standards
The CISO oversees an Old Mutual’s information, cyber and technology security strategy, vision and implementation. The CISO's responsibilities include developing, implementing and enforcing security policies to protect critical organization data

The Chief Information Security Officer (CISO) will be a thought leader in the area of information security for the organization. The CISO will establish information security strategy for the organization and direct the implementation and monitoring of information security standards and policies. The CISO will provide information security guidance to executive leadership within the organization by recommending information security investments which mitigate risks, strengthen defenses, and reduce vulnerabilities for development, internal and client facing systems and products. This role is part of the leadership team of Operations and Corporate Governance across OML. The role is accountable for achieving strategic objectives through other managers and their teams over periods of 3 to 5 years.
Information security strategy and governance – Develop and implement an information security strategy that aligns with the Old Mutual’s overall business goals and objectives. Establish and enforce security governance frameworks, policies and procedures to ensure compliance and risk management.
Risk management – Oversee the regular conduct of risk assessments to identify, evaluate and prioritise security risks to Old Mutual. Develop and implement risk mitigation strategies and controls to address identified security risks and vulnerabilities.
Incident management and response – Develop, maintain and test an incident response plan to address and manage security incidents effectively. Lead and coordinate the response to security incidents, including communication with stakeholders and external parties.
Compliance and regulatory adherence – Ensure compliance with relevant laws, regulations and industry standards related to information security.
Security architecture and technology – Design and oversee the implementation of security architecture to protect Old Mutual’s information systems and data. Evaluate, select and manage security technologies and solutions that support Old Mutual’s security objectives.
Data protection and privacy – Implement measures to protect sensitive and critical data from unauthorised access, breaches and loss.
Agile software development frameworks and implementation – Demonstrate an understanding of Agile frameworks (e.g. Scrum, SAFe, LeSS) including their principles, roles, ceremonies and artifacts. Be able to articulate the differences and benefits of each framework and apply them to different project scenarios.
Evaluate emerging technology and trends – Identify opportunities for technology-driven improvements to enhance information security productivity and performance. Explore and pilot innovative technologies and solutions that can provide a competitive advantage or significantly improve information security capabilities.
Stakeholder and team collaboration – Build trust through strong delivery and product management practices for engaging within teams and stakeholders.
Leadership and mentorship – Provide leadership, guidance and mentorship to various levels within Information Security teams.
Maintaining Balance: Effectively balances personal priorities with the responsibility of directing and motivating team members, ensuring that individual and team objectives are aligned with organizational goals.
Work Planning and Assignment: Develops comprehensive plans and assigns tasks strategically, considering individual strengths and workload capacity to optimize team productivity and efficiency.
Guidance and Direction: Provides clear guidance and direction to team members, empowering them to achieve operational excellence standards while fostering a supportive and collaborative work environment.
Performance Optimization: Cultivates a climate conducive to optimal performance by fostering open communication, providing constructive feedback, and recognizing and celebrating team achievements to motivate and inspire continuous improvement.