Job Description

This role provides specialist risk advisory, oversight and support across the IT and Cyber security/Information security value chain . Reporting into the OMF Information Security Risk Manager, essential in providing oversight, monitoring any appropriate challenge of the business unit’s overall risk profile to ensure that Line 1 management is appropriately managing their risks and the control environment to meet their business objectives.
Who are We?
Old Mutual is a premium African financial services organisation that offers a broad spectrum of financial solutions to retail and corporate customers across key market segments in 17 countries. The lines of business include Life and Savings, Property and Casualty, Asset Management and Banking and Lending.
Old Mutual Finance was established in 2008 to provide unsecured lending products and services to the SA market. The business started with a staff compliment of 34 and has since grown to over 3000 staff with more than 300 branches nationally. Within our branches we offer insurance, transactional banking and lending products as well as servicing.

Why Join Old Mutual?
Enabling our people to be their exceptional best is at the core of what we do. We are rooted in our purpose of Championing Mutually Positive Futures Every Day and believe that a great customer experience is anchored in a great employee experience.

We will provide you with a holistic experience to realise and unleash your potential.

What we Offer:
In partnership with you, we promise to challenge and help you grow in your career through a personalised development plan. We strive to create and expose our people to diverse learning opportunities through formal and informal learning. Most importantly you work in diverse teams made up of enthusiastic people who strive for excellence.

The Opportunity:
Old Mutual Finance is currently seeking to hire OMF IT Risk Officer. This role provides specialist risk advisory and support during IT projects, in-house application development initiatives and enhancements as well as third party risk management. Reporting into the OMF Information Security Risk Manager, this role also provides specialist assistance in ensuring the effective functioning of OMF’s Information Security Management System (ISMS).

  • Assists business unit management to rollout the risk management strategy, risk policies and information security policies as per the OMF risk requirements.
  • Ensures that risk management processes (identify, measure, respond, monitor and report risk) are implemented in the business or across IT functions.
  • Provide oversight and technical guidance / Provides support & assistance to management across the value chain to embed risk management and information security.
  • Challenge management where deemed appropriate and express an opinion on execution / change risk.
  • Collaborate with IT Teams in an advisory capacity to ensure risk management and information security is embedded in processes.
  • Assist with design, review and maturing of OMF IT controls, processes and procedures.
  • Support Line 1 management to complete annual and quarterly risk processes.
  • Provides support to business unit management in carrying out risk-related responsibilities and influence risk-based decision making
  • Collaborate with IT Project Management Office to ensure security / risk requirements are communicated and assessed for all projects and system implementations.
  • Provide direction and oversight over vulnerability management activities across IT services including external assurance over security process.
  • Provide risk assurance over key IT and information security processes.
  • Contribute to and support the execution of the OMF Information Security and IT Risk reduction plan, closely collaborating with IT and Business Stakeholders to ensure information security risks are managed effectively.
  • Support the OMF stakeholders in effectively defining and prioritizing risk reduction action plans in line with policies and standards and manage until closure
  • Compile Risk Reporting and risk indicator dashboards for the various committees where Information Security Risk is tabled.
  • Achieving results through own professional and self-development


  • 5+years relevant industry experience within the financial services sector in an IT Risk or security role.
  • Degree/Honours in Information Systems or Information Technology (Essential)
  • Knowledge of Information Security and IT Risk
  • Recognized professional industry certification(s) such as SSCP, CISM, ISO 27001 Lead implementer / Lead Auditor, CISSP, CEH
  • Knowledge of Information Security Standards and Frameworks such as NIST CSF, ISO27001/2
  • Knowledge of Secure Software Development Lifecycles and agile ways of work
  • Knowledge of Vulnerability Management
  • Knowledge of Cloud Computing Platforms such as AWS

Desired Skills:

  • Cloud computing
  • Risk Analysis
  • Risk Assessment
  • Information Security

Desired Work Experience:

  • 5 to 10 years Investments, Insurance & Assurance

Desired Qualification Level:

  • Degree

Learn more/Apply for this position