Chief Information Security Officer (CISO)

Old Mutual

Harare, Zimbabwe
Industry
Qualifications
Benefits
Skills
Experience
Education
Other
Apply
9 Similar Jobs

Lets Write Africa's Story Together!

Old Mutual is a firm believer in the African opportunity and our diverse talent reflects this.

Job Description

The Chief Information Security Officer (CISO) plays a pivotal role in shaping and executing a holistic information security strategy that safeguards the organisation across all major business lines, including banking, insurance, and asset management.

As a strategic and influential technology leader, the CISO's KRA's include:

Key Result Areas

Cyber Security Strategy

  • Developing and maintaining a group-wide cyber security strategy approved by relevant governance bodies (Technology Steering Committee, EXCO, and Technology Board Committee).
  • Reviewing and updating security policies, standards, and frameworks on a continual basis.
  • Ensuring the security roadmap aligns with Technology departmental priorities and overall business strategy.
  • Leveraging existing technologies (including cloud and AI) to strengthen the security posture across the organisation.

Internal Technology Controls

  • Developing a Technology Control Strategy and Operating Model to build capability and implement effective control frameworks mitigating non-financial and financial risks.
  • Leading and mentoring a team of risk and control professionals to deliver high-quality outcomes.
  • Implementing defined policies, procedures, and guidelines by establishing clear control activities and assigning accountability within ICT.
  • Monitoring regulatory changes and ensuring compliance with relevant laws and industry standards across Zimbabwe, South Africa, and other jurisdictions.
  • Providing training and awareness programs to enhance control culture and ensure organisational understanding of control processes.
  • Building capacity to execute centralised controls that support ICT projects and business-as-usual functions.

Technology Risk Management

  • Assessing and identifying technology risks across Level 1, 2, and 3 risk frameworks and supporting ICT and change initiatives in timely risk management.
  • Managing open risks by guiding remediation efforts, overseeing issue treatment, and developing new controls aligned to enterprise risk appetite.
  • Tracking, monitoring, and reporting technology risk remediation progress.
  • Building a technology risk reporting framework to communicate inherent and residual risk positions through the Technology Risk and Control Governance Framework.

Internal Controls Assurance

  • Coordinating with Enterprise Risk Management, Internal Audit, and External Audit to align audit strategies and control assessments across the Three Lines of Defence.
  • Establishing and maintaining a comprehensive internal controls assurance operating model and annual assurance plan.
  • Testing and assuring the design and operating effectiveness of key controls related to operational risk, financial reporting, compliance, and industry good practices.
  • Developing a technology controls reporting framework to communicate control effectiveness through established governance structures.

Automation and Tooling

  • Rationalising control-related data and developing a unified data model and workflow platform for core control activities (e.g., resilience, security, change, operations).
  • Continuously improving control frameworks through automation, tooling, and RPA to enhance consistency, accuracy, and efficiency.
  • Investigating, evaluating, and supporting the selection of a strategic Governance, Risk and Compliance (GRC) tool to scale the Technology Control Strategy.

Governance

  • Developing and embedding a formal Technology Risk and Control Governance Framework.
  • Establishing risk and control governance committees with defined terms of reference, reporting structures, and stakeholder accountabilities.
  • Ensuring effective governance from operational committees through to executive-level steering committees.

Qualifications & Experience

  • Bachelor’s or Master’s degree in a related field (e.g., Computer Science, Information Systems).
  • Professional certifications such as Certified Internal Auditor (CIA), Certified Information Systems Auditor (CISA), or Certified Public Accountant (CPA) are preferred.
  • Strong understanding of NIST, COBIT, PCI DSS, and the Data Protection Act.
  • Extensive experience in internal controls, risk management, and compliance.
  • Strong analytical and problem‑solving skills.
  • Excellent communication and interpersonal abilities.
  • Proven leadership and team management skills.

Skills

Change Management, Collaboration, Customer Centricity, Emotional Intelligence, Innovation, Leadership, Managing Execution, Quantitative Analysis, Regulatory Compliance, Risk Management, Strategic Vision

Competencies

Action Oriented

Builds Effective Teams

Communicates Effectively

Cultivates Innovation

Ensures Accountability

Manages Complexity

Optimizes Work Processes

Persuades

Education

Bachelor of Computer Science (BCoSc)

Closing Date

21 January 2026 , 23:59

The Old Mutual Story!

Read Full Description
Apply
Jobs at Old Mutual
Similar Jobs
Confirmed 21 hours ago. Posted 21 hours ago.

Discover Similar Jobs

Suggested Articles

Leaving Banking: The Why, When, and How
5 Must Read Books As You Start Your Finance Career
Demand for (Artificial) Intelligence: Jobs for Engineers & Scientists
Is it Really 10 Times Harder to Get Into Google Than Goldman Sachs?
How To Get Into Investment Banking
Let's Talk About Money

Roles for Junior Investment Bankers

Mid-Level and Senior Investment Banking Jobs