Head Of It Security & Risk Management

The Head of IT Security & Risk Management is responsible for overseeing the organization's information security strategy, policies, and operations to protect critical data, systems, and infrastructure.

This role ensures the identification, assessment, and mitigation of IT-related risks while fostering a culture of security awareness across the organization.

Lead a team of security professionals, collaborate with cross‑functional stakeholders, and align security initiatives with business objectives to safeguard the organization against cyber threats and ensure compliance with regulatory requirements.Your Responsibilities will include : Develop and implement a comprehensive IT security and risk management strategy aligned with organizational goals and industry best practices and group company requirements.Identify, assess, and prioritize IT risks, including cybersecurity threats, data breaches, and system vulnerabilities, and implement mitigation strategies in close collaboration with enterprise risk management, finance, and legal functions to ensure a comprehensive organizational risk posture.

Report risks to Steerco meetings.Design, enforce, and update information security policies, standards, and procedures to ensure compliance with regulations.Oversee the development and execution of incident response plans, including managing and mitigating security incidents, conducting post‑incident reviews, and implementing lessons learned.Manage day‑to‑day operations for the IT security team, fostering professional development and ensuring high performance.Ensure compliance with internal policies, group company policies, and external regulatory requirements, with a strong emphasis on data governance, privacy, and responsible use of emerging technologies (e.g., AI, machine learning, IoT).

Establish frameworks for data protection that meet or exceed global standards (e.g., GDPR, POPIA, CCPA) and embed AI ethics principles into security and risk management practices.Stay abreast of emerging cybersecurity threats, vulnerabilities, and technologies, and integrate threat intelligence into security operations.Partner with IT, legal, compliance, and business units to align security initiatives with operational needs, strategic objectives, and growth priorities.

Ensure that security is positioned as a business enabler—supporting innovation, accelerating digital transformation, and strengthening customer trust through secure‑by‑design solutions.Develop and manage the IT security budget, ensuring cost‑effective allocation of resources for tools, training, and personnel.Oversee relationships with third‑party security vendors, including evaluating and selecting security tools, services, and managed security providers.Drive organization‑wide security awareness programs to educate employees on best practices and reduce human‑related security risks.Provide regular updates to executive leadership and the board on security posture, risks, incidents, and mitigation efforts.Lead initiatives that protect sensitive customer and business data, ensuring ethical data usage, privacy‑by‑design, and resilience against misuse of AI‑driven technologies.Translate complex security risks into business terms for executive and operational leaders, ensuring decision‑making balances protection with agility and opportunity.Provide technical support for security tools and systems, assisting with troubleshooting, monitoring, and resolving security‑related issues.Oversee penetration tests and remediation efforts.Take ownership of audit activities and remediation efforts.Engage with clients on security related discussions and security / compliance related activities to help technical team to address security challenges in client environments.Expand on the already‑existing vulnerability management and monitoring program in place.Take ownership of and maintain a company‑wide security and privacy risk register.

Qualification, Work Experience & Skills : Educational Background : Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.Certifications : Relevant certifications such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), CRISC (Certified in Risk and Information Systems Control), CISA (Certified Information Systems Auditor), or equivalent is highly desirable.Work Experience : 10+ years of experience in IT security, with at least 5 years in a leadership or management role.Proven track record of developing and implementing enterprise‑wide security strategies.Experience managing cybersecurity incidents and leading incident response efforts.Technical Expertise : Deep knowledge of cybersecurity frameworks (e.g., NIST, ISO

• ), threat detection tools, encryption technologies, and network security.Risk Assessment : Strong ability to identify, analyze, and prioritize IT risks and vulnerabilities.Leadership : Exceptional leadership and team‑building skills with the ability to motivate and manage a diverse teammunication : Excellent verbal and written communication skills, with the ability to convey complex security concepts to non‑technical stakeholders.Strategic Thinking : Ability to align security initiatives with business objectives and anticipate future risks.Problem‑Solving : Strong analytical and problem‑solving skills to address complex security challenges.Regulatory Knowledge : Familiarity with global data protection regulations and compliance requirements.Project Management : Experience managing large‑scale security projects and budgets.The Company's approved Employment Equity Plan and Targets will be considered as part of the recruitment process.

As an Equal Opportunities employer, we actively encourage and welcome people with various disabilities to apply.

#J-