OM Bank : Head IT GRC (Governance, Risk and Compliance)

Old Mutual is a firm believer in the African opportunity and our diverse talent reflects this.

We are seeking a dynamic and experienced Head to lead and mature our First Line of Defense of IT GRC capabilities. This role is critical in embedding robust governance risk management and compliance practices directly into the IT operations. The successful candidate will serve as the primary interface between IT teams and second-line oversight and third line functions (e.g. enterprise risk compliance internal audit) ensuring that risk is proactively managed and aligned with corporate objectives.

• IT GRC Leadership & Strategy: Develop and implement first-line GRC frameworks aligned with enterprise-wide policies and regulatory standards. Serve as the GRC lead within the IT units championing a culture of risk awareness ethical conduct and compliance. Serve as a trusted advisor to the CIO CRO and executive leadership on IT risk and compliance matters. Work closely with information security internal audit operations and product teams. Promote a culture of risk awareness and compliance across technology functions.
• IT Risk Management: Identify assess and monitor IT and cyber risks across the organization. Lead the development of risk mitigation strategies and track remediation efforts. Oversee regular risk assessments audits and penetration testing.
• IT Governance & Controls: Ensure robust internal controls are implemented and adhered to across operational and IT processes. Establish IT controls and assurance mechanisms that support strategic business goals. Define and maintain IT governance frameworks policies and procedures. Support internal and external audits regulatory inspections and compliance reviews.
• IT Compliance & Regulatory Adherence: Ensure compliance with applicable laws regulations and standards (e.g. POPIA PCI-DSS local financial regulatory frameworks). Lead the preparation and response to regulatory inspections and IT audits. Collaborate with legal and compliance teams to interpret new regulations and drive implementation.
• Incident Management & Reporting: Oversee IT incident response and ensure timely escalation and root cause analysis. Provide regular risk compliance and control performance reports to executive leadership and the board.
• Reporting & Communication: Prepare GRC reports dashboards and key risk indicators (KRIs) for senior leadership. Act as a liaison between IT teams and second / third line functions (e.g. Compliance Risk Audit).
• Training & Awareness: Lead GRC training and awareness initiatives for IT teams. Promote continuous improvement in risk and compliance capabilities through education and engagement.

• Relevant University Degree & Professional Qualification.
• Risk related degree CISA CGEIT and / or CRISC advantageous.

• 10 years of experience in IT governance risk management and compliance roles preferably within the financial services or digital banking sector.
• Deep knowledge of regulatory and cybersecurity frameworks. Strong leadership communication and stakeholder management skills.

• Action Planning
• Adaptive Thinking
• Business Requirements Analysis
• Change Management
• Current State Analysis
• Management Accounting
• Oral Communications
• Organization Design and Development
• Planning and organisational skills
• Policies & Procedures
• Presenting Solutions
• Strategic Planning

Closing Date: 24 July 2025 23:59

The appointment will be made from the designated group in line with the Employment Equity Plan of Old Mutual South Africa and the specific business unit in question.

The Old Mutual Story!

Employment Type : Full-Time

Experience : years

Vacancy : 1