IT and Cyber Risk Analyst

Let's Write Africa's Story Together

Old Mutual is a firm believer in the African opportunity and our diverse talent reflects this.

Job Description

• Minimum 3 years relevant industry experience within the financial services sector in an IT Risk or security role
• Degree/Honours in Information Systems or Information Technology (Essential)
• Knowledge of Information Security and IT Risk
• Knowledge of Information Security Standards and Frameworks such as NIST CSF, ISO27001/2
• Knowledge of Secure Software Development Lifecycles and agile ways of work

The IT and Cyber Risk Analyst is a hands-on technical and operational role responsible for day-to-day risk identification, control execution, and monitoring within the IT and Security Operations environment. This position serves as the first line of defense, owning the effectiveness of critical security controls and ensuring that residual risk remains within acceptable operational tolerance. The analyst converts policies and standards into tangible, measurable IT and security configurations and processes.Responsibilities

Provide risk advisory and support during risk management initiatives.

• Collaborate with IT, ERM and Business Stakeholders to ensure security audit requirements are communicated and monitored.
• Support in driving remediation efforts of technical vulnerabilities.
• Support OMI stakeholders in effectively defining and prioritizing risk reduction action plans in line with policies and standards and manage until closure.
• Contribute to and support the execution of the OMI Information Security and IT Risk reduction plan, closely collaborating with IT and other Stakeholders to ensure information security risks are managed effectively.
• Collaborate with IT Teams in an advisory capacity to ensure security is embedded in the development of applications.

Third-Party Information Security Risk Management

• The primary responsibility in TPRM is ensuring all third-party engagements are assessed, mitigated, and monitored according to internal security standards.
• Conduct third-party risk assessments by reviewing vendor-submitted documentation (e.g., SOC reports, security questionnaires) to identify and quantify both inherent and residual risks related to information security.
• Engage directly with vendors to assist with completing assessments and resolve technical queries regarding their security posture and control documentation.
• Participate in quarterly performance meetings with vendors, specifically focusing on reviewing outstanding information requirements, clarification of control deficiencies, and tracking remediation of high-priority risks.

Crown Jewels Identification

• This involves supporting the organization's data protection strategy by formally supporting the classification of the most critical assets.
• Assist in the identification of Crown Jewel applications by working with IT asset management and architecture teams to define the critical processes they support.
• Identify and confirm business/application owners for all Crown Jewel assets, formally assigning accountability for the data and system security controls.

Project and Process Risk Assessment

• The analyst embeds security controls into new business processes and IT projects, ensuring compliance with IT and Security controls mandate.
• Perform formal IT and security risk assessments within business processes and IT projects by reviewing architectural designs, system requirements during project delivery.
• Translate security requirements into actionable technical configurations and implementation tasks for IT/Development teams, owning the execution of these new controls within the project lifecycle.
• Document all identified IT and Security risks and track the execution of their corresponding mitigation plans until project closure.
• Conduct periodic reviews of existing IT and security processes to identify and document new risks that may arise from process drift or system updates.

Skills

Action Planning, Analytics Software, Budget Management, Computer Literacy, Data Analysis, Database Reporting, Data Compilation, Data Controls, Data Interpretations, Evaluating Information, Management Reporting, Numerical Aptitude, Report Review, Solution Analysis

Competencies

Business InsightCommunicates EffectivelyCourageDecision QualityEnsures AccountabilityFinancial AcumenInstills TrustManages Complexity

Education

Bachelor of Commerce (BCom): Information Technology (Required), NQF Level 7 - Degree, Advance Diploma or Postgraduate Certificate or equivalent

Closing Date

14 December 2025 , 23:59

The appointment will be made from the designated group in line with the Employment Equity Plan of Old Mutual South Africa and the specific business unit in question.

The Old Mutual Story

---