General Manager – Information Security

About the role

The General Manager – Information Security will report directly to the CIO and lead the enterprise security function in Johannesburg. This senior position is responsible for shaping the security strategy, governing risk, and ensuring resilience across the organisation.

Key responsibilities

• Define and drive the enterprise information security strategy aligned with business goals and risk appetite.
• Establish, maintain and continuously improve the Information Security Management System (ISMS).
• Develop, enforce and monitor security policies, standards and control frameworks.
• Own the enterprise security risk register and lead risk assessments, treatment and mitigation planning.
• Translate audit findings into remediation work packages and govern their execution.
• Embed security‑by‑design principles into architecture, projects, procurement and change processes.
• Oversee security architecture, vulnerability management, incident response and cyber‑resilience practices.
• Manage identity and access management governance, including privileged access reviews.
• Lead third‑party security risk assessments and ongoing assurance.
• Provide strategic input to client RFPs, due‑diligence and assurance responses.
• Report security KPIs/KRIs and risk posture to executive leadership and the Board.

Required profile

• Bachelor’s degree in IT, Computer Science, Cybersecurity or related field (Master’s preferred).
• Relevant certifications such as CISSP, CISM, CISA or equivalent.
• Minimum 10 years of progressive experience in information security leadership.
• Proven track record of implementing enterprise‑wide security programmes.

Required skills

• ISO 27001, NIST, CIS and GDPR frameworks.
• Vulnerability management and incident response.
• Security architecture across networks, cloud and applications.
• Identity and Access Management (IAM) governance.
• Risk assessment and risk register management.
• Security policy and control framework development.

What we offer

• Strategic leadership role within a dynamic organisation.
• Opportunity to shape security culture and governance at enterprise level.