About the position
Introduction
The position of Senior Manager: ICT Security is currently vacant. The incumbent will report directly to the Chief Information Officer and will be based at Head Office - Pretoria.
The total remuneration package will be between R1,613,106 and R2,016,382 per annum, determined in accordance with the Scheme's Remuneration Policy.
The closing date for applications will be Friday, 26 December 2025.
Duties & Responsibilities
Key Performance Areas (KPAs)
The Senior Manager: ICT Security will be responsible for:
- Providing strategic and operational leadership of the enterprise information security function to ensure the ongoing confidentiality, integrity, and availability of GEMS information assets.
- Establishing and maintaining the ICT Security Framework, governance structures, and enterprise security architecture.
- Leading enterprise initiatives for cybersecurity policy, standards, and awareness across on premise, cloud, and hybrid environments.
- Overseeing security operations, including incident detection, response, monitoring, and vulnerability management.
- Ensuring compliance with applicable legislation, including POPIA, the Medical Schemes Act, KingIV, ISO27001, and internal risk and audit frameworks.
- Managing business continuity and disaster recovery planning, testing, and the integration of cyber resilience measures.
- Overseeing security solution acquisition, deployment, and lifecycle management to mitigate technology, operational, and compliance risks.
- Managing security budgets, vendor and contract performance, and third party risk assessments.
- Providing regular reporting, metrics, and briefings to Executive Management and relevant governance committees on the organisation's security posture.
- Leading and developing the information security team to ensure performance excellence, readiness, and continuous improvement through training, drills, and development plans.
- Collaborating with internal and external stakeholders including ICT, Risk, Audit, Legal, service providers, and regulators to support business aligned, secure operations.
Desired Experience & Qualification
Qualification Requirements:
- A Bachelor's degree or Advanced Diploma in Computer Science, Information Security, Information Systems, or a related field.
- A postgraduate qualification in Cybersecurity, IT Governance, or Business will be advantageous.
- Professional certifications (preferred): CISSP, CISM, CISA, GIAC, CCSP, or ISO27001 Lead Implementer/Lead Auditor.
- A minimum of 8years' functional experience in Information Security, with at least 5years in a managerial role leading security teams.
- Demonstrated experience in enterprise security governance, architecture, risk management, SOC operations, and incident response.
- Strong understanding of network and cloud security (Azure/AWS), POPIA, and cyber risk frameworks (ISO27001, NISTCSF).
- Experience engaging with executive committees, audit processes, and security assurance programs.
Skills:
- Strong leadership, analytical, and strategic planning capability.
- Excellent business and technical acumen with deep understanding of cybersecurity principles.
- Proven ability to implement and govern secure-by-design practices.
- Effective stakeholder management and communication at senior levels.
- Demonstrated problem-solving, risk assessment, and decision-making skills.
- High level of resilience and adaptability when managing incidents under pressure.
- Excellent report-writing, presentation, and documentation control skills.
Behavioural Competencies:
- Integrity: Acts responsibly, ethically, and protects sensitive information.
- Accountability: Owns delivery of outcomes, ensures governance and compliance.
- Strategic Thinking: Aligns information security with organisational strategy and risk appetite.
- Collaboration: Partners across ICT, Risk, Audit, and Business to enable secure outcomes.
- Decision-Making: Applies sound judgment under pressure.
- Innovation: Modernises security practices and drives continuous improvement.
- Resilience: Maintains composure and performance under demanding conditions.
- Service Orientation: Provides responsive, business-aligned security support.
- People Development: Coaches, motivates, and builds team capability.
Desirable:
- Experience within a medical scheme, financial services, or other regulated industry.
Interested?
GEMS employs people with the highest level of integrity - submission to the appropriate pre-employment assessment is obligatory to be considered for the position.
Kindly note that the information provided on application of the position may be shared with a third party for vetting purposes and will be stored by GEMS for a period of 5 years.
Kindly note that information is required for Employment Equity Purposes and information gathered is strictly used according to the intended purpose of collection, unless there is a legal need or permission is granted from the applicant themselves to make use of it for other purpose
Should you wish to have your information removed from the GEMS database, kindly send a request in writing to [Email Address Removed] .
GEMS adopts a hybrid work model.
GEMS is guided by the principles of employment equity. Preference will be given to groups who are underrepresented in accordance with GEMS employment equity plan.
Successful candidates will be required to seek approval to conduct other work outside of GEMS.
GEMS Employees are required to conduct themselves in a manner that reflects the organisation's paramount values: Excellence, Member Value, Integrity, Innovation, and Collaboration.
