welcome to kiron

THIS content is intended for persons OVER THE AGE of 18

This site’s content is intended for persons of legal age to gamble in their jurisdiction. In most regions this means 18 or over, but legal age requirements may vary by location.

Please confirm that you meet the legal requirements to enter.

Vacant Role

Information Security Management System (ISMS) Manager - iGaming

Legal, Risk & Compliance
Department
Legal, Risk & Compliance
Employment Type
Full-time
Work Arrangement
Hybrid
Location
Johannesburg
job description

The ISMS Manager is accountable for leading the organisation’s information security governance, enterprise risk management, and regulatory compliance activities within a highly regulated iGaming environment. The role is responsible for establishing, maintaining, and continuously improving the organisation’s ISO 27001-aligned Information Security Management System, while providing strategic oversight of cyber risk, operational risk, and control effectiveness.

The incumbent will work closely with senior leadership and cross-functional stakeholders to ensure that security, risk, and compliance obligations are effectively managed in line with the organisation’s risk appetite, business objectives, and regulatory requirements. This role requires a strong manager who can translate regulatory and technical requirements into practical governance frameworks, drive accountability across teams, and provide clear reporting and assurance to executive and audit stakeholders.

EXPERIENCE
  • A demonstrable and substantial tenure of 5–8 years within the iGaming, sports betting, or a similarly stringent digital transaction environment.
  • Excellent comprehension of international iGaming compliance frameworks, and the operational mechanics of within the iGaming Industry.
  • Exceptional analytical acumen and the capacity to articulate complex technical and risk-related paradigms to non-technical stakeholders in a comprehensible and authoritative manner.
SKILLS & behavioural competencies
  • Excellent Communicator (written & spoken)
  • Honesty & Integrity
  • Critical Reasoning
  • Accountable
  • Problem Solving and Analytical Thinking
  • Proactive
  • Agile
  • Process driven
Qualifications
  • A tertiary qualification (bachelor’s degree or higher) in Information Technology, Cyber Security, Risk Management, or a cognate discipline.
  • Professional certifications, such as: Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), or ISO 27001 Lead Implementer/Auditor.
Required Outputs

Enterprise Risk Management (ERM)

  • Lead the design, implementation, and continuous enhancement of the organisation’s Enterprise Risk Management framework in alignment with ISO 31000 and business strategy.
  • Own the enterprise-wide risk management process, ensuring risks are identified, assessed, prioritised, mitigated, monitored, and reported effectively across all business functions.
  • Chair and facilitate risk assessment workshops with business and technical stakeholders, driving accountability for risk ownership and treatment actions.
  • Maintain executive oversight of the central risk register, ensuring completeness, quality, and alignment to the organisation’s risk appetite and tolerance thresholds.
  • Provide strategic risk insight and recommendations to senior leadership, enabling informed decision-making on operational, regulatory, cyber, and technology risks.
  • Track and report on key risk indicators (KRIs), control effectiveness, and remediation progress, escalating significant exposures where required.
  • Oversee the effective administration and optimisation of GRC platforms and related reporting mechanisms to support governance, visibility, and control monitoring.

Information Security Management System (ISMS) Oversight

  • Take full management ownership of the Information Security Management System (ISMS), ensuring its ongoing effectiveness, maturity, and alignment to ISO/IEC 27001:2022.
  • Lead the development, review, approval, and communication of information security policies, standards, procedures, and controls across the organisation.
  • Drive the organisation’s information security roadmap, ensuring security initiatives support business priorities, regulatory obligations, and operational resilience.

Regulatory Compliance and iGaming Assurance

  • Lead the organisation’s information security and risk compliance efforts across relevant iGaming jurisdictions, ensuring alignment with applicable regulatory, legal, and contractual obligations.
  • Maintain management oversight of compliance with standards and regulations including POPIA, GDPR, UKGC requirements, and other jurisdiction-specific information security obligations.
  • Coordinate regulatory and certification audits across internal teams, external service providers, and international stakeholders, ensuring timely readiness and response.
  • Interpret regulatory developments and translate them into actionable business and security requirements, partnering with relevant teams to drive implementation.
  • Act as the central management point of contact for risk, compliance, and information security matters in support of regulatory inspections, client due diligence, and audit requests.
  • Use regulatory intelligence and industry insight to proactively strengthen the organisation’s compliance posture in response to changing market and legislative requirements.

Leadership and Corporate Culture

  • Serve as the organisation’s lead representative for ISMS, cyber risk, and security governance matters, engaging confidently with senior stakeholders, committees, auditors, and external partners.
  • Build and maintain strong cross-functional relationships with Technology, Product, Operations, Legal, Compliance, and executive leadership to embed risk-aware decision-making.
  • Influence and support business leaders in understanding their control responsibilities, security obligations, and risk ownership.
  • Drive a culture of security awareness, accountability, and continuous improvement through training, communication, and management-led governance initiatives.
  • Prepare and present clear, concise, and data-driven reports to executive management and the Audit and Risk Committee on risk exposure, audit outcomes, security maturity, and remediation status.
  • Lead by example in promoting high standards of integrity, governance, and operational discipline across the business.
  • Identify opportunities to improve organisational resilience, governance maturity, and security capability through structured plans, prioritisation, and stakeholder alignment.
Interested in this role?
Email your CV with a brief overview and motivation to
Email Us Now