Information Security Management System (ISMS) Manager - iGaming
Legal, Risk & Compliance
Legal, Risk & Compliance
Full-time
Hybrid
Johannesburg
job description
The ISMS Manager is accountable for leading the organisation’s information security governance, enterprise risk management, and regulatory compliance activities within a highly regulated iGaming environment. The role is responsible for establishing, maintaining, and continuously improving the organisation’s ISO 27001-aligned Information Security Management System, while providing strategic oversight of cyber risk, operational risk, and control effectiveness.
The incumbent will work closely with senior leadership and cross-functional stakeholders to ensure that security, risk, and compliance obligations are effectively managed in line with the organisation’s risk appetite, business objectives, and regulatory requirements. This role requires a strong manager who can translate regulatory and technical requirements into practical governance frameworks, drive accountability across teams, and provide clear reporting and assurance to executive and audit stakeholders.
EXPERIENCE
- A demonstrable and substantial tenure of 5–8 years within the iGaming, sports betting, or a similarly stringent digital transaction environment.
- Excellent comprehension of international iGaming compliance frameworks, and the operational mechanics of within the iGaming Industry.
- Exceptional analytical acumen and the capacity to articulate complex technical and risk-related paradigms to non-technical stakeholders in a comprehensible and authoritative manner.
SKILLS & behavioural competencies
- Excellent Communicator (written & spoken)
- Honesty & Integrity
- Critical Reasoning
- Accountable
- Problem Solving and Analytical Thinking
- Proactive
- Agile
- Process driven
Qualifications
- A tertiary qualification (bachelor’s degree or higher) in Information Technology, Cyber Security, Risk Management, or a cognate discipline.
- Professional certifications, such as: Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), or ISO 27001 Lead Implementer/Auditor.
Required Outputs
Enterprise Risk Management (ERM)
- Lead the design, implementation, and continuous enhancement of the organisation’s Enterprise Risk Management framework in alignment with ISO 31000 and business strategy.
- Own the enterprise-wide risk management process, ensuring risks are identified, assessed, prioritised, mitigated, monitored, and reported effectively across all business functions.
- Chair and facilitate risk assessment workshops with business and technical stakeholders, driving accountability for risk ownership and treatment actions.
- Maintain executive oversight of the central risk register, ensuring completeness, quality, and alignment to the organisation’s risk appetite and tolerance thresholds.
- Provide strategic risk insight and recommendations to senior leadership, enabling informed decision-making on operational, regulatory, cyber, and technology risks.
- Track and report on key risk indicators (KRIs), control effectiveness, and remediation progress, escalating significant exposures where required.
- Oversee the effective administration and optimisation of GRC platforms and related reporting mechanisms to support governance, visibility, and control monitoring.
Information Security Management System (ISMS) Oversight
- Take full management ownership of the Information Security Management System (ISMS), ensuring its ongoing effectiveness, maturity, and alignment to ISO/IEC 27001:2022.
- Lead the development, review, approval, and communication of information security policies, standards, procedures, and controls across the organisation.
- Drive the organisation’s information security roadmap, ensuring security initiatives support business priorities, regulatory obligations, and operational resilience.
Regulatory Compliance and iGaming Assurance
- Lead the organisation’s information security and risk compliance efforts across relevant iGaming jurisdictions, ensuring alignment with applicable regulatory, legal, and contractual obligations.
- Maintain management oversight of compliance with standards and regulations including POPIA, GDPR, UKGC requirements, and other jurisdiction-specific information security obligations.
- Coordinate regulatory and certification audits across internal teams, external service providers, and international stakeholders, ensuring timely readiness and response.
- Interpret regulatory developments and translate them into actionable business and security requirements, partnering with relevant teams to drive implementation.
- Act as the central management point of contact for risk, compliance, and information security matters in support of regulatory inspections, client due diligence, and audit requests.
- Use regulatory intelligence and industry insight to proactively strengthen the organisation’s compliance posture in response to changing market and legislative requirements.
Leadership and Corporate Culture
- Serve as the organisation’s lead representative for ISMS, cyber risk, and security governance matters, engaging confidently with senior stakeholders, committees, auditors, and external partners.
- Build and maintain strong cross-functional relationships with Technology, Product, Operations, Legal, Compliance, and executive leadership to embed risk-aware decision-making.
- Influence and support business leaders in understanding their control responsibilities, security obligations, and risk ownership.
- Drive a culture of security awareness, accountability, and continuous improvement through training, communication, and management-led governance initiatives.
- Prepare and present clear, concise, and data-driven reports to executive management and the Audit and Risk Committee on risk exposure, audit outcomes, security maturity, and remediation status.
- Lead by example in promoting high standards of integrity, governance, and operational discipline across the business.
- Identify opportunities to improve organisational resilience, governance maturity, and security capability through structured plans, prioritisation, and stakeholder alignment.

