Let's Write Africa's Story Together!

Old Mutual is a firm believer in the African opportunity and our diverse talent reflects this.

Job Description

At OM Bank, we strive to attract great people who are passionate about coming together for a higher purpose- building something unique and aspirational, always aiming to be the best they can be. We are rooted in our purpose of inspiring and enabling our customers to grow and sustain their prosperity.

The Security Engineer (Identity, Endpoint & Data Protection) is responsible for implementing, maintaining, and continuously improving security controls across the Endpoint and User Ecosystem - including Identity and Access Management (IAM), Endpoint Protection, Data Loss Prevention (DLP), and Vulnerability Management.
Reporting to the Cloud Security Operations Lead, this role safeguards the organisation’s users, data, and endpoints through advanced configuration of Microsoft the Microsoft stack, and supports incident response, cyber defence, and risk remediation activities.

The role ensures the secure operation of Microsoft-based assets through proactive identity governance, endpoint compliance, and data protection. The engineer collaborates closely with Cyber Defence, Risk Management, and DevSecOps teams, providing technical expertise to implement risk-driven controls, automate policy enforcement, and improve visibility through Sentinel integration.
This position requires hands-on proficiency with Microsoft E5 security tooling, strong analytical capability, and a passion for modern Zero Trust security operations

KEY RESULT AREAS

Identity & Access Management:

• Manage and optimise areas such as Azure AD / Entra ID, Conditional Access, PIM, MFA, RBAC, and access package lifecycle governance.

Endpoint Security & Compliance:

• Administer endpoint protection tooling with compliance baselines, ensure encryption, patching, and secure configuration of all managed devices.

Data Loss Prevention & Information Protection:

• Configure and maintain Microsoft Purview DLP, sensitivity labels, and information governance policies across M365 (Exchange, SharePoint, Teams, OneDrive).

Vulnerability Management:

• Operate Microsoft Defender Vulnerability Management (DVM); track, prioritise, and remediate vulnerabilities in coordination with system owners.

Automation & Policy Deployment:

• Build and deploy automated policies using Intune, PowerShell, and Graph API to enforce consistent security posture.

Threat Detection Enhancement

• Fine-tune Defender and SIEM detections to reduce false positives and improve coverage of endpoint, identity, and DLP telemetry

Compliance Reporting

• Generate dashboards and reports for device compliance, privileged access, DLP violations, and vulnerability metrics.

Continuous Improvement:

• Contribute to the ongoing maturity of the Endpoint and User security ecosystem and adoption of Zero Trust, “Security as Code,” and automation.

ROLE REQUIREMENTS

• 2–4 years in Microsoft 365 / Azure security engineering or equivalent enterprise security operations.
• Proven experience managing Intune, Defender for Endpoint, and Entra ID conditional access policies.
• Hands-on with Microsoft Purview DLP and sensitivity labelling across cloud services.
• Familiarity with Defender Vulnerability Management and integration into SOC workflows.
• Exposure to Sentinel and SOAR automation playbooks.
• Understanding of NIST CSF, CIS Controls, ISO 27001, and Zero Trust principles.
• Nice to have - Experience with Terraform, and DevOps processes on GitHub.
• Bachelor’s degree in Computer Science, Information Security, or equivalent practical experience.

Certifications (Preferred):

• Microsoft Certified: Security Operations Analyst Associate
• Microsoft Certified: Identity & Access Administrator Associate
• Microsoft Certified: Information Protection Administrator Associate
• Microsoft 365 Certified: Enterprise Administrator Expert
• CompTIA Security+ / CySA+ / MS-500

Why Join Us

• Join a modern, digital-first bank where you’ll engineer and protect the identity, data, and devices that power our business. As part of the Cloud Security Operations team, you’ll shape and secure our endpoint and User environments in a fast-paced, cloud-native environment. You’ll collaborate across Cyber Defence, Risk, and Cloud Engineering functions, developing automation and intelligence that drive resilience, regulatory compliance, and customer trust.Here, you’ll be empowered to secure identity, protect data, and enable innovation at the forefront of South African digital banking.

Skills

Action Planning, Adaptive Thinking, Computer Literacy, Data Classification, Data Compilation, Data Controls, Data Modeling, Data Recovery, Digital Literacy, Information Technology (IT) Support, Legal Practices, Numerical Aptitude, Report Review, Test Case Management

Competencies

Collaborates

Communicates Effectively

Cultivates Innovation

Decision Quality

Ensures Accountability

Manages Complexity

Nimble Learning

Optimizes Work Processes

Education

NQF Level 7 - Degree, Advance Diploma or Postgraduate Certificate or equivalent

Closing Date

03 June 2026 , 23:59

The appointment will be made from the designated group in line with the Employment Equity Plan of Old Mutual South Africa and the specific business unit in question.

The Old Mutual Story!