Del van Rooyen
Johannesburg
Summary
Visionary executive with 25+ years’ experience driving transformation in Corporate Governance, Non-Financial Risk, and Information Security across Financial Services, Manufacturing, and Retail. Renowned for building and leading high-performance teams, optimizing risk management frameworks, and delivering operational resilience. Passionate about strategic change, stakeholder engagement, and embedding a culture of safety, justice, and continuous improvement.
Overview
28
28
years of professional experience
1
1
Certification
Work History
Chief Non-Financial Risk Officer & Group CISO
Sasfin Bank
01.2025 - Current
- Established and led enterprise-wide risk management systems covering Operational, IT, and Cyber risk domains.
- Directed Data Governance initiatives, developed frameworks and policies, and ensured compliance with 25+ legislative requirements.
- Oversaw third-party risk management, vendor governance, and business continuity planning at board and executive levels.
- Chaired the Data Governance Committee and led monthly Data Stewards Forums, reporting directly to the Board.
Group Chief Information Security Officer
Sasfin Bank
01.2022 - Current
- Built and scaled a cybersecurity team, achieving industry-leading staff retention and professional development.
- Led digital transformation, cyber resilience, and risk assurance strategies, including privileged access management and SOC-as-a-Service migration.
- Advanced regulatory compliance and risk governance as chair of the Cybersecurity Committee and SABRIC Cybersecurity Forum.
- Reduced incidents through behavioral analytics-based training and automated vulnerability management.
Chief Technology Officer: Identity & Access Management
Investec Bank
01.2016 - 12.2021
- Developed and implemented enterprise-wide IAM strategy, resolving cloud, privileged, and data access risks.
- Chaired User Access Steerco and partnered with Operational Risk to align technology with business needs.
- Achieved operational excellence through decentralized governance and process automation.
IT Security, GRC & Service Manager
Investec Bank
08.2009 - 12.2015
- Directed IT governance, risk management, security, and operational resilience for the Corporate and Institutional Banking division.
- Fostered a culture of proactive risk mitigation, strategic alignment, and continuous improvement between business and IT.
- Pioneered access governance, led identity and access management, and implemented robust security controls and compliance frameworks.
- Oversaw service management for outsourced IT functions, delivered major projects including a division-wide infrastructure upgrade that improved performance by about 60%.
- Built and led a first-line production support team, improving service management and operational efficiency.
- Enhanced business continuity through innovative testing approaches and coordinated resilience planning.
Previous Audit Positions
Standard Bank Group, The Linde Group, Altria, KPMG, ABSA
01.1998 - 08.2009
- Led global audit teams, managed SAP and SOX compliance, and developed standards for IT and operational audits.
- Delivered training, change management, and process improvement across multinational environments.
Education
Corporate Governance
Institute of Directors South Africa
Johannesburg, South Africa11-2024
MBA (Commendation) - Business Administration And Management
Kingston University
LondonNational Diploma - Internal Auditing
Tshwane University of Technology
Pretoria, South AfricaSkills
- Strategic Leadership & Governance
- Policy development and regulatory compliance
- Stakeholder engagement and cross-functional collaboration
- Risk Management & Assurance
- Cybersecurity & Information Security
- Data Governance & Analytics
- Operational Excellence
- Vendor management frameworks and due diligence
- Change management and service delivery optimization
- Technical Proficiency
- Training program design and delivery (staff, board, clients)
- Promoting a data-centric and security-aware culture
Certification
CISSP, CISA, CIA, CIAM, CObIT5, OPSE, ITIL3, Prince2 Practitioner, ACI Treasury Ops
Timeline
Chief Non-Financial Risk Officer & Group CISO
Sasfin Bank
01.2025 - Current
Group Chief Information Security Officer
Sasfin Bank
01.2022 - Current
Chief Technology Officer: Identity & Access Management
Investec Bank
01.2016 - 12.2021
IT Security, GRC & Service Manager
Investec Bank
08.2009 - 12.2015
Previous Audit Positions
Standard Bank Group, The Linde Group, Altria, KPMG, ABSA
01.1998 - 08.2009
Corporate Governance
Institute of Directors South Africa
MBA (Commendation) - Business Administration And Management
Kingston University
National Diploma - Internal Auditing
Tshwane University of Technology
Board & Committee Engagement
- Chair, Cybersecurity Committee (Sasfin)
- Chair, SABRIC Cybersecurity Forum (Banking Industry)
- Presenter, Executive Governance Committee, Non-Executive IT Board Committee (Sasfin)
- Member, Anti-Financial Crime Forum, Architecture Approval Board (Sasfin)