132 Chief Security Officer jobs in South Africa

SUMMARY :

Managed Talent Solutions is looking for a seasoned ChiefInformation Security Officer (CISO) for one of their client based in Centurion to lead enterprise-wide cyber security efforts. In this strategic leadership role, the successful candidate will be responsible for driving the Group’s information security strategy, ensuring the protection of the company’s digital assets, systems and data. The Chief Information Security Officer will play a critical part in upholding regulatory compliance, managing cyber risk, and strengthening the company's reputation as a trusted service provider.

POSITION INFO :

Qualifications / Requirements :

• Matric plus, Degree in Information Technology, Business Administration, or related field.
• 7+ years of experience in cybersecurity, risk management, and IT leadership .
• 7 years in a senior information security management role .
• Professional Certifications : CISSP, CISM, CISA, CCSP , or equivalent.
• Deep understanding of security frameworks : ISO 27001, PCI-DSS, NIST, SSAE 18.
• Strong background in security tools and technologies (IAM, IDS / IPS, DLP, etc.).
• Ability to lead complex projects in a matrixed, multi-stakeholder environment.
• Proven experience in vendor and contract security negotiations.
• Strong leadership, communication, and analytical skills.
• Strategic and innovative thinking
• Leadership and influence
• Risk and compliance acumen
• Project and resource management
• Exceptional stakeholder communication
• Report writing and dashboard presentation
• Coaching and mentoring for performance

Responsibilities include :

• Matric plus, Degree in Information Technology, Business Administration, or related field.
• 7+ years of experience in cybersecurity, risk management, and IT leadership .
• 7 years in a senior information security management role .
• Professional Certifications: CISSP, CISM, CISA, CCSP , or equivalent.
• Deep understanding of security frameworks: ISO 27001, PCI-DSS, NIST, SSAE 18.
• Strong background in security tools and technologies (IAM, IDS/IPS, DLP, etc.).
• Ability to lead complex projects in a matrixed, multi-stakeholder environment.
• Proven experience in vendor and contract security negotiations.
• Strong leadership, communication, and analytical skills.
• Strategic and innovative thinking
• Leadership and influence
• Risk and compliance acumen
• Project and resource management
• Exceptional stakeholder communication
• Report writing and dashboard presentation
• Coaching and mentoring for performance

• Develop and execute the companys information security strategy aligned with business goals and digital innovation.
• Serve as a trusted advisor to executives, balancing innovation and cyber risk.
• Drive secure adoption of technologies including cloud, AI, and data analytics.
• Identify and mitigate cybersecurity threats (e.g., ransomware, data breaches, insider threats).
• Lead security assessments, technology deployments and compliance audits.
• Collaborate with ICT, PMO and Group Risk to manage enterprise-wide security initiatives.
• Ensure compliance with POPIA, GDPR, ISO 27001 and industry standards (NIST, PCI-DSS, CIS).
• Minimise legal, reputational and financial risk through proactive governance.
• Develop and enforce the companys Cyber Incident Response Plan (CIRP).
• Oversee disaster recovery and continuity planning.
• Lead security audits, assessments, and real-time threat investigations.
• Implement training programs to build cybersecurity awareness across all departments.
• Foster a culture of shared responsibility and high performance within the security function.

Information Security & Risk Management Analyst

Date Posted: 09/02/2025
Req ID: 45029
Faculty/Division: VP - Division of University Advancement
Department: Advancement Services
Campus: St. George (Downtown Toronto)
Position Number:

Description:

About us: The Division of University Advancement (DUA) aims to sustain and enhance the University’s academic mission, leadership, and worldwide impact, by engaging alumni and private sector constituents meaningfully in the mission of the University, building mutually beneficial relationships of increasing value and satisfaction over time.

DUA at the University of Toronto is engaged in a transformative agenda deeply rooted in the University’s vision for growth and innovation. We are focused on growing fundraising efforts; enhancing the effectiveness and satisfaction of alumni engagement and programs; building advancement talent capacity within and across divisions and creating an organization and culture that fosters diversity and inclusiveness.

Your opportunity:

The Information Security & Risk Management Analyst will join a dynamic and innovative team focused on delivering technology solutions with comprehensive analysis in support of DUA’s information systems and program initiatives.

The incumbent analyzes complex projects, business/operational practices, digital platforms, services and devices, for information security aspects such as disaster recovery, business continuity, and use of standard architecture design patterns and services such as enterprise identity and access management and standards-based application deployment. This work is realized by the execution of a Threat Risk Assessment (TRA). The incumbent reviews the storage, use, transmission and or modification of information within division and across the Advancement community, including restricted, confidential and public information, and other definitions as required by the business unit or project. The identification of potential information security and privacy risks is done through a Privacy Impact Assessments (PIA).

The incumbent helps develop and deliver outreach and awareness campaigns and contributes to guidelines and practices to implement University policy on the protection of digital assets, and information risk. The incumbent will bring highly developed interpersonal skills, and a strong information security posture to the team, in pursuit of information security goals. The responsibilities are designed to address information security and privacy risks to all types of assets, including the convergence of people, process, regulatory and technology risks.

The incumbent has frequent interaction with all levels of University Advancement community, including stakeholders in divisions and departments; and central departments such as FIPP Office. As a privacy subject matter expert, the incumbent provides guidance to stakeholders to help them assess and understand potential privacy risks. The incumbent will engage with stakeholders to understand current business processes and identify optimal strategies for transitioning these processes, workflows, and data to existing or new systems as well as leading complex system integration projects.

• Analysing projects or business practices to identify potential privacy and security risks through Threat/Risk Assessments (TRA) and Privacy Impact Assessments (PIA)
• Conducting application vulnerability assessments and/or penetration testing and interpreting the results for business unit staff
• Preparing documents for the protection of restricted or confidential information, or need thereof, and the reduction of service risks such as loss of availability due to inadequate service design, compromise of services due to inadequate design or maintenance procedures through the application of University, industry and regulatory standards, guidelines and procedures
• Analysing and recommending options for risk management based on the assessment and knowledge of current and emerging information security threats to project owners or business units
• Training data users on privacy principles as they relate to their duties. Providing education and awareness to end-users units in understanding the University’s information security procedures, standards and guidelines.
• Implementing risk management plans and processes
• Keeping well-informed on changes to applicable regulatory and legislative requirements
• Advising clients and technical subject matter experts on best practice for documenting system requirements

• Bachelor's Degree or acceptable combination of equivalent experience.
• Minimum four years of related experience working in a similar capacity, with demonstrated experience in information security and risk management, and/or risk analysis.
• Experience in analysis of information system hardware, operating systems, middleware, application software, and network devices to find vulnerabilities or risks and provide recommendations on risk mitigations.
• Strong knowledge of privacy and security concepts, trends, and issues; including an understanding of their impact on business processes, as well as skills with interpretation and communication of principles and compliance requirements.
• Knowledge of applicable legislation such as Freedom of Information and Protection Act (FIPPA).
• Ability to interpret and apply University guidelines pertaining to access to records and the protection of privacy.
• Strong knowledge of information security frameworks, incident response practices, industry standards, trends, and issues.
• Experience and familiarity with a broad range of technologies (operating systems, networking, cloud and on-prem services, etc.) with the ability to find vulnerabilities provide recommendations for mitigation.
• Experience of Threat-Risk Assessment and Privacy Impact Assessment processes.
• Demonstrated strong analytical ability, attention to detail and problem-solving skills.
• Good organizational skills and the ability to work accurately and quickly under pressure with frequent interruptions.
• Demonstrated ability to exercise initiative, respond to changing priorities.
• Demonstrated effective oral and written communication skills including both technical and business writing, documentation and presentation skills.
• Ability to explain technical concepts to a wide range of non-technical users, both orally and in writing.
• Strong time management and organizational skills with the ability to work within tight timelines.
• Strong commitment to equity, diversity, inclusion, and the promotion of a respectful and collegial learning and working.

• An appreciation for / exposure to information security and threat/risk analysis activities.
• Ability to identify areas of vulnerability in the use, storage or modification of personal information.
• Understanding of project management and procurement processes.
• Security and/or privacy certifications, or progress in their pursuit.
• ITIL foundations level (or higher) certification.
• Familiarity with the University environment, governance, and policies.

• Motivated self-learner
• Organized
• Perceptive
• Resilient

Closing Date: 09/11/2025, 11:59PM ET
Employee Group: USW
Appointment Type : Budget - Continuing
Schedule: Full-Time
Pay Scale Group & Hiring Zone:
USW Pay Band 12 -- $81,312, with an annual step progression to a maximum of $103,986. Pay scale and job class assignment is subject to determination pursuant to the Job Evaluation/Pay Equity Maintenance Protocol.
Job Category: Information Technology (IT)
Recruiter: Fiona Chan

Lived Experience Statement
Candidates who are members of Indigenous, Black, racialized and 2SLGBTQ+ communities, persons with disabilities, and other equity deserving groups are encouraged to apply, and their lived experience shall be taken into consideration as applicable to the posted position.

Diversity Statement

The University of Toronto embraces Diversity and is building a culture of belonging that increases our capacity to effectively address and serve the interests of our global community. We strongly encourage applications from Indigenous Peoples, Black and racialized persons, women, persons with disabilities, and people of diverse sexual and gender identities. We value applicants who have demonstrated a commitment to equity, diversity and inclusion and recognize that diverse perspectives, experiences, and expertise are essential to strengthening our academic mission.

As part of your application, you will be asked to complete a brief Diversity Survey. This survey is voluntary. Any information directly related to you is confidential and cannot be accessed by search committees or human resources staff. Results will be aggregated for institutional planning purposes. For more information, please see

Accessibility Statement

The University strives to be an equitable and inclusive community, and proactively seeks to increase diversity among its community members. Our values regarding equity and diversity are linked with our unwavering commitment to excellence in the pursuit of our academic mission.

The University is committed to the principles of the Accessibility for Ontarians with Disabilities Act (AODA). As such, we strive to make our recruitment, assessment and selection processes as accessible as possible and provide accommodations as required for applicants with disabilities.

If you require any accommodations at any point during the application and hiring process, please contact

Canonical is recruiting a Security Risk Management Specialist in Cape Town, Western Cape, South Africa.

In security risk management we harness industry best practices and drive innovation in security risk assessments and modelling. The security risk management team owns the strategy and practices for identifying, tracking, and reducing Canonical's security risk across the organisation. You will help establish and execute a broad strategic vision for the security risk program and will work cross-functionally with teams across Canonical. The team contributes ideas for Canonical product security, improving the resilience and robustness of Ubuntu customers and users subject to cyber attacks. The team also collaborates with our Organisational Learning and Development team to develop playbooks and facilitate security training.

• Define Canonical's security risk management standards and playbooks
• Analyse and improve Canonical's security risk practices
• Evaluate, select and implement new security requirements, tools and practices
• Grow the presence and thought leadership of Canonical security risk management practice
• Develop Canonical security risk learning and development materials
• Work with Security leadership to present information and influence change
• Participate in developing key risk indicators, provide inputs to the development of key control indicators, and key performance indicators for various programs
• Apply statistical models to risk frameworks (such as FAIR, sensitivity analysis, and others)
• Participate in risk management, decision-making, and collaborative discussions
• Lead quantified risk assessments and understand the value of qualitative data for improvements to quality and engineering processes
• Interpret internal or external cyber security risk analyses in business terms and recommend a responsible course of action
• Develop templates and materials to help with self-service risk management actions
• Monitor and identify opportunities to improve the effectiveness of risk management processes
• Launch campaigns to perform security assessments and help mitigate security risks across the company
• Build evaluation methods and performance indicators to measure efficiency of security functions and capabilities

• An exceptional academic track record
• Undergraduate degree in Computer Science or STEM, or a compelling narrative about your alternative path
• Drive and a track record of going above-and-beyond expectations
• Deep personal motivation to be at the forefront of technology security
• Leadership and management ability
• Excellent business English writing and presentation skills
• Problem-solver with excellent communication skills, a deep technical understanding of security assessments and risk management
• Expertise in threat modelling and risk management frameworks
• Broad knowledge of how to operationalize the management of security risk
• Experience in Secure Development Lifecycle and Security by Design methodology

• Distributed work environment with twice-yearly team sprints in person
• Personal learning and development budget of USD 2,000 per year
• Annual compensation review
• Recognition rewards
• Annual holiday leave
• Maternity and paternity leave
• Employee Assistance Programme
• Opportunity to travel to new locations to meet colleagues
• Priority Pass, and travel upgrades for long haul company events

Canonical is a pioneering tech firm at the forefront of the global move to open source. As the company that publishes Ubuntu, one of the most important open source projects and the platform for AI, IoT and the cloud, we are changing the world on a daily basis. We recruit on a global basis and set a very high standard for people joining the company. We expect excellence — in order to succeed, we need to be the best at what we do. Canonical has been a remote-first company since its inception in 2004. Working here is a step into the future, and will challenge you to think differently, work smarter, learn new skills, and raise your game.

Canonical is an equal opportunity employer.

We are proud to foster a workplace free from discrimination. Diversity of experience, perspectives, and background create a better work environment and better products. Whatever your identity, we will give your application fair consideration.

• Seniority level: Entry level
• Employment type: Full-time
• Job function: Finance and Sales
• Industries: Software Development

Join to apply for the Information Security Management System (ISMS) Specialist role at Vector Logistics

Join to apply for the Information Security Management System (ISMS) Specialist role at Vector Logistics

Overview

We are a Supply Chain and Sales & Merchandising partner adding value to your business through a fully integrated, temperature-controlled network in Southern Africa.

Permanent

Midrand

Overview

We are a Supply Chain and Sales & Merchandising partner adding value to your business through a fully integrated, temperature-controlled network in Southern Africa.

But we are also more than that. We are people serving people. While we boast the best in tech and infrastructure, our people are our greatest resource. With our skilled, curious, can-do people at the forefront, our assets become your assets, our service your solutions.

Vector’s vehicle fleet includes a food industry first in ‘multi-temperature’ vehicles enabling the company to service business across frozen, chilled and ambient temperature zones on a single delivery.

Job Purpose

Information Security Management System (ISMS) Specialist is responsible for the end-to-end implementation, maintenance, and continuous improvement of the Information Security Management System (ISMS) in accordance with ISO/IEC 27001 standards. The incumbent will play a pivotal role in ensuring the confidentiality, integrity, and availability of our information assets, while also ensuring compliance with legal and regulatory requirements.

Key Responsibilities

ISMS Development And Implementation

• Lead the design, implementation, and continuous improvement of an ISMS aligned with ISO/IEC 27001 and other relevant frameworks (e.g., NIST, POPIA, CIS, CSA etc.).
• Develop, implement, and maintain information security policies, procedures, and guidelines.
• Assess existing information security practices and recommend improvements.
• Ensure the organization's ISMS aligns with business needs, regulatory requirements, and industry best practices.
  
  

• Perform risk assessments to identify potential security risks to the organization's information assets in alignment to ISO 31000.
• Develop risk treatment plans and assist in the implementation of risk mitigation strategies.
• Conduct ongoing risk assessments and audits to ensure the effectiveness of the ISMS.
  
  

• Ensure compliance with ISO/IEC 27001 and other industry standards and regulations.
• Prepare the organization for certification audits and support the audit process.
• Coordinate with auditors and certification bodies.
• Maintain records and documentation to ensure traceability and compliance with ISMS requirements.
  
  

• Provide training to staff and management on information security best practices, policies, and compliance requirements.
• Promote a culture of information security awareness across the organization.
• Support the creation of an internal security awareness program.
  
  

• Assist in the development and testing of incident response plans.
• Provide guidance and support in handling information security incidents.
• Ensure incidents are documented and reported in accordance with regulatory and contractual obligations & assist in post-incident analysis to determine the cause and recommend preventive actions.
  
  

• Define and monitor ISMS-related KPIs and metrics.
• Monitor and report on the performance of the ISMS, identifying areas for improvement.
• Monitor compliance with security policies and procedures.
• Lead regular internal audits to assess the effectiveness of the ISMS.
• Recommend and implement improvements based on audit findings, risk assessments, and evolving industry practices.
• Keep up-to-date with emerging threats, vulnerabilities, and regulatory changes.
  
  

• Assess and monitor third-party vendors and service providers for information security compliance.
• Assist in the integration of ISMS controls into third-party contracts and SLAs.
  
  

• This role plays a critical role in managing and maintaining relationships with both internal and external stakeholders.
• These interactions are essential for ensuring the organization’s security posture is robust and aligned with its strategic objectives.
  
  

• Bachelor’s Degree: A bachelor’s degree in information security, Computer Science, Information Technology, or a related field is required.
• Mandatory Requirement: ISO27001 Lead Implementer Preferrable: ISO27001 Lead Auditor, Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA)
• The ISMS Specialist role demands a robust combination of technical expertise, specialized knowledge, and strong leadership abilities. The ideal candidate must have an intrinsic understanding of the ISMS statement of applicability.
• The ideal candidate should possess in-depth knowledge of information security frameworks such as ISO/IEC 27001, NIST, and CIS Controls. Familiarity with IT governance frameworks (e.g., COBIT, ITIL)., and have extensive experience in risk management, incident response, and compliance, particularly with South African regulations like POPIA and the Cybercrimes Act.
• Soft skills such as excellent communication, adaptability, attention to detail, and ethical judgment are also vital, enabling the Information Security Compliance Specialist to convey complex security concepts, adapt to evolving threats, and uphold the highest standards of security and privacy within the organization. Experience in BIA, BCM, DR.Include experience in vulnerability management, patching, JML.
• Minimum of 7-10 years of experience in the field of information security, cybersecurity, or a related discipline, with at least 1-3 years in a managerial or leadership capacity. This experience should include hands-on management of security frameworks such as ISO/IEC 27001 and NIST, as well as significant exposure to risk management, incident response, and compliance with industry regulations.
• Proven experience of leading ISO/IEC 27001 certification projects and certification maintenance.
• Experience in working with ISO27001 certification bodies.
• Development of audit and ISMS remediation plans.
• Familiarity with data protection laws and industry regulations.
• Relevant professional certifications such as CISM, CRISC, or CISA, which validate their expertise in key areas of information security. Knowledge of security tools, including Microsoft Sentinel, CyberReason, and Microsoft Defender, is essential for managing the organization’s security posture effectively.
  
  

• Strategic Thinking: Ability to align security strategies with business objectives and anticipate future challenges.
• Technical Expertise: Knowledge of security frameworks, technologies, and tools, with strong proficiency in threat analysis and mitigation.
• People Management: Strong leadership skills to build, manage, and effectively leverage external resources.
• Decision-Making and Judgment: High discretion in making critical security decisions, balancing immediate needs with long-term goals.
• Collaboration and Communication: Excellent interpersonal skills for engaging with both technical and non-technical stakeholders and building strong relationships.
• Problem-Solving and Analytical Skills: Strong analytical abilities to assess and resolve complex security issues across organizational boundaries.
• Compliance and Regulatory Knowledge: In-depth understanding of relevant regulations and standards, ensuring ongoing compliance.
• Adaptability and Resilience: Ability to adapt to changing security landscapes and manage high-pressure situations.
• Ethical Integrity: Commitment to upholding the highest ethical standards in all security practices
  
  

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Information Technology
• Industries Transportation, Logistics, Supply Chain and Storage

Referrals increase your chances of interviewing at Vector Logistics by 2x

Johannesburg, Gauteng, South Africa 2 days ago

Johannesburg, Gauteng, South Africa 1 week ago

Johannesburg Metropolitan Area 3 days ago

Johannesburg, Gauteng, South Africa 1 month ago

Randburg, Gauteng, South Africa 4 days ago

Johannesburg, Gauteng, South Africa 1 week ago

Randburg, Gauteng, South Africa 5 days ago

Pretoria, Gauteng, South Africa 2 weeks ago

Johannesburg Metropolitan Area 3 days ago

Centurion, Gauteng, South Africa 4 days ago

Johannesburg, Gauteng, South Africa 1 day ago

Johannesburg, Gauteng, South Africa 6 days ago

Johannesburg, Gauteng, South Africa 5 days ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Information Security Management System (ISMS) Specialist

Permanent

Midrand

Overview

We are a Supply Chain and Sales & Merchandising partner adding value to your business through a fully integrated, temperature-controlled network in Southern Africa.

But we are also more than that. We are people serving people. While we boast the best in tech and infrastructure, our people are our greatest resource. With our skilled, curious, can-do people at the forefront, our assets become your assets, our service your solutions.

Vector’s vehicle fleet includes a food industry first in ‘multi-temperature’ vehicles enabling the company to service business across frozen, chilled and ambient temperature zones on a single delivery.

Job Purpose
Information Security Management System (ISMS) Specialist isresponsible for the end-to-end implementation, maintenance, and continuousimprovement of the Information Security Management System (ISMS) in accordancewith ISO/IEC 27001 standards. The incumbent will play a pivotal role inensuring the confidentiality, integrity, and availability of our informationassets, while also ensuring compliance with legal and regulatory requirements.

Key Responsibilities

ISMS Development and Implementation:

• Lead the design, implementation, and continuous improvement of an ISMS aligned with ISO/IEC 27001 and other relevant frameworks (e.g., NIST, POPIA, CIS, CSA etc.).
• Develop, implement, and maintain information security policies, procedures, and guidelines.
• Assess existing information security practices and recommend improvements.

• Ensure the organization's ISMS aligns with business needs, regulatory requirements, and industry best practices.

Risk Assessment and Management:

• Perform risk assessments to identify potential security risks to the organization's information assets in alignment to ISO 31000.
• Develop risk treatment plans and assist in the implementation of risk mitigation strategies.
• Conduct ongoing risk assessments and audits to ensure the effectiveness of the ISMS.

Compliance and Audits:

• Ensure compliance with ISO/IEC 27001 and other industry standards and regulations.
• Prepare the organization for certification audits and support the audit process.
• Coordinate with auditors and certification bodies.
• Maintain records and documentation to ensure traceability and compliance with ISMS requirements.

Training and Awareness:

• Provide training to staff and management on information security best practices, policies, and compliance requirements.
• Promote a culture of information security awareness across the organization.
• Support the creation of an internal security awareness program.

Incident Response and Management:

• Assist in the development and testing of incident response plans.
• Provide guidance and support in handling information security incidents.
• Ensure incidents are documented and reported in accordance with regulatory and contractual obligations & assist in post-incident analysis to determine the cause and recommend preventive actions.

Continuous Improvement:

• Define and monitor ISMS-related KPIs and metrics.
• Monitor and report on the performance of the ISMS, identifying areas for improvement.
• Monitor compliance with security policies and procedures.
• Lead regular internal audits to assess the effectiveness of the ISMS.
• Recommend and implement improvements based on audit findings, risk assessments, and evolving industry practices.
• Keep up-to-date with emerging threats, vulnerabilities, and regulatory changes.

Vendor and Third-Party Risk Management:

• Assess and monitor third-party vendors and service providers for information security compliance.
• Assist in the integration of ISMS controls intothird-party contracts and SLAs.

Key Relationships

Key Relationship 1

• This role plays a critical role in managing and maintaining relationships with both internal and external stakeholders.
• These interactions are essential for ensuringthe organization’s security posture is robust and aligned with its strategicobjectives.