165 Cybersecurity Analysts jobs in South Africa
Information Security Analyst
Posted today
Job Viewed
Job Description
Introduction
Through our client-facing brands Metropolitan and Momentum, with Multiply (wellness and rewards program), and our other specialist brands, including Guardrisk and Eris Property Group, the group enables business and people from all walks of life to achieve their financial goals and life aspirations.We help people grow their savings, protect what matters to them and invest for the future. We help companies and organization's care for and reward their employees and members. Through our own network of advisers or via independent brokers and utilising new platforms Momentum Metropolitan provides practical financial solutions for people, communities, and businesses. Visit us at
Disclaimer
As an applicant, please verify the legitimacy of this job advert on our company career page.
Role Purpose
This position is responsible for performing various tasks. This role is also required to conduct ongoing research in the IT security arena and regularly assist in the sales process.The ideal candidate will be responsible for conducting comprehensive penetration tests, identifying vulnerabilities, and providing recommendations to improve security posture. The ideal candidate must have experience in all forms of complex technical security assessments of clients' information technology systems (including the Internet, Intranet, applications, hosts, firewalls, mobile applications, etc.) and related policies and procedures. They must be highly motivated and have a good command of industry best practices.
Requirements
5+ years of experience in penetration testing, vulnerability assessment, or a related field.
Deep knowledge of security testing methodologies and frameworks (OWASP, NIST, etc.).
Proficiency with advanced penetration testing tools such as Metasploit, Burp Suite, Nessus, Nmap, etc.
Strong scripting skills (Python, Bash, PowerShell, etc.) for automating security tasks.
In-depth understanding of network protocols, operating systems, web technologies, and cloud environments.
CISSP and CEH certification preferred.
OSCP, OSEP, CCSP, CRTE, CRTP, or CRTO certification or equivalent is an advantage.
Duties & Responsibilities
Lead and conduct comprehensive penetration tests on networks, applications, and systems to identify security weaknesses.
Develop and implement advanced security test plans, scenarios, and scripts.
Perform in-depth vulnerability assessments and security analysis using both automated tools and manual techniques.
Document and report security findings, providing actionable insights to clients and detailed recommendations for remediation.
Collaborate with cross-functional teams to prioritize and resolve security vulnerabilities.
Research and stay current with emerging security threats, vulnerabilities, and technology trends.
Participate in security incident response activities when required.
Assist in the development and refinement of security policies, procedures, and standards.
Provide training, guidance, and mentorship to junior penetration testers and other security staff.
Perform security assessments, including application scans (using tools such as Nessus, Burp Suite) and code reviews, to ensure compliance with Momentum Group's SDLC policies.
Participate in a variety of other internal security projects and information security activities as required.
Competencies
Strong knowledge of OWASP Top 10 vulnerabilities and how to exploit/mitigate them.
Excellent technical writing skills for creating detailed assessment reports.
Self-driven, motivated, independent yet communicative and collaborative.
Ability to work unsupervised in a remote capacity and deliver results.
Good organizational skills and time management; ability to resolve conflicts, prioritize tasks, and follow quality benchmarks.
Strong verbal communication skills for presenting findings to technical and non-technical stakeholders.
Demonstrate a strong ability to engage with various stakeholders, have a team-based approach, and work towards shared goals and outcomes.
Ability to think outside the box and a passion to improve your skills and drive innovation.
Information Security Analyst
Posted today
Job Viewed
Job Description
Company Description
INTERCERT is a multinational company headquartered in Texas, USA, operating in over 28 countries. Founded in 2009, INTERCERT is dedicated to building a secure and sustainable world through customer-centric services. We are accredited by leading organizations, including America's accreditation board under IAF for ISO Certification Services, Cloud Security Alliance for CSA STAR Certification services, AICPA CPA Firm for SOC1 & SOC2 Audit Attestation and CREST accreditation for PEN Testing Services. Our services also encompass CMMC, PCI DSS Certification, and Data Protection compliance for standards such as GDPR, HIPAA, and Cybersecurity frameworks. With a team of over 150 experienced assessors, we deliver global assessment services with a focus on compliance and excellence.
Role Description
This is a full-time, on-site role for an Information Security Analyst / Interns at INTERCERT INC., located in South Africa. The Information Security Analyst / Intern will be responsible for day-to-day tasks such as assist with the planning and execution of GRC audits such as ISO 27001, ISO 22301, ISO 27701, SOC2, GDPR etc.
Qualifications
Bachelor's Degree or equivalent focused on Information
Security/Cybersecurity
Experience Level
0-6 months
Roles and Responsibilities
Assist with the planning and execution of GRC audits such as ISO 27001, ISO 22301, ISO 27701, SOC2, GDPR etc.
Help assess the design and effectiveness of internal controls, including business and IT controls.
Prepare reports and documentation for external audits and communicate audit findings and recommendations.
Stay updated on evolving regulatory changes, industry standards, and best practices related to GRC, risk management, and auditing.
Information Security Analyst II
Posted 18 days ago
Job Viewed
Job Description
Overview
Nedbank, Johannesburg, Gauteng, South Africa
Position: Information Security Analyst II
Requisition Details & Talent Acquisition Specialist
REQ - Thembile Ndlovu
Closing Date: 03 September 2025
Available Roles: 2
Career Stream: IT Risk
Leadership Pipeline: Manage Self: Technical
Job PurposeTo analyse information security related tasks within the ambit of existing information security policies, standards and processes, procedures and practices as well as business rules. Working independently to deliver on work tasks. Mentor Administrators and Analyst I. Collaborate with other specialists to execute analysis work tasks, perform operational tasks, question, recommend and update improvements to the existing policies, process and procedures. To ensure stability and up-time for areas the incumbent takes responsibility for, which could require availability on demand to perform job related duties outside of normal working hours.
Job Responsibilities- Capture timesheets timeously and accurately
- Capture claims timeously and accurately
- Propose solutions that must be cost effective whilst meeting information security requirements within budget.
- Participate in negotiations on fair pricing from vendors for new technologies procured.
- Manage and/or resolve low, medium and high incidents and engage with Specialists to resolve the high complexity incidents.
- Build relationships with stakeholders to facilitate the flow of knowledge, input and discussion on new products and solutions as required by stakeholders.
- Facilitate and manage the incident and problem management process when stakeholder environments are affected.
- Oversee the implementation of the information security changes and check for the shortcomings and risks.
- Interpret MIS and system logs/reports with the view to analyse and correct any deviations against standards and best practices.
- Participate in the implementation of new products as provided in the selection criteria.
- Act as the 1st point of problem resolution for non-routine incidents and 1st line support for problems.
- Ensure compliance to standards and practices by familiarizing and keeping abreast of information security policies, rules, standards and processes, procedures and practices as well as business rules.
- Document and maintain all relevant processes and procedures mindful of current policies and standards.
- Create and maintain information security standards.
- Oversee and monitor the information security environment according to set standards.
- Review and contribute to project documentation including business requirements, designs and implementation.
- Create design documentation according to relevant standards and practices
- Implement specific information security technologies.
- Gain further exposure and experience on multiple technologies by job shadowing Information Security Analysts III and Technical Specialist.
- Log, submit and implement low, medium and high risk changes independently.
- Provide guidance and supervision to Administrators and Analyst I on implementation and changes.
- Oversee and ensure change was successful in certain cases and when required perform unit testing.
- Oversee and ensure back-ups are done, documents are stored and statuses updated.
- Analyse logs and reports independently and provide supervision to Administrators and Analyst I.
- Monitor and action Service Manager low, medium and high impact incidents and emails related to Information Security.
- Ensure job related tasks and processes are in place.
- Ensure that the logging and submitting of all relevant incidents have taken place and resolve low, medium and high incidents.
- Conduct risk and root cause analyses around exceptions, queries, incidents as per operational procedures with the relevant internal and external stakeholders and provide feedback, confirm stakeholder satisfaction.
- Keep abreast of legislation and other industry changes that impacts on role by reading the relevant newsletters, websites and attending sessions.
- Improve personal capability and stay abreast of developments in field of expertise by identifying training courses and career progression opportunities for self through input and feedback from managers.
- Ensure information is provided correctly to stakeholders by maintaining knowledge sharing with team.
- Transfer of knowledge to team members.
- Identify and recommend opportunities to enhance processes, systems and policies and support implementation of new processes, policies and systems.
- Initial focus will be to implement Identity and Access Management (IAM), encryption, and network security in both Azure and AWS.
- Support and maintain both Azure and AWS across Infrastructure as Code, containers and applications pipelines.
- Very strong networking skills.
- Experience with multiple security technologies.
- Building relationships with I&O Teams.
- Matric / Grade 12 / National Senior Certificate
- Advanced Diplomas/National 1st Degrees
- Degree or certification in computer science or similar field
- Microsoft and AWS certifications: SC-200, SC-300, SC-400, Azure Security Engineer Associate, Azure Solutions Architect Expert, Cybersecurity Architect, and AWS certifications listed below
- AWS Certified Solutions Architect – Associate
- AWS Certified SysOps Administrator – Associate
- AWS Certified Solutions Architect – Professional
- AWS Certified DevOps Engineer – Professional
- Strong knowledge on Linux Operating System
- Strong knowledge on Linux Networks
- Strong knowledge in Linux virtualization
- Knowledge of scripting languages: Python, PowerShell, Bash, JavaScript/TypeScript, Terraform, YAML and JSON
- SABSA – Sherwood Applied Business Security Architecture would be preferable
- Good knowledge to ensure compliance with ISO 27001, GDPR, NIST and CSA guidelines
- At least 8 years in an IT environment of which at least 5 years in information security
- Cloud platform knowledge – AWS and Azure
- Networking knowledge – WAN, LAN and routing
- Low-level design documentation skills
- Knowledge of CSA, NIST and ISO frameworks
- Experience delivering high-quality design for cloud environments including Kubernetes and cloud PaaS services
- Experience working with large cross-functional teams
- Experience working in high pressure demanding environments
- Administrative procedures and systems
- Data analysis
- Governance, Risk and Controls
- Principles of project management
- Relevant regulatory knowledge
- Relevant software and systems knowledge
- Cluster Specific Operational Knowledge
- System Development Life Cycle (SDLC)
- TCP/IP
- Information Security terms and definitions
- Relevant Operating System
- Information Security policies and procedures
- Vendor Management Principles
- Applied Learning
- Communication
- Collaborating
- Customer Focus
- Initiating Action
- Managing Work
- Technical/Professional Knowledge and Skills
Contact: Nedbank Recruiting Team at
Seniority level- Associate
- Full-time
- Information Technology
Referrals increase your chances of interviewing at Nedbank by 2x
#J-18808-LjbffrInformation Security Analyst MMH250401-13
Posted today
Job Viewed
Job Description
Role Purpose
This position is responsible for performing various tasks. This role is also required to conduct ongoing research in the IT security arena and regularly assist in the sales process.The ideal candidate will be responsible for conducting comprehensive penetration tests, identifying vulnerabilities, and providing recommendations to improve security posture. The ideal candidate must have experience in all forms of complex technical security assessments of clients' information technology systems (including the Internet, Intranet, applications, hosts, firewalls, mobile applications, etc.) and related policies and procedures. They must be highly motivated and have a good command of industry best practices.
Requirements
- 5+ years of experience in penetration testing, vulnerability assessment, or a related field.
- Deep knowledge of security testing methodologies and frameworks (OWASP, NIST, etc.).
- Proficiency with advanced penetration testing tools such as Metasploit, Burp Suite, Nessus, Nmap, etc.
- Strong scripting skills (Python, Bash, PowerShell, etc.) for automating security tasks.
- In-depth understanding of network protocols, operating systems, web technologies, and cloud environments.
- CISSP and CEH certification preferred.
- OSCP, OSEP, CCSP, CRTE, CRTP, or CRTO certification or equivalent is an advantage.
Duties and Responsibilities
- Lead and conduct comprehensive penetration tests on networks, applications, and systems to identify security weaknesses.
- Develop and implement advanced security test plans, scenarios, and scripts.
- Perform in-depth vulnerability assessments and security analysis using both automated tools and manual techniques.
- Document and report security findings, providing actionable insights to clients and detailed recommendations for remediation.
- Collaborate with cross-functional teams to prioritize and resolve security vulnerabilities.
- Research and stay current with emerging security threats, vulnerabilities, and technology trends.
- Participate in security incident response activities when required.
- Assist in the development and refinement of security policies, procedures, and standards.
- Provide training, guidance, and mentorship to junior penetration testers and other security staff.
- Perform security assessments, including application scans (using tools such as Nessus, Burp Suite) and code reviews, to ensure compliance with Momentum Group's SDLC policies.
- Participate in a variety of other internal security projects and information security activities as required.
As an applicant, please verify the legitimacy of this job advert on our company career page
Information Security Architect
Posted 5 days ago
Job Viewed
Job Description
Job title: Information Security Architect
Contract duration: Start with 6 months
First preference: EEE candidates
Location: JHB
The Head of Security Architecture for the organization is responsible for designing, implementing, and maintaining robust security architectures that protect sensitive data in compliance with regulations such as POPIA, GDPR. This role is critical in safeguarding the confidentiality, integrity, and availability of electronic health records (EHR), patient and employee information, medical devices, and cloud-based healthcare services. The role will focus on designing and developing security architecture that aligns business and corporate security strategy. The role will collaboratively direct Security Architects, IT, and Engineers to design and build security controls and solutions compliant with approved enterprise architecture frameworks and standards across business and digital.
Key Responsibilities:
- Design and develop complex and comprehensive security architectures for our systems, applications, and infrastructure, considering both current and future needs.
- Collaborates with stakeholders, including developers, engineers, and project managers, to integrate security requirements into the system design and development lifecycle.
- Provides guidance and expertise in secure coding practices, network security, identity and access management, data protection, and other security domains.
- Model threats and risks, designing the controls necessary to mitigate them, on both an organizational and technical level – thinking like an attacker, understanding and anticipating the moves and tactics that a hacker might use to attack systems.
- Follow the architecture analysis process, which consists of research, validation, and evaluation of all new initiatives, with phase gate reviews presented to all stakeholders during key forums, including current trends such as AI and LLMS.
- Evaluates and selects security technologies, tools, and frameworks to support the organization’s security.
- Define portfolio vision and reusable security patterns aligned with the EA strategy.
- Lead architecture reviews for high-risk projects, driving recommendations to resolution.
- Advise on security controls for hybrid and cloud platforms, balancing usability, cost, and compliance.
- Defines and applies security policies, standards, and procedures to ensure compliance with industry regulations and best practices.
- Leads incident response activities, including identification, containment, eradication, and recovery, in coordination with the incident response team.
- Experience with Cloud Security platform vendors and technologies such as Azure and AWS.
- Manage security architects and mentor engineers, developers, and vendors.
What will you bring?
- Risk-based decision-making - expert in ISO 27001 / NIST / CIS controls, able to quantify and articulate risk, then select proportionate, cost-effective controls.
- Pen-testing & threat-modelling - scoping, overseeing, and translating results into enforceable patterns and backlog items.
- Influential communication - proven ability to engage C-suite and delivery stakeholders alike, adapting style to gain agreement and drive secure-by-design culture.
- Teamwork and Energy – work across different functional and business teams with effective collaboration.
- Technical depth - hands-on knowledge of cloud security, IAM, container & API security, network segmentation, encryption, and DevSecOps toolchains; capable of explaining the exploitability of complex vulnerabilities. Zero trust design thinking.
- Mentoring & governance - experience in line-managing or coaching security architects/engineers and running architecture assurance or design-review boards.
- Secure-system design leadership - demonstrable track record creating or validating architectures for large-scale, high-risk services using recognised frameworks (SABSA, TOGAF).
Requirements / Skills and Competence
- Tertiary qualification in Computer Science, Engineering, or related field (preferred)
- Minimum of 5-10 years of experience in Security Architecture.
- CISSP, CISA, CISM, or other relevant security-related designation(s) preferred.
- Certifications in CISSP-ISSAP, TOGAF, or SABSA, cloud architecture (Microsoft, AWS, GCP)
- Experience in identifying gaps in existing architectures.
- Understanding of security infrastructure in Public and Private Cloud, e.g., virtual network infrastructure, hybrid IaaS/PaaS/SaaS solutions.
- Experience in designing security architectures to mitigate threats and sound knowledge of security strategies and technologies.
- Direct the Project and Security teams with the guidance to build policies, standards, risks, and controls frameworks supporting operational requirements for the business.
- Good experience in security architecture design in Cloud and on-prem.
- Design and implementation of IOT, endpoint protection, and secure IAM.
- Understanding of authentication and authorisation technologies (SAML, LDAP, PKI, etc.) and other IAM technologies
- Understanding of the implementation, operation, and maintenance of SIEM, boundary protection technologies (firewalls, mail gateways), Antivirus, and AD security products
- Knowledge of web application architectures and threat modelling.
Information Security Specialist
Posted 11 days ago
Job Viewed
Job Description
The KPMG Africa Information Security Specialist is responsible for ensuring the confidentiality, integrity, and availability of all systems across KPMG Africa offices (South Africa, Botswana, Mauritius, Mozambique, Namibia, Zambia, Zimbabwe, Nigeria, Ghana, Kenya, Uganda, Tanzania, and Rwanda). The role involves actively managing and monitoring information security systems to detect, respond to, and remediate security risks and threats across the infrastructure.
4. Position Specifications
Educational Requirements (minimum necessary to perform the job):
- Professional / Tertiary qualification
Other Requirements:
Experience (minimum necessary):
Desired Qualifications and Experience:
- 3-5 years' experience in Information Technology Support or Information Security, including Microsoft Azure
- Industry-recognized certifications such as A+, N+, Security+, CySA+, and Cloud Security certifications like:
o Microsoft Certified: Security Operations Analyst Associate
o Microsoft Certified: Information Protection and Compliance Administrator Associate
o Microsoft Certified: Security, Compliance, and Identity Fundamentals
o Microsoft Certified: Identity & Access Management
o Microsoft Certified: Azure Security Engineer
- Professional certifications such as CISM, CISSP, ECIH are preferred but not required
- Strong knowledge of information security and cloud security concepts
- Experience in identifying, analyzing, and reporting on security risks and incidents
- Experience with security tools such as Qualys, Microsoft Defender Endpoint, Microsoft Sentinel, etc.
- Ability to evaluate vulnerabilities, develop mitigation strategies, and implement remediation
- Strong knowledge of operating systems, Microsoft Servers, Active Directory, and network protocols and technologies
5. Core Competencies:
- Attention to detail and accurate documentation
- Analytical skills to interpret information
- Ability to work independently and in a team
- Organizational and prioritization skills under pressure
6. Key Responsibilities & KPIs
Main Responsibilities:
- Monitoring incident response channels
- Executing the Information Security Incident Management Process and escalating high-priority issues
- Tracking and escalating open incidents
- Producing weekly and quarterly reports for the CISO on incident status and trends
Security Systems Configuration and Management:
- Daily monitoring of security systems to ensure proper functioning
- Configuration and management of security tools such as vulnerability, privileged access, and log management systems
- Reconciliation of assets to ensure coverage of security systems
- Reporting and issue resolution support for operational teams
Patch Management Monitoring:
- Monitoring patch management performance and identifying risks
- Addressing challenges to compliance
Threat and Event Monitoring:
- Detecting and escalating security threats and events
Vulnerability Management:
- Monitoring vulnerabilities daily
- Monthly asset reconciliation
- Managing vulnerability remediation with owners
- Supporting penetration testing activities
Supporting NITSO projects and other initiatives as required.
#J-18808-LjbffrInformation Security Specialist
Posted 16 days ago
Job Viewed
Job Description
ROLE DESCRIPTION: Information security specialists focus on keeping an organisation’s data and IT infrastructure secure, which requires a diverse set of skills and responsibilities.
TASK AND RESPONSIBILITIES:
- Conduct threat and risk analysis and analyse the business impact of new and existing systems and technologies to eliminate risk, performance, and capacity issues. Implement vulnerability assessments and configure audits of operating systems, web servers, databases, and detect patterns, insecure features, and malicious activities in the infrastructure.
- Perform research, testing, evaluating, and deployment of security technology and procedures.
- Run diagnostics on any changes to data to verify any undetected breaches.
- Develop custom systems for specialized security features and procedures for software systems, networks, data centres, and hardware.
- Develop and implement information security standards, guidelines, and procedures.
- Keep current with new intrusion methods and develop protection plans. Have an in-depth understanding of vulnerabilities, management systems, and common security applications.
- Conduct counteractive protocols and report incidents. Offer customized risk ratings for vulnerabilities based on company policies and maintain IT security controls documentation.
- Provide customized security assessments, implement security policies, design security training materials, organize training sessions, provide technical support, and communicate security policies and procedures.
FUNCTIONAL KNOWLEDGE:
Contribute to strategy formulation & execution; business requirement analysis; Incident Management and Response; Business Threat Identification and Communication; Information Risk Assessment and Management; Regulatory and Legal Frameworks; Change Management and Change Risk; GRC and Security Standards, Policies and Practices; Information Risks within Systems and IT Architecture; Information Risks within people and processes; Infrastructure Risks to business delivery; Enterprise and Security Architecture; Operational Security Practices and Management; Information Security Awareness.
MINIMUM REQUIREMENTS• NQF 7 Bachelor's degree in Cybersecurity or a related area, such as computer science or related fields.
EXPERIENCE• 5 - 6 years or more practical experience in IT and Information Security Governance, of which must include at least 3 years in an active Information Risk management role.
#J-18808-LjbffrBe The First To Know
About the latest Cybersecurity analysts Jobs in South Africa !
Information Security Consultant
Posted 25 days ago
Job Viewed
Job Description
Our client, a leading financial services firm, is seeking an Information Security Consultant to join their team on a permanent basis.
Responsibilities- Security Auditing
- Responsible for Security tools monitoring
- Network experience (TCP/IP, Firewalls, IPS, NAC)
- Operating System management and Hardening
- Anti-Virus System management and Configuration
- Logical Access Management
- Vulnerability Management
- Matric and an Information Technology diploma or degree qualification
- 4+ years experience in the field
Salary: Market Related
#J-18808-LjbffrInformation Security Administrator
Posted today
Job Viewed
Job Description
Job Description
Hello Future Information Security Administrator
Welcome to FNB, the home of the #changeables. We design for the shapeshifters and deliver products and services that make us incredibly proud of people that make it happen.
As part of our talented team, you will be surrounded by unique talents, diverse minds, and an adaptable environment that lives up to the promise of staying curious. Now's the time to imagine your potential in a team where experts come together and ignite effective change. .
To assist in identifying, defining and maintaining the information security policy and baseline standards
Are you someone who can:
- Deliver exceptional service that exceeds customers' expectations through proactive, innovative and appropriate solutions.
- Cultivate and manage objective working relationships with a variety of stakeholders, including end-users, SME's, project managers and senior staff members by providing expert advice and consulting on all aspects of IT security.
- Support IT Security leaders to participate in the FirstRand Bank Information Risk awareness program and to ensure that staff is aware of information security risks.
- Ensure that operating objectives and standards of performance are not only understood but owned by management and employees and to ensure that appropriate standards of conduct are established and complied with.
- Comply, understand and implement all steps for the IT Information Security Processes and Procedures and meet governance in terms of legislative and audit requirements.
- Assist in identifying, defining and maintaining the information security policy and base line standards.
- Assist and administer the implementation of control mechanisms, which enables Information Security Services to have a view of the status of information security.
- Ensure all Information Security analysis and research are captured, recorded and reported on to ensure correct actions are implementation are executed.
- Ensure that operating objectives and standards of performance are not only understood but owned by management and employees and to ensure that appropriate standards of conduct are established and complied with.
- Manage own development to increase own competencies.
- Maintain current knowledge of the Information Systems security industry's emerging technologies.
Dare to imagine the change with us if you are:
- An adaptable problem solver who does not fear change but thrives from it.
- A disruptor in your field of IT expertise
- An initiative taker who identifies opportunity and improves
- Known for your delivery track record.
- Wanting to be in a career that makes meaningful contribution to your and other people's lives.
We'll make a good match if you're:
- Curious - you're driven by always wanting to know more and learn more.
- Obsessed with mastery - you know what it takes to become good at what you do and are constantly pushing yourself to do it.
- Courageous - you're brave enough to think and do things differently and are always ready to put your hand up and take ownership.
- A team player - you believe in the power of teams so you're always part of one, building and leveraging your networks.
- Emotionally intelligent - you have a high EQ that enables you to truly connect with people, no matter how technical or specialist your role is.
You'll benefit from our changeable benefits like:
- Opportunities to network and collaborate.
- Inspiring work environment
- Work that is challenging
- Space to make a difference.
- Opportunities to innovate.
- Conditions that are flexible
- Focus on health and wellbeing (onsite wellness center, gym and crèche at our main campus to innovative employee wellbeing and financial fitness programmes)
- Resources to help you with your professional development.
- Generous leave policy
- Preferential employee banking rates
- When it comes to learning and development, we encourage our changeable to expand their knowledge, on their own, with others, in person or online.
- As for our workspace, it is immersive, collaborative, and energetic because at FNB, innovation is our lifeblood and change in our DNA.
Are you interested to take the step? We look forward to engaging with you further. Apply now
POSTFNB
FAIRLANDS
LI-DG2
Job Details
Take note that applications will not be accepted on the below date and onwards, kindly submit applications ahead of the closing date indicated below.
06/09/25
All appointments will be made in line with FirstRand Group's Employment Equity plan. The Bank supports the recruitment and advancement of individuals with disabilities. In order for us to fulfill this purpose, candidates can disclose their disability information on a voluntary basis. The Bank will keep this information confidential unless we are required by law to disclose this information to other parties.
Information Security Manager
Posted today
Job Viewed
Job Description
- Who we're looking for: An experienced Information Security Manager to lead the implementation and ongoing maturity of our Information Security Management System (ISMS), ensure alignment with ISO 27001:2022, and manage risk across the business.
- The challenge: To own the ISMS documentation and audit programme, coordinate internal and external audits, oversee the risk register, and support internal teams on policy compliance and security awareness.
- Where you'll work: This role will be based in Cape Town, you'll be part of our global team, collaborating with colleagues and serving customers across the UK, USA, Australia, South Africa, and beyond. Our hybrid approach offers flexibility with regular team connection in our Cape Town office.
The Tillo Difference
We're in the business of rewards and incentives, so we know a thing or two about the importance of giving back. We can't grow as a business without growing as individuals, so we are committed to providing a workplace where passionate, driven individuals can thrive. We value collaboration, trust, positivity, and a willingness to learn - only by working as a team will we reach our goals.
We're the market leader in the UK and are active in a number of other markets including USA, Europe, Australia and India.
This role will be responsible for:
ISMS Ownership & Audit Readiness
Maintain and evolve the ISMS documentation and controls in line with ISO 27001:2022.
- Coordinate and lead internal audits (quarterly for TZ) and external certification audits.
- Write up audit findings and risk reports for SLT and the Board.
- Monitor ISMS KPIs and compliance metrics .
Risk Management
Own the company-wide risk register and associated documentation (excluding the risk framework itself).
- Support teams in identifying, assessing, and documenting risks.
- Track and ensure timely implementation of Risk Treatment Plans.
- Monitor and report on key risk metrics.
Incident & Corrective Action Management
Maintain the incident log, ensuring proper documentation, root cause analysis and closure.
- Drive corrective actions and improvements from internal/external audits and incidents.
Security Policy & Training
Maintain and develop ISO 27001-compliant security policies (non-Engineering).
- Coordinate business-wide security awareness training (e.g., KnowBe4).
- Champion InfoSec awareness and lead monthly security meetings.
Client & Vendor Security Assurance
Complete InfoSec and risk sections of client due diligence questionnaires.
- Support the development of a Trust Centre to streamline security responses.
What we're looking for
- 3+ years in an Information Security or Risk Management role with experience in ISO 27001 implementation and audits.
- A strong understanding of risk frameworks, internal controls, and compliance management.
- Experience with audit coordination and ISMS documentation.
- The ability to translate technical and regulatory language into business-friendly advice.
- Working knowledge of privacy, AML, and business continuity requirements.
- Familiarity with InfoSec tooling (e.g., Drata, Vanta, KnowBe4).
- Exceptional communication, reporting and organisational skills.
Benefits
We offer all our employees trust and empower our team to work with flexibility and autonomy. We're a close-knit team and love working collaboratively, with our hybrid model, our team can come together at our fantastic offices, but also focus in their own space. The Tillo team are a motivated bunch and we all work hard to push Tillo forwards, always innovating. We completely understand the importance of work/life balance and offer a supportive and collaborative working environment with the following benefits:
- 21 days holiday per annum
- Retirement Fund (5%)
- Health insurance contribution
- Employee Incentive Scheme
- Hybrid Working
- Top spec equipment including laptop, mouse, keyboard, monitor
- Anniversary gifts
- Monthly breakfasts, drinks, snacks and events
- Team Learning & Development budget
Tillo makes gift cards, rewards, and incentives simple, efficient, and profitable. Operating in over 37 markets and 25 currencies, Tillo processes billions in gift card transactions through a single, plug-and-go API, powering rewards and incentives for the world's leading businesses.
Backed by Tenzing, Tillo is setting the global standard for digital gift card infrastructure.
Diversity, Equity, and Inclusion Statement
We are committed to fostering a diverse and inclusive workplace where everyone feels valued and respected. We welcome applications from individuals of all backgrounds, regardless of age, disability, gender identity, marital status, race, ethnicity, religion or belief, sex, or sexual orientation.
If you require any reasonable adjustments during the recruitment process, please let us know, and we will be happy to accommodate your needs.