98 Cybersecurity Analysts jobs in South Africa

Title of Position

Manager: Information Security

Post Number

S904

Faculty/Department

University of the Western Cape -> ICS Department -> Strategy & Planning

Type of Position

Permanent - Full Time

Length of Contract Period

Location

Main Campus - Bellville, WC ZA (Primary)

Closing Date

1/8/2025

Role Clarification & Key Performance Areas

The University of the Western Cape (UWC) seeks to appoint an experienced Manager: Information Security in its Information and Communication Services (ICS) department.

The University has set itself exciting and challenging goals in its Institutional Operating Plan (IOP), which rely heavily on ICT’s to deliver integrated solutions that enable and support its Academic and Research programs, and it's Administrative and Professional Services departments.

This permanent position based at the Bellville main campus will report to the Deputy Director: ICT Governance Risk and Compliance and will play a pivotal role in maturing the University’s Information Security (InfoSec) functional domain and capabilities in the areas of InfoSec Governance; InfoSec Risk; InfoSec Program Development & Management; and InfoSec Incident Management & Response.

This is a demanding but very stimulating role, which requires an experienced individual with the appropriate breadth and depth of business and technical skills and competencies.

We invite you to join our team at a very exciting time in the University’s history.

• Key Performance Areas:
• Information Security Governance
• Establish, communicate and maintain information security policies, standards, procedures and other documentation that support information security,
• Lead the design and implementation of an information security strategy to proactively address evolving cybersecurity threats and ensuring the confidentiality, integrity and availability of the University's information assets
• Identify current and potential legal and regulatory requirements affecting information security,
• Establish reporting and communication channels that support information security.
• Information Security Risk Management
• Establish a process for information asset classification and ownership,
• Implement a structured information risk assessment mitigation and reporting process, and oversee findings to closure,
• Ensure that threat and vulnerability evaluations are performed on an ongoing basis,
• Identify and periodically evaluate information security controls and counter-measures to mitigate risk to acceptable levels,
• Integrate risk, threat and vulnerability identification and management into operational management and program delivery processes.
• Information Security Program Development
• Ensure the development of information security architectures (considering people, information, processes and technology),
• Develop and maintain plans to implement the information security strategy ensuring alignment with other assurance functions,
• Specify the activities to be performed within the information security program / projects,
• Develop a program for information security awareness, training and education,
• Recommend and advise information security requirements into the organization’s processes and life cycle activities (e.g. change control, software development, employment, procurement etc.),
• Advise on the integration of information security controls into contracts,
• Establish metrics to evaluate the effectiveness of the information security program.
• Information Security Program Management
• Oversee the execution of information security programs,
• Oversee the performance of contractually agreed information security controls (e.g., with joint ventures, outsourced providers, business partners, third parties),
• Provide information security advice and guidance (e.g., risk analysis, control selection) across the institution,
• Provide information security awareness, training and education to stakeholders (e.g. business process owners),
• Monitor, measure and report on the effectiveness and efficiency of information security controls and compliance with information security policies,
• Collaborate with Operational Teams to ensure effective management of controls and the successful implementation of strategies. This includes working closely with managers across different domains and engaging with campus stakeholders to align security and compliance objectives with operational needs.
• Information Security Incident Management and Response
• Develop and maintain plans to respond to and document information security incidents,
• Develop and implement processes for preventing, detecting, identifying, analysing, and responding to information security incidents,
• Establish escalation and communication processes and lines of authority,
• Track and Facilitate the investigation of information security incidents (e.g. forensics, evidence collection and preservation, log analysis, interviewing),
• Develop a process to communicate with internal and external stakeholders (e.g. media, law enforcement, staff and students),
• Integrate information security incident response plans with the institution’s disaster recovery and business continuity plan,
• Formulate training and awareness programs for information security incident response,
• Provide guidance on the resolution of major information security incidents,
• Facilitate reviews to identify root causes of information security incidents, facilitate corrective actions and re-assess risk.
  
  

• Bachelor’s degree in Computer Science or Information Systems, or an equivalent NQF-7 accredited qualification with 5 years' experience in a similar role and at a similar level or
• Diploma at NQF 6 level and an accredited, internationally recognised Information Systems Security certification with 8 years' experience in a similar role and at a similar level
• An accredited, internationally recognised Information Systems Security certification (CISSP, CISM, etc.),
• Demonstrable IT Service Management experience,
• Relevant Information Security (InfoSec) Management experience in an enterprise environment,
• Knowledge of the legal, regulatory and compliance requirements related to InfoSec (e.g. POPIA),
• Proficient in information security frameworks (e.g. NIST, ISO27001),
• Good experiential knowledge and understanding of an enterprise business system architecture (including data centre; server environment; storage network; databases; operating systems; applications; WAN & LAN networks)
• Successful track record in developing and managing InfoSec projects / programs,
• Experience in Security incident management, Security Investigations and root cause analysis,
• Advanced proficiency in MS Office (MS Word, Excel, Power Point),
  
  

• Experience in developing InfoSec policies, plans and procedures aligned to ISO/IEC 27001 & 27002 standards,
• Strong knowledge of IT Governance and cyber security practices
• An accredited IT Risk Management certification (e.g. M_o_R) at intermediate / practitioner level,
• Accredited certification in Project Management (e.g. PMP, Prince2),
• COBIT-5 certification in IT Governance,
• Experience in the use of Microsoft Project,
• Experience working in the Higher Education sector would be advantageous,
  
  

• Diagnostic information gathering, analytical thinking and problem-solving skills,
• Demonstrated ability to work unsupervised to meet deadlines and to deliver results,
• Excellent planning, co-ordination and time management skills,
• Effective teamwork and the ability to collaborate and build strong relationships with diverse stakeholder groups,
• Good business acumen and understanding of business requirements on ICT,
• Thoroughness and attention to quality and detail,
• Ability to influence, establish focus, and to lead and motivate teams to achieve common goals,
• Excellent customer & service orientation,
• Good listening skills and inter-personal awareness,
• Strong personal credibility
• Excellent English Communication skills (verbal and written),
• Strong facilitation and inter-personal skills,
• Strong business acumen.
  
  

A Security Engineer is a crucial member of an organization’s IT team, specializing in safeguarding digital assets and maintaining the security posture of the company. They work to design, implement, and manage security measures to protect against cyber threats, unauthorized access, and data breaches.

Key Responsibilities:

Security Infrastructure Design:

• Design and implement security infrastructure, including firewalls, intrusion detection systems, and encryption protocols.
• Evaluate and recommend security products and technologies to enhance the organization’s security posture.

Incident Response and Monitoring:

• Monitor network traffic for suspicious activity and potential security breaches.
• Develop and maintain incident response plans and procedures to mitigate security incidents.
• Investigate security incidents, determine the root cause, and implement corrective actions.

Vulnerability Assessment and Penetration Testing:

• Conduct regular security assessments to identify vulnerabilities in systems and applications.
• Perform penetration tests to simulate cyberattacks and assess the organization’s readiness.

Access Control and Authentication:

• Manage user access controls and authentication mechanisms.
• Implement and maintain multi-factor authentication (MFA) solutions.

Security Policies and Compliance:

• Develop and enforce security policies, standards, and procedures.
• Ensure compliance with industry regulations (e.g., GDPR, HIPAA, PCI DSS) and best practices.

Security Awareness and Training:

• Conduct security awareness programs and training for employees.
• Keep the organization informed about emerging threats and security best practices.

Security Patch Management:

• Manage and coordinate the timely installation of security patches and updates.
• Maintain an inventory of software and hardware assets.

Encryption and Data Protection:

• Implement encryption mechanisms to protect sensitive data at rest and in transit.
• Ensure the confidentiality and integrity of data through encryption and access controls.

Qualifications:

• Bachelor’s degree in computer science, information security, or a related field (or equivalent experience).
• Relevant industry certifications such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Certified Information Security Manager (CISM), or equivalent.
• Proven experience in information security roles, including network security, system security, or application security.
• Strong knowledge of security technologies, protocols, and tools.
• Understanding of risk management principles and methodologies.
• Proficiency in scripting and programming languages (e.g., Python, PowerShell) for automation and analysis.
• Familiarity with cloud security concepts (e.g., AWS, Azure, Google Cloud).
• Excellent problem-solving and analytical skills.
• Effective communication and teamwork abilities.

Preferred Skills:

• Experience with security information and event management (SIEM) systems.
• Knowledge of threat intelligence and threat hunting techniques.
• Experience with secure coding practices and application security assessments.
• Familiarity with network and web application firewalls.
• Understanding of security-related regulations and compliance standards.
• Security Engineers typically work in an office environment but may need to respond to security incidents outside regular business hours.
• The role may involve occasional travel to remote offices or data centers.

Security Engineers play a pivotal role in maintaining the confidentiality, integrity, and availability of an organization’s information assets. They are instrumental in protecting against cyber threats and ensuring compliance with industry regulations and security best practices.

The University of the Western Cape (UWC) seeks to appoint an experienced Manager: Information Security in its Information and Communication Services (ICS) department.

The University has set itself exciting and challenging goals in its Institutional Operating Plan (IOP), which rely heavily on ICT to deliver integrated solutions that enable and support its Academic and Research programs, and its Administrative and Professional Services departments.

This permanent position based at the Bellville main campus reports to the Deputy Director: ICT Governance Risk and Compliance and plays a pivotal role in maturing the University’s Information Security (InfoSec) capabilities in areas such as Governance, Risk, Program Development & Management, and Incident Response.

This demanding yet stimulating role requires an individual with broad business and technical skills. Join us at an exciting time in the University’s history.

1. Information Security Governance:
   • Establish, communicate, and maintain security policies, standards, procedures, and documentation.
   • Design and implement an information security strategy to address cybersecurity threats, ensuring the confidentiality, integrity, and availability of information assets.
   • Identify legal and regulatory requirements affecting information security.
   • Establish reporting and communication channels to support security.
2. Information Security Risk Management:
   • Establish processes for asset classification and ownership.
   • Implement risk assessment, mitigation, and reporting processes; oversee findings.
   • Perform ongoing threat and vulnerability evaluations.
   • Evaluate and implement security controls to mitigate risks.
   • Integrate risk management into operational processes.
3. Information Security Program Development:
   • Develop security architectures considering people, processes, and technology.
   • Create and maintain security plans aligned with organizational goals.
   • Define activities for security programs/projects.
   • Develop security awareness, training, and education programs.
   • Integrate security requirements into organizational processes and contracts.
   • Establish metrics to evaluate program effectiveness.
4. Information Security Program Management:
   • Oversee execution of security programs.
   • Manage performance of security controls, including third-party controls.
   • Provide security advice across the institution.
   • Conduct training and awareness for stakeholders.
   • Monitor and report on control effectiveness and compliance.
   • Collaborate with operational teams to align security with operational needs.
5. Information Security Incident Management and Response:
   • Develop and maintain incident response plans.
   • Implement processes for incident detection, analysis, and response.
   • Establish escalation and communication protocols.
   • Facilitate incident investigations and evidence handling.
   • Communicate with stakeholders during incidents.
   • Align incident response with disaster recovery and business continuity plans.
   • Develop training programs for incident response.
   • Guide resolution of major incidents and conduct root cause analysis.

• Bachelor’s degree in Computer Science or Information Systems, with 5 years' experience, or an NQF 6 diploma and an internationally recognized security certification with 8 years' experience.
• Security certifications such as CISSP, CISM, etc.
• IT Service Management experience.
• Experience in enterprise InfoSec management and legal/regulatory compliance (e.g., POPIA).
• Knowledge of security frameworks (NIST, ISO27001).
• Understanding of enterprise system architecture.
• Proven track record in managing InfoSec projects/programs.
• Experience in incident management, investigations, and root cause analysis.
• Proficiency in MS Office suite.

• Experience developing policies aligned with ISO standards.
• Knowledge of IT Governance and cybersecurity practices.
• Additional certifications like M_o_R, PMP, Prince2, COBIT-5, or experience in higher education sector.

• Analytical skills, problem-solving, and information gathering.
• Ability to work independently and meet deadlines.
• Excellent planning, coordination, and time management.
• Strong collaboration and relationship-building skills.
• Business acumen and understanding of ICT requirements.
• Attention to detail and quality.
• Leadership and motivational skills.
• Customer service orientation and interpersonal skills.
• Effective communication skills in English.
• Facilitation skills and personal credibility.

South Africa

Apply Now and Redefine Digital Payments with Us!

Why EFT Corporation

At EFT Corporation, we don’t just enable payments, we empower possibilities. With over 26 years of experience, we’re Africa’s leading payment solutions provider, working with over 100 financial institutions to deliver cutting-edge technology that drives financial inclusion and transforms lives. Operating in dynamic markets across Africa and beyond, our team of 300+ experts spans Mauritius, Ghana, Kenya, South Africa, Zambia, Zimbabwe, and India. We’re on a mission to shape the future of payments across the continent through innovation, collaboration, and a shared vision of progress.

Why You'll Love Working Here:

• Purpose-Driven Culture : Make an impact in transforming lives through secure and innovative payment solutions.
• Global Collaboration : Work alongside diverse, talented teams from across the globe.
• Continuous Growth : Expand your skills with mentorship, knowledge sharing, and cutting-edge technologies.
• Inclusive Environment : We value and celebrate diversity, fostering a workplace where everyone thrives.

Your Role

• As an Information Security Officer , your job purpose is to be held accountable in respect to assisting the Senior Security and Infrastructure Engineer and the Senior DevOps Engineers in the following:
  • Assisting in maintaining the safety and security of the organisation’s systems and network database to prevent unauthorized access and avoid data breaches.
  • Maintaining the organisation’s systems and networks.
  • Assisting in overseeing the entire software development process, from planning and development to deployment and maintenance.
  • This role requires expertise in both software development and operations, as well as an understanding of the DevOps methodology.
  • This includes CI/CD, Infrastructure management (AWS), Automation, Monitoring, logging and metrics, Collaboration and Security.
  • The role also requires a significant focus on PCI compliance and support and collaboration with the Security and Infrastructure team is required.
• You will be responsible for owning the Futurex HSM and Thales HSM device management which includes:
  • Yearly Key management/replacement ceremonies.
  • PCI compliance as it relates to the HSM.
• Assisting with new security compliance:
  • ISO27001.
  • PCI+PIN.

What You’ll Do Maintain Operational Systems, Networks and Security:

• Facilitate annual PCI audits.
• Linux Operating systems are security patched in a timely manner. If patching will affect customers, arrange with operations support, and follow the correct change control process.
• Maintain Elastic SIEM.
• Respond to and investigate SIEM alerts.
• Respond to operational system alerts and/or operational queries across the entire technology stack (Production and QA system issues, infrastructure issues, Databaseissues, Network issues, Security and Firewall issues and any 3rd party or customer integration issues) as they occur.
• Manage / Deploy system tooling that may be beneficial to the business.
• Research, POC and deploy new open source or when applicable closed source tooling that is beneficial to the business systems or processes. This can be in supporting Applications, Monitoring, Logging, SIEM, AI/machine Learning, Fraud Detection, Operational Support applications, Authentication systems, BI / Data Analytics, networks, Security or compliance.
• Create ad hoc Python scripts / Applications to perform various repetitive tasks.
• Ensure that AWS environments and services are architectured and configured in a secure and redundant manner including all security services from AWS.
• Maintain AWS services including but not limited to: VPC, EC2, ECS, ECS Fargate, ECR, Guard Duty, Cloudwatch, Cloudtrail, Security groups, VPC Routing, Site to Site VPNs, Application Load balancers / network load balancers, Web application firewalls,etc.
• Architect, support and maintain connectivity between 3rd parties, Banking partners, integrators and on prem datacentres.
• Ensure best practice security measures are implemented.
• Ensure best practices regarding system isolation and scope reduction.
• Provide support to field engineers on HSMs and key management.
• Maintain internal HSMs and key management procedures.
• Provide support to the product and SLDC teams – this includes consulting on design, finding compliant solutions for customer issues, and filling out cyber risk assessments for customers or tenders.

• Maintain/Improve (PC14) PCI.
• Stretch: ISO 27001.
• GDPR.

• Ensure Security, Infrastructure & Procedures (with supporting team) are comprehensive and kept up to date.Security Tooling:
• Ensure SSO, Intrusion detection, SIEM, Antivirus, Patch Management and PGP are implanted as per the polices.
• Stimulation / adoption of user-driven security culture (give security a brand within the org and educate).

• To increase efficiency and reduce errors for both security and infrastructure management.

• To reduce costs (optimize) without sacrificing performance and security.

• Ensure that weekly vulnerability scans results are tracked, and vulnerabilities are remediated within set severity timeframes weekly.
• Review all daily and weekly BAU PCI Items for signoff monthly.
• Ensure weekly Internal and External Scans were completed.
• Perform data analysis reporting monthly.
• Maintain a strong security posture within the card holder environment.
• Work with 3rd party to ensure PCI Certification Audit is completed and passed on time.
• Review Security Commitment to third parties.

• Bachelor’s degree in Computer Science or related field.
• 3 years’ relevant experience.
• Experience within the payment / banking sector.
• Experience working with PCI Audits / Security in DevOps, Linux, Mysql, Cloud (AWS).
• Network experience (particularly cloud based / virtual).

• PCI Audits / Security / Processes.
• Linux, Mysql, and Cloud (AWS).
• Experience with automation tools like CloudFormation, Ansible, Puppet, Chef, etc.
• CI/CD tooling eg. Bitbucket pipelines, Jenkins, etc.
• Scripting languages: Bash, Python, etc.
• Cloud knowledge, specifically AWS.
• Containerisation: Docker, Kubernetes, AWS ECS, etc.
• Logging Frameworks: ELK stack, cloudwatch, etc.
• Cloud-based virtual networking eg VPC, subnets, ALB, NLB, WAF, Peering, Transit Gateways, VPN gateways, etc.
• SIEM experience – Elastic, Splunk, etc.
• Monitoring and Alerting Framework: Zabbix, Nagios, etc.

• Ability to learn new technologies at pace.
• Problem solving.
• Ability to work within a high stress & flux environment.
• Ability to foster & cultivate relationships with internal & external stakeholders.
• Ability to work autonomously as well as part of a team.
• Assertiveness – communicating feelings and beliefs; being non-offensive.
• Detail & deadline oriented.
• Analytical & critical thinking.

Our Values

• Purposeful Impact : Every action drives meaningful change.
• Client-Centric Excellence : We succeed when our clients do.
• Integrity : Doing the right thing, always.
• Teamwork : Together, we achieve the extraordinary.

Why Now?

Be part of a pioneering force in digital payments, leading transformative projects across continents. At EFT Corporation, you’re not just joining a company—you’re joining a movement.

Ready to redefine the future of payments with us?

Apply now and let’s create the extraordinary together!

EFT Corporation is an Equal Opportunity Employer. Diversity drives our success, and we welcome passionate individuals from all walks of life to join our team.

EFT Corporation does not accept unsolicited resumes from search firms/recruiters. EFT Corporation will not pay any fees to search firms/recruiters if a search firm/recruiter submits a candidate unless an agreement has been entered into concerning the specific open position(s). Search firms/recruiters offering resumes to EFT Corporation on an unsolicited basis shall be deemed to accept this condition, regardless of any other provision to the contrary.

Apply Now and Redefine Digital Payments with Us!

At EFT Corporation, we don’t just enable payments, we empower possibilities. With over 26 years of experience, we’re Africa’s leading payment solutions provider, working with over 100 financial institutions to deliver cutting-edge technology that drives financial inclusion and transforms lives. Operating in dynamic markets across Africa and beyond, our team of 300+ experts spans Mauritius, Ghana, Kenya, South Africa, Zambia, Zimbabwe, and India. We’re on a mission to shape the future of payments across the continent through innovation, collaboration, and a shared vision of progress.

• Purpose-Driven Culture : Make an impact in transforming lives through secure and innovative payment solutions.
• Global Collaboration : Work alongside diverse, talented teams from across the globe.
• Continuous Growth : Expand your skills with mentorship, knowledge sharing, and cutting-edge technologies.
• Inclusive Environment : We value and celebrate diversity, fostering a workplace where everyone thrives.

• As an Information Security Officer , your job purpose is to be held accountable in respect to assisting the Senior Security and Infrastructure Engineer and the Senior DevOps Engineers in the following:
  • Assisting in maintaining the safety and security of the organisation’s systems and network database to prevent unauthorized access and avoid data breaches.
  • Maintaining the organisation’s systems and networks.
  • Assisting in overseeing the entire software development process, from planning and development to deployment and maintenance.
  • This role requires expertise in both software development and operations, as well as an understanding of the DevOps methodology.
  • This includes CI/CD, Infrastructure management (AWS), Automation, Monitoring, logging and metrics, Collaboration and Security.
  • The role also requires a significant focus on PCI compliance and support and collaboration with the Security and Infrastructure team is required.
• You will be responsible for owning the Futurex HSM and Thales HSM device management which includes:
  • Yearly Key management/replacement ceremonies.
  • PCI compliance as it relates to the HSM.
• Assisting with new security compliance:
  • ISO27001.
  • PCI+PIN.

• Facilitate annual PCI audits.
• Linux Operating systems are security patched in a timely manner. If patching will affect customers, arrange with operations support, and follow the correct change control process.
• Maintain Elastic SIEM.
• Respond to and investigate SIEM alerts.
• Respond to operational system alerts and/or operational queries across the entire technology stack (Production and QA system issues, infrastructure issues, Databaseissues, Network issues, Security and Firewall issues and any 3rd party or customer integration issues) as they occur.
• Manage / Deploy system tooling that may be beneficial to the business.
• Research, POC and deploy new open source or when applicable closed source tooling that is beneficial to the business systems or processes. This can be in supporting Applications, Monitoring, Logging, SIEM, AI/machine Learning, Fraud Detection, Operational Support applications, Authentication systems, BI / Data Analytics, networks, Security or compliance.
• Create ad hoc Python scripts / Applications to perform various repetitive tasks.
• Ensure that AWS environments and services are architectured and configured in a secure and redundant manner including all security services from AWS.
• Maintain AWS services including but not limited to: VPC, EC2, ECS, ECS Fargate, ECR, Guard Duty, Cloudwatch, Cloudtrail, Security groups, VPC Routing, Site to Site VPNs, Application Load balancers / network load balancers, Web application firewalls,etc.
• Architect, support and maintain connectivity between 3rd parties, Banking partners, integrators and on prem datacentres.
• Ensure best practice security measures are implemented.
• Ensure best practices regarding system isolation and scope reduction.
• Provide support to field engineers on HSMs and key management.
• Maintain internal HSMs and key management procedures.
• Provide support to the product and SLDC teams – this includes consulting on design, finding compliant solutions for customer issues, and filling out cyber risk assessments for customers or tenders.

• Maintain/Improve (PC14) PCI.
• GDPR.
• Ensure Security, Infrastructure & Procedures (with supporting team) are comprehensive and kept up to date.Security Tooling:
• Ensure SSO, Intrusion detection, SIEM, Antivirus, Patch Management and PGP are implanted as per the polices.
• Stimulation / adoption of user-driven security culture (give security a brand within the org and educate).

• To increase efficiency and reduce errors for both security and infrastructure management.
• To reduce costs (optimize) without sacrificing performance and security.

• Ensure that weekly vulnerability scans results are tracked, and vulnerabilities are remediated within set severity timeframes weekly.
• Review all daily and weekly BAU PCI Items for signoff monthly.
• Ensure weekly Internal and External Scans were completed.
• Perform data analysis reporting monthly.
• Maintain a strong security posture within the card holder environment.
• Work with 3rd party to ensure PCI Certification Audit is completed and passed on time.
• Review Security Commitment to third parties.

• Bachelor’s degree in Computer Science or related field.
• 3 years’ relevant experience.
• Experience within the payment / banking sector.
• Experience working with PCI Audits / Security in DevOps, Linux, Mysql, Cloud (AWS).
• Network experience (particularly cloud based / virtual).

• PCI Audits / Security / Processes.
• Linux, Mysql, and Cloud (AWS).
• Experience with automation tools like CloudFormation, Ansible, Puppet, Chef, etc.
• Cloud knowledge, specifically AWS.
• Logging Frameworks: ELK stack, cloudwatch, etc.
• Monitoring and Alerting Framework: Zabbix, Nagios, etc.

• Ability to learn new technologies at pace.
• Problem solving.
• Ability to work within a high stress & flux environment.
• Ability to foster & cultivate relationships with internal & external stakeholders.
• Ability to work autonomously as well as part of a team.
• Assertiveness – communicating feelings and beliefs; being non-offensive.
• Detail & deadline oriented.
• Analytical & critical thinking.

• Purposeful Impact : Every action drives meaningful change.
• Client-Centric Excellence : We succeed when our clients do.
• Integrity : Doing the right thing, always.
• Teamwork : Together, we achieve the extraordinary.

Be part of a pioneering force in digital payments, leading transformative projects across continents. At EFT Corporation, you’re not just joining a company—you’re joining a movement.

Ready to redefine the future of payments with us?

Apply now and let’s create the extraordinary together!

EFT Corporation is an Equal Opportunity Employer. Diversity drives our success, and we welcome passionate individuals from all walks of life to join our team.

EFT Corporation does not accept unsolicited resumes from search firms/recruiters. EFT Corporation will not pay any fees to search firms/recruiters if a search firm/recruiter submits a candidate unless an agreement has been entered into concerning the specific open position(s). Search firms/recruiters offering resumes to EFT Corporation on an unsolicited basis shall be deemed to accept this condition, regardless of any other provision to the contrary.

1 Position Details

Position

Business Unit

Quality and Risk Management

Managing any People

No

2 reports to

Chief Information Security Officer

3 Overall Purpose Of The Role

The KPMG Africa Information Security Specialist is to assist with ensuring the confidentiality, integrity, and availability of all systems across the KPMG Africa offices (South Africa, Botswana, Mauritius, Mozambique, Namibia, Zambia, Zimbabwe, Nigeria, Ghana, Kenya, Uganda, Tanzania, and Rwanda). The role involves actively managing and monitoring information security systems to detect, respond, and remediate information security risks and threats across the infrastructure.

4 Position Specifications

4.1 Educational (minimum level necessary to perform the job)

• Professional

4.2 Other requirements

4.3 Experience (minimum necessary before being considered for the job)

Desired Qualification And Experience

• 3 - 5 years’ experience in Information Technology Support or Information Security including Microsoft Azure
• Industry recognized qualification A+, N+, Security +, CySA+, including Cloud Security certifications such as Microsoft Certified: Security Operations Analyst Associate, Information Protection and Compliance Administrator Associate, Security, Compliance, and Identity Fundamentals, Identity & Access Management, Azure Security Engineer
• Professional certifications preferred but not required (CISM, CISSP, ECIH)
• Strong knowledge of information security and cloud security concepts
• Experience with identifying, analysing, and reporting on information security risks and incidents
• Experience in security incident response, threat analytics, security operations, vulnerability management, and security risk management
• Knowledge of security tools like Qualys, Microsoft Defender Endpoint, Microsoft Sentinel
• Experience evaluating vulnerabilities, developing mitigation strategies, and implementing remediation
• Knowledge of Microsoft Servers, Active Directory, and network infrastructure protocols and technologies

5 Core Competencies (Attributes)

• Attention to detail and accurate documentation
• Ability to analyze and interpret information
• Ability to work independently and as part of a team
• Organizational and prioritization skills under pressure

6 List of Key Performance Areas & Key Performance Indicators

Main Responsibilities

Incident Management

• Monitoring incident response channels
• Executing the Information Security Incident Management Process and escalating high-priority issues
• Tracking and escalating open incidents
• Producing weekly and quarterly reports for the CISO on incident status and trends

Security Systems Configuration and Management

• Daily monitoring and configuration of security systems
• Asset reconciliation for security coverage
• Reporting and issue resolution support

Monitoring of Patch Management

• Monitoring performance and identifying process risks
• Addressing challenges to compliance

Threat and Event Monitoring

• Detecting and escalating security threats and events

Vulnerability Management

• Monitoring vulnerabilities, asset reconciliation, initiating remediation, and supporting penetration testing

Support the implementation of NITSO Projects and other initiatives

• Supporting project execution and team initiatives

Job title: Information Security Architect

Contract duration: Start with 6 months

First preference: EEE candidates

Location: JHB

Salary budget: 400 ZAR per hour

The Head of Security Architecture for the organization is responsible for designing, implementing, and maintaining robust security architectures that protect sensitive data in compliance with regulations such as POPIA, GDPR. This role is critical in safeguarding the confidentiality, integrity, and availability of electronic health records (EHR), patient and employee information, medical devices, and cloud-based healthcare services. The role will focus on designing and developing security architecture that aligns business and corporate security strategy. The role will collaboratively direct Security Architects, IT, and Engineers to design and build security controls and solutions compliant with approved enterprise architecture frameworks and standards across business and digital.

Key Responsibilities:

• Design and develop complex and comprehensive security architectures for our systems, applications, and infrastructure, considering both current and future needs.
• Collaborates with stakeholders, including developers, engineers, and project managers, to integrate security requirements into the system design and development lifecycle.
• Provides guidance and expertise in secure coding practices, network security, identity and access management, data protection, and other security domains.
• Model threats and risks, designing the controls necessary to mitigate them, on both an organizational and technical level – thinking like an attacker, understanding and anticipating the moves and tactics that a hacker might use to attack systems.
• Follow the architecture analysis process, which consists of research, validation, and evaluation of all new initiatives, with phase gate reviews presented to all stakeholders during key forums, including current trends such as AI and LLMS.
• Evaluates and selects security technologies, tools, and frameworks to support the organization’s security.
• Define portfolio vision and reusable security patterns aligned with the EA strategy.
• Lead architecture reviews for high-risk projects, driving recommendations to resolution.
• Advise on security controls for hybrid and cloud platforms, balancing usability, cost, and compliance.
• Defines and applies security policies, standards, and procedures to ensure compliance with industry regulations and best practices.
• Leads incident response activities, including identification, containment, eradication, and recovery, in coordination with the incident response team.
• Experience with Cloud Security platform vendors and technologies such as Azure and AWS.
• Manage security architects and mentor engineers, developers, and vendors.

What will you bring?

• Risk-based decision-making - expert in ISO 27001 / NIST / CIS controls, able to quantify and articulate risk, then select proportionate, cost-effective controls.
• Pen-testing & threat-modelling - scoping, overseeing, and translating results into enforceable patterns and backlog items.
• Influential communication - proven ability to engage C-suite and delivery stakeholders alike, adapting style to gain agreement and drive secure-by-design culture.
• Teamwork and Energy – work across different functional and business teams with effective collaboration.
• Technical depth - hands-on knowledge of cloud security, IAM, container & API security, network segmentation, encryption, and DevSecOps toolchains; capable of explaining the exploitability of complex vulnerabilities. Zero trust design thinking.
• Mentoring & governance - experience in line-managing or coaching security architects/engineers and running architecture assurance or design-review boards.
• Secure-system design leadership - demonstrable track record creating or validating architectures for large-scale, high-risk services using recognised frameworks (SABSA, TOGAF).

Requirements / Skills and Competence

• Tertiary qualification in Computer Science, Engineering, or related field (preferred)
• Minimum of 5-10 years of experience in Security Architecture.
• CISSP, CISA, CISM, or other relevant security-related designation(s) preferred.
• Certifications in CISSP-ISSAP, TOGAF, or SABSA, cloud architecture (Microsoft, AWS, GCP)
• Experience in identifying gaps in existing architectures.
• Understanding of security infrastructure in Public and Private Cloud, e.g., virtual network infrastructure, hybrid IaaS/PaaS/SaaS solutions.
• Experience in designing security architectures to mitigate threats and sound knowledge of security strategies and technologies.
• Direct the Project and Security teams with the guidance to build policies, standards, risks, and controls frameworks supporting operational requirements for the business.
• Good experience in security architecture design in Cloud and on-prem.
• Design and implementation of IOT, endpoint protection, and secure IAM.
• Understanding of authentication and authorisation technologies (SAML, LDAP, PKI, etc.) and other IAM technologies
• Understanding of the implementation, operation, and maintenance of SIEM, boundary protection technologies (firewalls, mail gateways), Antivirus, and AD security products
• Knowledge of web application architectures and threat modelling.

• Development of Information Security Services capability and initiatives in support of the IT Strategy and EA Planning / Blueprinting processes.
• Advise on and ensure the effective management of information technology and business processes access and communicate feedback to enable associated security risk management.
• Perform Vulnerability testing and scanning.
• Report on TCTA’s vulnerability profile and recommendations to improve the profile.
• Analyse related information/reports to identify discrepancies and anomalies, recommend remedial action and ensure compliance to security policies and standards.
• Develop and/or align information security policies to identify and manage risk exposure.
• Mitigate risk by ensuring that proper IT security and information management measures are in place.
• Perform security audits and clean-ups to ensure accurate and up-to-date access within TCTA.
• Understand IT applications and infrastructure in alignment with policies and procedures.
• Document the information security principles and guidelines for application software as well as standards that should be adhered to for each product.
• Development of information security requirement specifications prior to the procurement or implementation of new systems and technology to ensure alignment between the business goals and the supporting system functionality.
• Maintain the Information Security Architectural repository to ensure consistency between applications and systems.
• Ensure currency of systems and technology by maintaining an environmental awareness.
• Provide guidelines for the development of life-cycle management strategies for systems and technology in conjunction with major stakeholders to ensure business continuity.
• Managing information security risks and issues and escalating where necessary.
• Researching and developing leading practices for the Information Security function.
• Benchmarking and analysis of trends to optimise internal processes.
• Engaging with business units to proactively (and reactively) provide solutions, advising TCTA’s management and other stakeholders in their relevant area of expertise.
• Benchmark TCTA’s Information Security Architecture with Local and International best practice and applications at other organisations.
• Identify strategic projects that need to be undertaken in the Information Security function.
• Preparing project definitions and detailed plans with the PMO.
• Driving and supporting the implementation of the specialised areas initiatives and strategic projects that address the needs and expectations of TCTA’s stakeholders.
• Documenting functional requirements and specifications for new information security solutions.
• Monitoring and reporting on progress against functional initiatives.
• Monitoring and reporting on compliance with information security policies, procedures, and controls.
• Promoting sound institutional governance, participating in required governance structures, and serving as a member on the required forums.
• Compiling reports on the functional performance at the required intervals reflecting all relevant statistics, e.g., monthly/quarterly cybersecurity report.

Cybersecurity Risk Assessment, IT Security, IT Solutions, Financial Services, State-Owned Enterprises (SOE), Water Supply

Our client, a leading financial services firm, is seeking an Information Security Consultant to join their team on a permanent basis.

• Security Auditing
• Responsible for Security tools monitoring
• Network experience (TCP/IP, Firewalls, IPS, NAC)
• Operating System management and Hardening
• Anti-Virus System management and Configuration
• Logical Access Management
• Vulnerability Management

• Matric and an Information Technology diploma or degree qualification
• 4+ years experience in the field

Salary: Market Related