39 Cybersecurity Consultant jobs in Johannesburg

About Reflex

Established in 2000 in South Africa, Reflex has evolved from modest origins to become a distinguished provider of Information and Communication Technology (ICT) solutions. Reflex specialises in delivering innovative ICT solutions across various industries, earning a sterling reputation for our excellence in the retail sector and beyond. With a robust network of partnerships, we pride ourselves on our ability to swiftly address the technological needs of our clients.

Our portfolio of ICT solutions spans various industries. ReflexCarrier understands what is needed to build, manage, and operate complex backbone networks simply. Our solutions are tailored for Fibre Network Operators (FNO), Internet Service Providers (ISPs), and those looking for comprehensive Managed Connectivity solutions.

On the other hand, our Enterprise Solutions take the complexity out of technology, allowing you to focus on what you do best. We provide seamless, high-performance solutions for connectivity, communications, workplace management, cloud, and cybersecurity services.

Together, both divisions reflect our core values of expertise, clarity, and client-centricity. We take pride in being large enough to offer extensive support while remaining small enough to provide personalised service. At Reflex, our clients are at the centre of everything we do, and we’re committed to delivering reliable, jargon-free solutions that drive your success.

The Cyber Security Consultant is responsible for assessing, designing, and implementing security measures to protect an organization's digital assets. They work closely with clients to identify vulnerabilities, develop security strategies, and ensure compliance with industry standards and regulations.

• Conduct Security Assessments: Evaluate the existing security measures of an organization and identify vulnerabilities and weaknesses.
• Develop Security Strategies: Create and implement effective security protocols, policies, and procedures to protect against cyber threats.
• Perform Penetration Testing: Conduct rigorous testing, including penetration testing, to simulate attacks and test the strength of security measures.
• Provide Technical Advice: Offer guidance and instruction on best practices for cybersecurity.
• Keep abreast of all aspects of cybersecurity: Keep up to date with the latest industry trends, threats, and security measures.
• Respond to Incidents: Lead the incident response process, investigating causes and recommending corrective actions.
• Train Staff: Educate staff on cybersecurity related principles, best practices and information security procedures.
• Create Reports: Develop and deliver comprehensive reports on findings and recommendations to management and stakeholders.
• Advise on Compliance: Ensure that security measures comply with relevant regulations and standards.

• 3-5 years of experience in cybersecurity or a related field.
• Original Equipment Manufacturer/Vendor technology certifications.
• Strong understanding of security principles, risk management, and relevant technologies.
• Excellent communication and presentation skills, with the ability to explain complex technical concepts to non-technical audiences.
• Ability to work collaboratively with clients and internal teams.
• Strong problem-solving skills and attention to detail.
• A responsible individual who adopts a result driven approach.
• Ability to work well under pressure and meet tight deadlines.
• Positive attitude and a passion for the role.
• Strong leadership and management skills.
• Strong analytical and problem-solving skills.

Job title: Information Security Architect

Contract duration: Start with 6 months

First preference: EEE candidates

Location: JHB

The Head of Security Architecture for the organization is responsible for designing, implementing, and maintaining robust security architectures that protect sensitive data in compliance with regulations such as POPIA, GDPR. This role is critical in safeguarding the confidentiality, integrity, and availability of electronic health records (EHR), patient and employee information, medical devices, and cloud-based healthcare services. The role will focus on designing and developing security architecture that aligns business and corporate security strategy. The role will collaboratively direct Security Architects, IT, and Engineers to design and build security controls and solutions compliant with approved enterprise architecture frameworks and standards across business and digital.

Key Responsibilities:

• Design and develop complex and comprehensive security architectures for our systems, applications, and infrastructure, considering both current and future needs.
• Collaborates with stakeholders, including developers, engineers, and project managers, to integrate security requirements into the system design and development lifecycle.
• Provides guidance and expertise in secure coding practices, network security, identity and access management, data protection, and other security domains.
• Model threats and risks, designing the controls necessary to mitigate them, on both an organizational and technical level – thinking like an attacker, understanding and anticipating the moves and tactics that a hacker might use to attack systems.
• Follow the architecture analysis process, which consists of research, validation, and evaluation of all new initiatives, with phase gate reviews presented to all stakeholders during key forums, including current trends such as AI and LLMS.
• Evaluates and selects security technologies, tools, and frameworks to support the organization’s security.
• Define portfolio vision and reusable security patterns aligned with the EA strategy.
• Lead architecture reviews for high-risk projects, driving recommendations to resolution.
• Advise on security controls for hybrid and cloud platforms, balancing usability, cost, and compliance.
• Defines and applies security policies, standards, and procedures to ensure compliance with industry regulations and best practices.
• Leads incident response activities, including identification, containment, eradication, and recovery, in coordination with the incident response team.
• Experience with Cloud Security platform vendors and technologies such as Azure and AWS.
• Manage security architects and mentor engineers, developers, and vendors.

What will you bring?

• Risk-based decision-making - expert in ISO 27001 / NIST / CIS controls, able to quantify and articulate risk, then select proportionate, cost-effective controls.
• Pen-testing & threat-modelling - scoping, overseeing, and translating results into enforceable patterns and backlog items.
• Influential communication - proven ability to engage C-suite and delivery stakeholders alike, adapting style to gain agreement and drive secure-by-design culture.
• Teamwork and Energy – work across different functional and business teams with effective collaboration.
• Technical depth - hands-on knowledge of cloud security, IAM, container & API security, network segmentation, encryption, and DevSecOps toolchains; capable of explaining the exploitability of complex vulnerabilities. Zero trust design thinking.
• Mentoring & governance - experience in line-managing or coaching security architects/engineers and running architecture assurance or design-review boards.
• Secure-system design leadership - demonstrable track record creating or validating architectures for large-scale, high-risk services using recognised frameworks (SABSA, TOGAF).

Requirements / Skills and Competence

• Tertiary qualification in Computer Science, Engineering, or related field (preferred)
• Minimum of 5-10 years of experience in Security Architecture.
• CISSP, CISA, CISM, or other relevant security-related designation(s) preferred.
• Certifications in CISSP-ISSAP, TOGAF, or SABSA, cloud architecture (Microsoft, AWS, GCP)
• Experience in identifying gaps in existing architectures.
• Understanding of security infrastructure in Public and Private Cloud, e.g., virtual network infrastructure, hybrid IaaS/PaaS/SaaS solutions.
• Experience in designing security architectures to mitigate threats and sound knowledge of security strategies and technologies.
• Direct the Project and Security teams with the guidance to build policies, standards, risks, and controls frameworks supporting operational requirements for the business.
• Good experience in security architecture design in Cloud and on-prem.
• Design and implementation of IOT, endpoint protection, and secure IAM.
• Understanding of authentication and authorisation technologies (SAML, LDAP, PKI, etc.) and other IAM technologies
• Understanding of the implementation, operation, and maintenance of SIEM, boundary protection technologies (firewalls, mail gateways), Antivirus, and AD security products
• Knowledge of web application architectures and threat modelling.

Job title: Information Security Architect

Contract duration: Start with 6 months

First preference: EEE candidates

Location: JHB

The Head of Security Architecture for the organization is responsible for designing, implementing, and maintaining robust security architectures that protect sensitive data in compliance with regulations such as POPIA, GDPR. This role is critical in safeguarding the confidentiality, integrity, and availability of electronic health records (EHR), patient and employee information, medical devices, and cloud-based healthcare services. The role will focus on designing and developing security architecture that aligns business and corporate security strategy. The role will collaboratively direct Security Architects, IT, and Engineers to design and build security controls and solutions compliant with approved enterprise architecture frameworks and standards across business and digital.

• Design and develop complex and comprehensive security architectures for our systems, applications, and infrastructure, considering both current and future needs
• Collaborates with stakeholders, including developers, engineers, and project managers, to integrate security requirements into the system design and development lifecycle
• Provides guidance and expertise in secure coding practices, network security, identity and access management, data protection, and other security domains
• Model threats and risks, designing the controls necessary to mitigate them, on both an organizational and technical level - thinking like an attacker, understanding and anticipating the moves and tactics that a hacker might use to attack systems
• Follow the architecture analysis process, which consists of research, validation, and evaluation of all new initiatives, with phase gate reviews presented to all stakeholders during key forums, including current trends such as AI and LLMS
• Evaluates and selects security technologies, tools, and frameworks to support the organization's security
• Define portfolio vision and reusable security patterns aligned with the EA strategy
• Lead architecture reviews for high-risk projects, driving recommendations to resolution
• Advise on security controls for hybrid and cloud platforms, balancing usability, cost, and compliance
• Defines and applies security policies, standards, and procedures to ensure compliance with industry regulations and best practices
• Leads incident response activities, including identification, containment, eradication, and recovery, in coordination with the incident response team
• Experience with Cloud Security platform vendors and technologies such as Azure and AWS
• Manage security architects and mentor engineers, developers, and vendors

• Risk-based decision-making - expert in ISO 27001 / NIST / CIS controls, able to quantify and articulate risk, then select proportionate, cost-effective controls
• Pen-testing & threat-modelling - scoping, overseeing, and translating results into enforceable patterns and backlog items
• Influential communication - proven ability to engage C-suite and delivery stakeholders alike, adapting style to gain agreement and drive secure-by-design culture
• Teamwork and Energy - work across different functional and business teams with effective collaboration
• Technical depth - hands-on knowledge of cloud security, IAM, container & API security, network segmentation, encryption, and DevSecOps toolchains; capable of explaining the exploitability of complex vulnerabilities. Zero trust design thinking
• Mentoring & governance - experience in line-managing or coaching security architects/engineers and running architecture assurance or design-review boards
• Secure-system design leadership - demonstrable track record creating or validating architectures for large-scale, high-risk services using recognised frameworks (SABSA, TOGAF)

• Tertiary qualification in Computer Science, Engineering, or related field (preferred)
• Minimum of 5-10 years of experience in Security Architecture
• CISSP, CISA, CISM, or other relevant security-related designation(s) preferred
• Certifications in CISSP-ISSAP, TOGAF, or SABSA, cloud architecture (Microsoft, AWS, GCP)
• Experience in identifying gaps in existing architectures
• Understanding of security infrastructure in Public and Private Cloud, e.g., virtual network infrastructure, hybrid IaaS/PaaS/SaaS solutions
• Experience in designing security architectures to mitigate threats and sound knowledge of security strategies and technologies
• Direct the Project and Security teams with the guidance to build policies, standards, risks, and controls frameworks supporting operational requirements for the business
• Good experience in security architecture design in Cloud and on-prem
• Design and implementation of IOT, endpoint protection, and secure IAM
• Understanding of authentication and authorisation technologies (SAML, LDAP, PKI, etc.) and other IAM technologies
• Understanding of the implementation, operation, and maintenance of SIEM, boundary protection technologies (firewalls, mail gateways), Antivirus, and AD security products
• Knowledge of web application architectures and threat modelling

• Mid-Senior level

• Contract

• Information Technology

• IT Services and IT Consulting

Job title: Information Security Architect

Contract duration: Start with 6 months

First preference: EEE candidates

Location: JHB

The Head of Security Architecture for the organization is responsible for designing, implementing, and maintaining robust security architectures that protect sensitive data in compliance with regulations such as POPIA, GDPR. This role is critical in safeguarding the confidentiality, integrity, and availability of electronic health records (EHR), patient and employee information, medical devices, and cloud-based healthcare services. The role will focus on designing and developing security architecture that aligns business and corporate security strategy. The role will collaboratively direct Security Architects, IT, and Engineers to design and build security controls and solutions compliant with approved enterprise architecture frameworks and standards across business and digital.

Key Responsibilities:

• Design and develop complex and comprehensive security architectures for our systems, applications, and infrastructure, considering both current and future needs.
• Collaborates with stakeholders, including developers, engineers, and project managers, to integrate security requirements into the system design and development lifecycle.
• Provides guidance and expertise in secure coding practices, network security, identity and access management, data protection, and other security domains.
• Model threats and risks, designing the controls necessary to mitigate them, on both an organizational and technical level – thinking like an attacker, understanding and anticipating the moves and tactics that a hacker might use to attack systems.
• Follow the architecture analysis process, which consists of research, validation, and evaluation of all new initiatives, with phase gate reviews presented to all stakeholders during key forums, including current trends such as AI and LLMS.
• Evaluates and selects security technologies, tools, and frameworks to support the organization’s security.
• Define portfolio vision and reusable security patterns aligned with the EA strategy.
• Lead architecture reviews for high-risk projects, driving recommendations to resolution.
• Advise on security controls for hybrid and cloud platforms, balancing usability, cost, and compliance.
• Defines and applies security policies, standards, and procedures to ensure compliance with industry regulations and best practices.
• Leads incident response activities, including identification, containment, eradication, and recovery, in coordination with the incident response team.
• Experience with Cloud Security platform vendors and technologies such as Azure and AWS.
• Manage security architects and mentor engineers, developers, and vendors.

What will you bring?

• Risk-based decision-making - expert in ISO 27001 / NIST / CIS controls, able to quantify and articulate risk, then select proportionate, cost-effective controls.
• Pen-testing & threat-modelling - scoping, overseeing, and translating results into enforceable patterns and backlog items.
• Influential communication - proven ability to engage C-suite and delivery stakeholders alike, adapting style to gain agreement and drive secure-by-design culture.
• Teamwork and Energy – work across different functional and business teams with effective collaboration.
• Technical depth - hands-on knowledge of cloud security, IAM, container & API security, network segmentation, encryption, and DevSecOps toolchains; capable of explaining the exploitability of complex vulnerabilities. Zero trust design thinking.
• Mentoring & governance - experience in line-managing or coaching security architects/engineers and running architecture assurance or design-review boards.
• Secure-system design leadership - demonstrable track record creating or validating architectures for large-scale, high-risk services using recognised frameworks (SABSA, TOGAF).

Requirements / Skills and Competence

• Tertiary qualification in Computer Science, Engineering, or related field (preferred)
• Minimum of 5-10 years of experience in Security Architecture.
• CISSP, CISA, CISM, or other relevant security-related designation(s) preferred.
• Certifications in CISSP-ISSAP, TOGAF, or SABSA, cloud architecture (Microsoft, AWS, GCP)
• Experience in identifying gaps in existing architectures.
• Understanding of security infrastructure in Public and Private Cloud, e.g., virtual network infrastructure, hybrid IaaS/PaaS/SaaS solutions.
• Experience in designing security architectures to mitigate threats and sound knowledge of security strategies and technologies.
• Direct the Project and Security teams with the guidance to build policies, standards, risks, and controls frameworks supporting operational requirements for the business.
• Good experience in security architecture design in Cloud and on-prem.
• Design and implementation of IOT, endpoint protection, and secure IAM.
• Understanding of authentication and authorisation technologies (SAML, LDAP, PKI, etc.) and other IAM technologies
• Understanding of the implementation, operation, and maintenance of SIEM, boundary protection technologies (firewalls, mail gateways), Antivirus, and AD security products
• Knowledge of web application architectures and threat modelling.

Job Description

We are representing a cornerstone of the South African financial services landscape with a legacy spanning over a century. As a mission-driven trusted service provider our client is dedicated to delivering value and security to its members. This is an opportunity to join an organisation that prides itself on strong values employee development and rewarding excellent performance while leading a critical function in a stable and respected institution.

As the new Chief Information Security Officer you will inherit the critical mission of evolving and leading the enterprise-wide cybersecurity strategy for the entire Group. This is not a maintenance role. You will be the central figure in protecting the organizations digital assets systems and data against an ever-evolving threat landscape. Your success will be measured by your ability to balance robust security with business innovation ensuring the company can confidently adopt new technologies while strengthening its reputation as a secure and trustworthy partner for its clients.

Performance Objectives for Year One

Success in this role will be defined by achieving the following key outcomes within the first 12 months :

• Develop and Launch the Next-Generation Security Strategy : Within the first nine months conduct a comprehensive review of the current security posture and develop gain executive approval for and begin executing a future-focused information security strategy. This strategy must align with the Groups business goals and securely enable key digital innovation initiatives including the adoption of cloud AI and advanced data analytics.
• Lead a Comprehensive Compliance & Governance Overhaul : Drive a thorough assessment of all information security policies and controls to ensure robust compliance with key regulations and standards including POPIA GDPR and ISO 27001. You will lead all related initiatives to mitigate gaps and successfully guide the organization through all security and compliance audits within the first year.
• Strengthen Cyber Resilience and Incident Response : Within the first six months lead the project to re-engineer test and enforce a modernized Cyber Incident Response Plan (CIRP) and disaster recovery framework. The goal is to create a highly responsive capability that demonstrably minimizes legal reputational and financial risk from potential cyber threats like ransomware and data breaches.
• Build a Company-Wide Culture of Security Awareness : Design and implement a new engaging cybersecurity awareness and training program that extends to all departments. Success will be measured by a significant verifiable increase in employee vigilance and a corresponding reduction in user-related security incidents.
• Architect Security for Key Technology Transformation : Serve as the primary security advisor and architect for the enterprise. You will collaborate with ICT and business leaders to embed security-by-design principles into the adoption of new technologies ensuring the secure deployment of new cloud services IAM solutions and data platforms.

Profile for Success

To accomplish these objectives you will need a track record of past performance including :

Required Experience :

Chief

Key Skills

International Development,Information Systems,Community,Information Technology Sales,Corporate Recruitment

Employment Type : Full-Time

Experience : years

Vacancy : 1

Location: ZA, GP, Johannesburg, 30 Baker Street

To implement the Group Cyber Resilience strategy, securing platform ecosystems, third-party integration, and protecting sensitive data, applications, and supporting infrastructure from infiltration or misuse. The role involves guiding security capabilities in client segments and solutions, facilitating security services, and ensuring policies, standards, and controls are embedded to prevent reputational, financial, or other losses, while ensuring compliance with regulatory requirements. Educating employees about their InfoSec responsibilities is also a key part of this role.

• A Degree in Business, Commerce, Information Technology, or Risk Management.

• 5-7 years experience in an information security or audit role within the banking and/or financial services sector. Experience working in a multi-vendor, outsourced, and multi-system IT environment.
• 5-7 years of good working knowledge and experience with the implementation and management of information security policies and frameworks within a corporate environment. Management experience working with individuals and teams from diverse cultures.
• 5-7 years of strong IT understanding, gaining insight into digital and platform operating models, cybersecurity trends, and solutions.

• Adopting practical approaches
• Articulating information
• Checking things
• Directing people
• Examining information
• Exploring possibilities
• Interpreting data
• Making decisions
• Providing insights
• Pursuing goals
• Showing composure
• Upholding standards
• Benefits management
• Information security
• Internal & external IT environment
• Knowledge of banking & financial services

To analyse information security related tasks within the ambit of existing information security policies, standards and processes, procedures and practices as well as business rules. Working independently to deliver on work tasks. Mentor Administrators and Analyst I. Collaborate with other specialists to execute analysis work tasks, perform operational tasks, question, recommend and update improvements to the existing policies, process and procedures. To ensure stability and up-time for areas the incumbent takes responsibility for, which could require availability on demand to perform job related duties outside of normal working hours.

• We are looking for a suitable resource with general network security or web security experience to alleviate work pressures on our current team members
• Experience with Email and Web Proxies
• DNS Security knowledge
• Experience with Microsoft O365
• Assist with support of current email and web security tasks
• Liaise with other teams to promote good security practices and explain security procedures
• Experience with Security Technologies
• Building relationships with I&O Teams
• Oversee the implementation of the information security changes and check for the short comings and risks.
• Interpret MIS and system logs/ reports with the view to analyse and correct any deviations against standards and best practices.
• Participate in the implementation of new products as provided in the selection criteria.
• Act as the 1st point of problem resolution for non routine incidents and 1st line support for problems.
• Ensure compliance to standards and practises by familiarizing and keeping abreast of information security policies, rules, standards and processes, procedures and practices as well as business rules.
• Document and maintain all relevant processes and procedures mindful of current policies and standards.
• Create and maintain information security standards.
• Oversee and monitor the information security environment according to set standards.
• Review and contribute to project documentation including business requirements, designs and implementation.
• Create design documentation according to relevant standards and practices
• Implement specific Information security technologies.
• Gain further exposure and experience on multiple technologies by job shadowing Information Security analysts III and Technical Specialist.
• Log submit and implement low, medium and high risk changes independently.
• Provide guidance and supervision to Administrators and Analyst I on implementation and changes.
• Oversee and ensure change was successful in certain cases and when required perform unit testing.
• Oversee and ensure back-ups are done, documents are stored and statuses updated.
• Analyse logs and reports independently and provide supervision to Administrators and Analyst I.
• Monitor and action Service Manager low, medium and high impact incidents and e-mails related to Information Security.
• Ensure job related tasks and processes are in place.
• Ensure that the logging and submitting of all relevant incidents have taken place and resolve low, medium and high incidents.
• Conduct risk and root cause analyses around exceptions, queries, incidents as per operational procedures with the relevant internal and external stakeholders and provide feedback, confirm stakeholder satisfaction.
• Keep abreast of legislation and other industry changes that impacts on role by reading the relevant newsletters, websites and attending sessions.
• Improve personal capability and to stay abreast of developments in field of expertise by identify training courses and career progression opportunities for self through input and feedback from managers.
• Ensure information is provided correctly to stakeholders by maintaining knowledge sharing knowledge with team.
• Transfer of knowledge to team members.
• Identify and recommend opportunities to enhance processes, systems and policies and support implementation of new processes, policies and systems.

• Strong knowledge of Information Security Principles
• Ensuring security best practices are implemented , safeguarding network infrastructure against any potential threats
• Knowledge of Email Security
• Experience with Email Security Technologies
• Experience Service Now
• Experience Microsoft O365

• Matric / Grade 12 / National Senior Certificate
• Advanced Diplomas/National 1st Degrees

• CCNA - Security
• Security +
• Network +
• MS Azure Certifications – MS 365

Minimum of 3 years’ experience in an IT operations team dealing with the network Security tasks

• Administrative procedures and systems
• Data analysis
• Governance, Risk and Controls
• Principles of project management
• Relevant regulatory knowledge
• Relevant software and systems knowledge
• Cluster Specific Operational Knowledge
• System Development Life cycle(SDLC)
• TCP/IP
• Information Security terms and definitions
• Information Security policies and procedures
• Communication
• Customer Focus
• Initiating Action
• Managing Work
• Technical/Professional Knowledge and Skills

---

Please contact the Nedbank Recruiting Team at

If you can't find the job you're looking for, activate job alerts to be one of the first to know when new positions open up.

Nedbank Ltd Reg No 1951/ /06.
Authorised financial services and registered credit provider (NCRCP16).

For assistance please contact the Nedbank Recruiting Team at