32 Identity Management jobs in South Africa

About our client:

Our client is a global investment advisory firm focusing on long-term value creation through investment strategies. They work with a diverse group of institutional partners and pride themselves on their collaborative, sustainable, inclusive culture and performance.



What you will be doing:

• Manage user access and permissions, applying least privilege principles.
• Administer Identity and Access Management (IAM) tools and systems.
• Oversee user onboarding and offboarding processes within IAM.
• Implement and manage Role-Based Access Control (RBAC) frameworks.
• Monitor and resolve IAM-related incidents and service requests promptly.
• Ensure IAM practices comply with relevant policies and regulations (e.g., GDPR, SOX).
• Support security audits and develop comprehensive IAM documentation.
• Collaborate on the implementation of strong authentication methods such as MFA and SSO.
• Identify IAM automation opportunities and recommend improvements based on emerging trends.

• A relevant tertiary degree would be beneficial (Computer Science, IT, Cybersecurity, etc.)
• An ITIL v3 or v4 certification would be ideal.
• Certified Identity and Access Manager (CIAM) would be beneficial.
• 3-5 years of IAM, IT Security, or related experience.
• Financial services or private equity experience preferred.
• Proficient in IAM tools (e.g., Okta, SailPoint, CyberArk, Azure AD, etc.).
• Strong understanding of security protocols (e.g., SAML, OAuth, OpenID Connect, LDAP, etc.).
• Familiarity with directory and cloud services (e.g., Active Directory, Azure AD, AWS, Azure, GCP, etc.).
• Experience with scripting languages for automation (e.g., PowerShell, Python, etc.).

• J106927

Desired Skills:

• IAM Tools
• IT Security
• Financial Services

Canonical Cape Town, Western Cape, South Africa

Join to apply for the Engineering Manager for IAM (Identity and Access Management) role at Canonical

Canonical Cape Town, Western Cape, South Africa

1 week ago Be among the first 25 applicants

Join to apply for the Engineering Manager for IAM (Identity and Access Management) role at Canonical

Canonical is a leading provider of open source software and operating systems to the global enterprise and technology markets. Our platform, Ubuntu, is very widely used in breakthrough enterprise initiatives such as public cloud, data science, AI, engineering innovation, and IoT. Our customers include the world's leading public cloud and silicon providers, and industry leaders in many sectors. The company is a pioneer of global distributed collaboration, with 1200+ colleagues in 75+ countries and very few office-based roles. Teams meet two to four times yearly in person, in interesting locations around the world, to align on strategy and execution.

The company is founder-led, profitable, and growing.

We are hiring an Engineering Manager for IAM (Identity and Access Management) to build high-performing Go and Python services and secure identity and access management solutions that will be used across all company products. From Ubuntu One SSO to Juju, LXD and MAAS your team will define the way Canonical users, clients and community members access their favorite open source applications.

This is an opportunity for a software engineering manager with a passion for distributed systems operations to help us transform the future of identity management at Canonical. Experience in the identity and access management (IAM) field is desirable but not required. You will work with upstream open source projects, alongside internal teams to deliver high quality software that can be deployed on bare metal, public cloud and Kubernetes.

As the identity team engineering manager you will bring significant software development experience, Kubernetes knowledge and a keen eye for software design, performance and security. You will be responsible for working with product management to define the technical vision for the products, managing the team backlog, reviewing code and coaching younger team members.

You will also be involved in all the aspects of the software development process: you will design software, write high-quality code and tests, provide insightful code reviews, write documentation and help to troubleshoot issues.

In addition to the engineering behind the project itself, you'll have the chance to work with industry-leading teams inside Canonical, ensuring your work is backed by rock-solid data stores, and highly observable using our Kubernetes-based Observability stack. You'll work with broader open source communities, participating in "hackfest" events, webinars and conferences.

Location: This role will be based remotely in the EMEA or AMER regions.

What we are looking for in you

• Proven experience hiring and leading a high performance software engineering team
• Experience with Go and Python software development
• Ability to design and implement complex, distributed system
• Experience working with container technology and Kubernetes
• Strong understanding of software/infrastructure security and performance
• Experience designing and/or operating large scale distributed systems
• Knowledge of identity and access management technologies and standards is desirable but not essential
• Exceptional academic track record from both high school and university
• Undergraduate degree in a technical subject or a compelling narrative about your alternative chosen path
• Professional written and spoken English with excellent presentation skills
• Excellent interpersonal skills, curiosity, flexibility, and accountability
• Ability to travel internationally twice a year for company events up to two weeks long
  
  

• Distributed work environment with twice-yearly team sprints in person
• Personal learning and development budget of USD 2,000 per year
• Annual compensation review
• Recognition rewards
• Annual holiday leave
• Maternity and paternity leave
• Team Member Assistance Program & Wellness Platform
• Opportunity to travel to new locations to meet colleagues
• Priority Pass and travel upgrades for long-haul company events
  
  

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Engineering and Information Technology
• Industries Software Development

Referrals increase your chances of interviewing at Canonical by 2x

Get notified about new Engineering Manager jobs in Cape Town, Western Cape, South Africa .

Cape Town, Western Cape, South Africa 4 days ago

Cape Town, Western Cape, South Africa 3 months ago

Cape Town, Western Cape, South Africa 2 weeks ago

Cape Town, Western Cape, South Africa 1 month ago

Cape Town, Western Cape, South Africa 2 months ago

Cape Town, Western Cape, South Africa 3 months ago

Cape Town, Western Cape, South Africa 2 months ago

Cape Town, Western Cape, South Africa 9 months ago

Cape Town, Western Cape, South Africa 3 months ago

Cape Town, Western Cape, South Africa 3 weeks ago

Cape Town, Western Cape, South Africa 3 months ago

Cape Town, Western Cape, South Africa 1 month ago

Cape Town, Western Cape, South Africa 3 months ago

Cape Town, Western Cape, South Africa 2 months ago

Cape Town, Western Cape, South Africa 2 months ago

Cape Town, Western Cape, South Africa 3 weeks ago

Cape Town, Western Cape, South Africa 1 month ago

Cape Town, Western Cape, South Africa 5 months ago

Cape Town, Western Cape, South Africa 3 months ago

Cape Town, Western Cape, South Africa 3 weeks ago

Cape Town, Western Cape, South Africa 5 months ago

Cape Town, Western Cape, South Africa 1 week ago

Cape Town, Western Cape, South Africa 1 month ago

Cape Town, Western Cape, South Africa 1 month ago

Cape Town, Western Cape, South Africa 2 weeks ago

Cape Town, Western Cape, South Africa 1 week ago

Cape Town, Western Cape, South Africa 2 days ago

Cape Town, Western Cape, South Africa 2 weeks ago

Cape Town, Western Cape, South Africa 7 months ago

Cape Town, Western Cape, South Africa 1 month ago

Cape Town, Western Cape, South Africa 2 months ago

Cape Town, Western Cape, South Africa 2 months ago

Cape Town, Western Cape, South Africa 1 month ago

Cape Town, Western Cape, South Africa 1 month ago

Cape Town, Western Cape, South Africa 1 month ago

City of Cape Town, Western Cape, South Africa 1 week ago

City of Cape Town, Western Cape, South Africa 2 weeks ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

The Apex Group was established in Bermuda in 2003 and is now one of the world’s largest fund administration and middle office solutions providers.

Our business is unique in its ability to reach globally, service locally and provide cross-jurisdictional services. With our clients at the heart of everything we do, our hard-working team has successfully delivered on an unprecedented growth and transformation journey, and we are now represented by over circa 13,000 employees across 112 offices worldwide.Your career with us should reflect your energy and passion.

That’s why, at Apex Group, we will do more than simply ‘empower’ you. We will work to supercharge your unique skills and experience.

Take the lead and we’ll give you the support you need to be at the top of your game. And we offer you the freedom to be a positive disrupter and turn big ideas into bold, industry-changing realities.

For our business, for clients, and for you

The Role:

The Manager: Identity and Access Governance is responsible for leading the strategic and operational oversight of identity and access governance across the enterprise. This role ensures that access to systems, applications, and data is managed securely, efficiently, and in compliance with internal policies and external regulations. The manager will oversee a team of IAM and PAM analysts and collaborate closely with security engineering, compliance, and business units to enforce identity governance frameworks and drive continuous improvement. The role reports to the Global Head of Cloud Security Engineering.

Key duties and responsibilities:

Identity & Privileged Access Management

• Develop, implement, and enforce identity and access governance policies, standards, and procedures.
• Lead and mentor a team of IAM and PAM analysts, ensuring effective execution of access reviews, entitlement management, and privileged access controls.
• Oversee the lifecycle of user identities and access rights across enterprise systems, including onboarding, role changes, and offboarding.
• Collaborate with engineering teams to align governance policies with technical implementations in CyberArk, Azure AD, Okta, and future IAM technologies.
• Drive compliance with regulatory requirements (e.g., SOX, GDPR, HIPAA) through effective access controls and audit readiness.
• Manage periodic access certification campaigns and ensure timely remediation of access violations.
• Partner with internal audit, risk, and compliance teams to support assessments and investigations.
• Contribute to the IAM roadmap, including the evaluation and adoption of new technologies and automation opportunities.
• Monitor and report on key IAM metrics, risks, and incidents to senior leadership.

Experience and Knowledge:

• 5-7 years of experience in identity and access management, with at least 2 years in a leadership or managerial role.
• Strong understanding of IAM/PAM principles, frameworks, and regulatory requirements.
• Hands-on experience with CyberArk, Azure AD, Okta, and familiarity with SailPoint or similar IGA (Identity and Access Governance) platforms.
• Proven ability to lead teams, manage projects, and influence cross-functional stakeholders.
• Experience in policy development, access certification, and audit support.
• Excellent communication, analytical, and problem-solving skills.
• Experience working in complex, fast-paced business environments, including ability to coordinate multiple tasks in various locations and time zones.
• Strong negotiation and team-building skills with the ability to create consensus around decisions and mitigate conflicts among different teams.
• High communication skills required at all levels. Excellent command of verbal and written communication (English).
• Possess knowledge and expertise in security disciplines.
• Experience working on projects in the financial services industry would be an advantage.

Preferred Qualifications

• Relevant certifications such as CISSP, CISM, CIAM, or Certified Identity Governance Expert (CIGE) will be encouraged.
• Experience in hybrid cloud environments and modern workplace technologies.
• Familiarity with Zero Trust principles and modern authentication strategies.

What you will get in return:

• A high level of visibility within a large organization on an upwards trajectory.
• Opportunity to work with a diverse, agile and global team.
• Exposure to all aspects of the business and cross-jurisdiction.
• The opportunity to innovate, lead, bring discipline to brand activity and really make a difference.
• A genuinely unique opportunity to be part of an expanding large global business.
• Work for a fast developing and one of the world's leading independent fund administrators.
• Opportunities for professional development.
• Positive and hospitable work environment.
• A genuinely unique opportunity to be part of an expanding large global business.

Additional information:

We are an equal opportunity employer and ensure that no applicant is subject to less favourable treatment on the grounds of gender, gender identity, marital status, race, colour, nationality, ethnicity, age, sexual orientation, socio-economic, responsibilities for dependents, physical or mental disability. Any hiring decision are made on the basis of skills, qualifications and experiences.

We measure our success as a business, not only by delivering great products and services and continually increasing our assets under administration and market share, but also by how we positively impact people, society and the planet.

For more information on our commitment to Corporate Social Responsibility (CSR) please visit

If you are looking to take that next step in your career and are ready to work for a high performing organization, alongside talented people who take pride in delivering great results, please submit your application (with your CV, cover letter and salary’s expectations).

Disclaimer : Unsolicited CVs sent to Apex (Talent Acquisition Team or Hiring Managers) by recruitment agencies will not be accepted for this position. Apex operates a direct sourcing model and where agency assistance is required, the Talent Acquisition team will engage directly with our exclusive recruitment partners.

Principal Responsibilities

• Collaborate with technical and business teams to address security flaws and implement remediation plans.
• Oversee application security tasks, ensuring alignment with audit requirements and internal policies.
• Support change and incident management processes, with a focus on high-priority incidents (P1 & P2).
• Provide guidance to development and support teams on security-related ticket requirements and process expectations, ensuring SLA compliance.
• Act as a liaison with internal stakeholders to ensure clear communication and quality engagements.
• Support governance and administrative functions, including audit preparation and policy development.
• Compile and deliver regular reports, including weekly, monthly, and OSM-specific security metrics.

Required Key Skills (Functional/Technical)
Application Security & Vulnerability Management
• Familiarity with Common Vulnerability Scoring System (CVSS)
• Experience with tools like OWASP ZAP, Veracode, Rapid7 (on-prem), and Wiz.IO (cloud vulnerability management and CSPM)
• Track and assist in the closure of identified vulnerabilities, working closely with IT and Development teams
• Review and maintain secure configurations for systems, applications, and network devices
Security Fundamentals
• Working knowledge of encryption, authentication, and secure data transmission
• Knowledge of network security principles and firewall configurations
• Familiarity with SSO and MFA using OKTA, and directory services such as MS Active Directory
• Experience with CyberArk PAM for privileged access management
Security Information and Event Management (SIEM)
• Use of Splunk SIEM for real-time threat detection and log analysis
• Review and optimise SIEM use cases to enhance threat detection and response capabilities
Monitoring & Endpoint Security
• Experience with Tanium and MS Defender for server and endpoint security management
• Familiarity with IBM Guardium for database activity monitoring
• Exposure to Cyera for data identification and classification
Cloud & Infrastructure Security
• Experience with Wiz.IO for cloud security posture management (CSPM) and IaC scanning
• Understanding of secrets management using AWS Secrets Manager, Azure Key Vault, or GCP Secrets Manager
• Familiarity with Thales and AWS KMS/HSM for key management
Other Tools & Platforms
• Knowledge of SailPoint for identity governance
• Experience with CyCognito for external attack surface management
• Familiarity with Imperva for WAF, DDoS, and botnet protection
• Exposure to ProofPoint and MS Office365 Message Security for email security
• Use of 1Password for credential management
• Awareness of Netwrix for password policy enforcement

About Experian

Experian is a global data and technology company, powering opportunities for people and businesses around the world. We help to redefine lending practices, uncover and prevent fraud, simplify healthcare, create marketing solutions, and gain deeper insights into the automotive market, all using our unique combination of data, analytics and software. We also assist millions of people to realize their financial goals and help them save time and money.

We operate across a range of markets, from financial services to healthcare, automotive, agribusiness, insurance, and many more industry segments.

We invest in people and new advanced technologies to unlock the power of data. As a FTSE 100 Index company listed on the London Stock Exchange (EXPN), we have a team of 22,500 people across 32 countries. Our corporate headquarters are in Dublin, Ireland. Learn more at experianplc.com.

Experience and Skills

• Degree or equivalent qualifications and experience in Computer Science, Information Technology, Data or a related field Technical & Security Experience
• Experience with automated and manual methods for evaluating security controls in both on-prem and cloud environments
• Experience in monitoring and reporting on security flaws and supporting related remediation activities
• Familiarity with change management processes in technology environments Risk, Controls & Compliance
• Contribute to accurate statistical reporting on the market’s IT security posture
• Ensure first line of defence (1LoD) ownership of non-compliance issues, exception justifications, mitigation controls, and risk documentation
• Ensure accuracy and timely completion of control testing and remediations
• Collaborate with Security Partners, RISOs and other governance functions to drive remediation of identified security deficiencies
• Ability to compile management reports and presentations on technical risks, controls, and deficiencies Communication & Collaboration
• Strong ability to communicate complex information clearly and effectively
• Good collaboration, relationship-building, and interpersonal skills
• Act as primary liaison with internal, local and regional stakeholders, ensuring quality engagements and clear progress updates

Additional Information

Our uniqueness is that we celebrate yours. Experian's culture and people are important differentiators. We take our people agenda very seriously and focus on what matters; DEI, work/life balance, development, authenticity, collaboration, wellness, reward & recognition, volunteering. the list goes on. Experian's people first approach is award-winning; World's Best Workplaces 2024 (Fortune Top 25), Great Place To Work in 24 countries, and Glassdoor Best Places to Work 2024 to name a few. Check out Experian Life on social or our Careers Site to understand why.

Experian is proud to be an Equal Opportunity and Affirmative Action employer. Innovation is an important part of Experian's DNA and practices, and our diverse workforce drives our success. Everyone can succeed at Experian and bring their whole self to work, irrespective of their gender, ethnicity, religion, colour, sexuality, physical ability or age. If you have a disability or special need that requires accommodation, please let us know at the earliest opportunity.

Experian Careers - Creating a better tomorrow together

Find out what its like to work for Experian by clicking here

Join to apply for the Information Security Management System (ISMS) Specialist role at Vector Logistics

Join to apply for the Information Security Management System (ISMS) Specialist role at Vector Logistics

Overview

We are a Supply Chain and Sales & Merchandising partner adding value to your business through a fully integrated, temperature-controlled network in Southern Africa.

Permanent

Midrand

Overview

We are a Supply Chain and Sales & Merchandising partner adding value to your business through a fully integrated, temperature-controlled network in Southern Africa.

But we are also more than that. We are people serving people. While we boast the best in tech and infrastructure, our people are our greatest resource. With our skilled, curious, can-do people at the forefront, our assets become your assets, our service your solutions.

Vector’s vehicle fleet includes a food industry first in ‘multi-temperature’ vehicles enabling the company to service business across frozen, chilled and ambient temperature zones on a single delivery.

Job Purpose

Information Security Management System (ISMS) Specialist is responsible for the end-to-end implementation, maintenance, and continuous improvement of the Information Security Management System (ISMS) in accordance with ISO/IEC 27001 standards. The incumbent will play a pivotal role in ensuring the confidentiality, integrity, and availability of our information assets, while also ensuring compliance with legal and regulatory requirements.

Key Responsibilities

ISMS Development And Implementation

• Lead the design, implementation, and continuous improvement of an ISMS aligned with ISO/IEC 27001 and other relevant frameworks (e.g., NIST, POPIA, CIS, CSA etc.).
• Develop, implement, and maintain information security policies, procedures, and guidelines.
• Assess existing information security practices and recommend improvements.
• Ensure the organization's ISMS aligns with business needs, regulatory requirements, and industry best practices.
  
  

• Perform risk assessments to identify potential security risks to the organization's information assets in alignment to ISO 31000.
• Develop risk treatment plans and assist in the implementation of risk mitigation strategies.
• Conduct ongoing risk assessments and audits to ensure the effectiveness of the ISMS.
  
  

• Ensure compliance with ISO/IEC 27001 and other industry standards and regulations.
• Prepare the organization for certification audits and support the audit process.
• Coordinate with auditors and certification bodies.
• Maintain records and documentation to ensure traceability and compliance with ISMS requirements.
  
  

• Provide training to staff and management on information security best practices, policies, and compliance requirements.
• Promote a culture of information security awareness across the organization.
• Support the creation of an internal security awareness program.
  
  

• Assist in the development and testing of incident response plans.
• Provide guidance and support in handling information security incidents.
• Ensure incidents are documented and reported in accordance with regulatory and contractual obligations & assist in post-incident analysis to determine the cause and recommend preventive actions.
  
  

• Define and monitor ISMS-related KPIs and metrics.
• Monitor and report on the performance of the ISMS, identifying areas for improvement.
• Monitor compliance with security policies and procedures.
• Lead regular internal audits to assess the effectiveness of the ISMS.
• Recommend and implement improvements based on audit findings, risk assessments, and evolving industry practices.
• Keep up-to-date with emerging threats, vulnerabilities, and regulatory changes.
  
  

• Assess and monitor third-party vendors and service providers for information security compliance.
• Assist in the integration of ISMS controls into third-party contracts and SLAs.
  
  

• This role plays a critical role in managing and maintaining relationships with both internal and external stakeholders.
• These interactions are essential for ensuring the organization’s security posture is robust and aligned with its strategic objectives.
  
  

• Bachelor’s Degree: A bachelor’s degree in information security, Computer Science, Information Technology, or a related field is required.
• Mandatory Requirement: ISO27001 Lead Implementer Preferrable: ISO27001 Lead Auditor, Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA)
• The ISMS Specialist role demands a robust combination of technical expertise, specialized knowledge, and strong leadership abilities. The ideal candidate must have an intrinsic understanding of the ISMS statement of applicability.
• The ideal candidate should possess in-depth knowledge of information security frameworks such as ISO/IEC 27001, NIST, and CIS Controls. Familiarity with IT governance frameworks (e.g., COBIT, ITIL)., and have extensive experience in risk management, incident response, and compliance, particularly with South African regulations like POPIA and the Cybercrimes Act.
• Soft skills such as excellent communication, adaptability, attention to detail, and ethical judgment are also vital, enabling the Information Security Compliance Specialist to convey complex security concepts, adapt to evolving threats, and uphold the highest standards of security and privacy within the organization. Experience in BIA, BCM, DR.Include experience in vulnerability management, patching, JML.
• Minimum of 7-10 years of experience in the field of information security, cybersecurity, or a related discipline, with at least 1-3 years in a managerial or leadership capacity. This experience should include hands-on management of security frameworks such as ISO/IEC 27001 and NIST, as well as significant exposure to risk management, incident response, and compliance with industry regulations.
• Proven experience of leading ISO/IEC 27001 certification projects and certification maintenance.
• Experience in working with ISO27001 certification bodies.
• Development of audit and ISMS remediation plans.
• Familiarity with data protection laws and industry regulations.
• Relevant professional certifications such as CISM, CRISC, or CISA, which validate their expertise in key areas of information security. Knowledge of security tools, including Microsoft Sentinel, CyberReason, and Microsoft Defender, is essential for managing the organization’s security posture effectively.
  
  

• Strategic Thinking: Ability to align security strategies with business objectives and anticipate future challenges.
• Technical Expertise: Knowledge of security frameworks, technologies, and tools, with strong proficiency in threat analysis and mitigation.
• People Management: Strong leadership skills to build, manage, and effectively leverage external resources.
• Decision-Making and Judgment: High discretion in making critical security decisions, balancing immediate needs with long-term goals.
• Collaboration and Communication: Excellent interpersonal skills for engaging with both technical and non-technical stakeholders and building strong relationships.
• Problem-Solving and Analytical Skills: Strong analytical abilities to assess and resolve complex security issues across organizational boundaries.
• Compliance and Regulatory Knowledge: In-depth understanding of relevant regulations and standards, ensuring ongoing compliance.
• Adaptability and Resilience: Ability to adapt to changing security landscapes and manage high-pressure situations.
• Ethical Integrity: Commitment to upholding the highest ethical standards in all security practices
  
  

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Information Technology
• Industries Transportation, Logistics, Supply Chain and Storage

Referrals increase your chances of interviewing at Vector Logistics by 2x

Johannesburg, Gauteng, South Africa 2 days ago

Johannesburg, Gauteng, South Africa 1 week ago

Johannesburg Metropolitan Area 3 days ago

Johannesburg, Gauteng, South Africa 1 month ago

Randburg, Gauteng, South Africa 4 days ago

Johannesburg, Gauteng, South Africa 1 week ago

Randburg, Gauteng, South Africa 5 days ago

Pretoria, Gauteng, South Africa 2 weeks ago

Johannesburg Metropolitan Area 3 days ago

Centurion, Gauteng, South Africa 4 days ago

Johannesburg, Gauteng, South Africa 1 day ago

Johannesburg, Gauteng, South Africa 6 days ago

Johannesburg, Gauteng, South Africa 5 days ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Information Security Management System (ISMS) Specialist

Permanent

Midrand

Overview

We are a Supply Chain and Sales & Merchandising partner adding value to your business through a fully integrated, temperature-controlled network in Southern Africa.

But we are also more than that. We are people serving people. While we boast the best in tech and infrastructure, our people are our greatest resource. With our skilled, curious, can-do people at the forefront, our assets become your assets, our service your solutions.

Vector’s vehicle fleet includes a food industry first in ‘multi-temperature’ vehicles enabling the company to service business across frozen, chilled and ambient temperature zones on a single delivery.

Job Purpose
Information Security Management System (ISMS) Specialist isresponsible for the end-to-end implementation, maintenance, and continuousimprovement of the Information Security Management System (ISMS) in accordancewith ISO/IEC 27001 standards. The incumbent will play a pivotal role inensuring the confidentiality, integrity, and availability of our informationassets, while also ensuring compliance with legal and regulatory requirements.

Key Responsibilities

ISMS Development and Implementation:

• Lead the design, implementation, and continuous improvement of an ISMS aligned with ISO/IEC 27001 and other relevant frameworks (e.g., NIST, POPIA, CIS, CSA etc.).
• Develop, implement, and maintain information security policies, procedures, and guidelines.
• Assess existing information security practices and recommend improvements.

• Ensure the organization's ISMS aligns with business needs, regulatory requirements, and industry best practices.

Risk Assessment and Management:

• Perform risk assessments to identify potential security risks to the organization's information assets in alignment to ISO 31000.
• Develop risk treatment plans and assist in the implementation of risk mitigation strategies.
• Conduct ongoing risk assessments and audits to ensure the effectiveness of the ISMS.

Compliance and Audits:

• Ensure compliance with ISO/IEC 27001 and other industry standards and regulations.
• Prepare the organization for certification audits and support the audit process.
• Coordinate with auditors and certification bodies.
• Maintain records and documentation to ensure traceability and compliance with ISMS requirements.

Training and Awareness:

• Provide training to staff and management on information security best practices, policies, and compliance requirements.
• Promote a culture of information security awareness across the organization.
• Support the creation of an internal security awareness program.

Incident Response and Management:

• Assist in the development and testing of incident response plans.
• Provide guidance and support in handling information security incidents.
• Ensure incidents are documented and reported in accordance with regulatory and contractual obligations & assist in post-incident analysis to determine the cause and recommend preventive actions.

Continuous Improvement:

• Define and monitor ISMS-related KPIs and metrics.
• Monitor and report on the performance of the ISMS, identifying areas for improvement.
• Monitor compliance with security policies and procedures.
• Lead regular internal audits to assess the effectiveness of the ISMS.
• Recommend and implement improvements based on audit findings, risk assessments, and evolving industry practices.
• Keep up-to-date with emerging threats, vulnerabilities, and regulatory changes.

Vendor and Third-Party Risk Management:

• Assess and monitor third-party vendors and service providers for information security compliance.
• Assist in the integration of ISMS controls intothird-party contracts and SLAs.

Key Relationships

Key Relationship 1

• This role plays a critical role in managing and maintaining relationships with both internal and external stakeholders.
• These interactions are essential for ensuringthe organization’s security posture is robust and aligned with its strategicobjectives.