146 Information Governance jobs in South Africa

The Senior Manager Information Security and Governance is responsible for the development of Information Security risk and governance management strategy and frameworks, including developing and implementing appropriate policies and processes relating to group security. The role will also implement information security governance and compliance protocols and will provide industry benchmarking and trends to ensure continuous alignment with best practices.

Minimum of 7 years of experience in Fintech, Financial Services banking, mobile money
Manager track record of 3-4 years or more

Please select a reason for contacting us* I want to enquire about your services Other

What is your role in your organisation

What is your desired timeframe for the project to go live?

In which region(s) do you plan to offer your product/solution?

What are you interested in?

How did you find out about us?

I accept Terms and Conditions

I would like to receive EFT Corporation News and Updates

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

At EFT Corporation, success starts with people. Our team of 290+ professionals works across the United Kingdom, South Africa, Zambia, Ghana, Kenya, Mauritius, Zimbabwe, and India, bringing together deep local knowledge and shared ambition.With over 25 years of experience, we partner with more than 100 financial institutions to deliver secure, modern payment solutions that improve access and make everyday transactions easier. We're building the future of payments through smart technology, strong partnerships, and a clear focus on progress.

• Career Development: We invest in your future by providing continuous learning, mentorship, and growth opportunities.
• Work-Life Balance: We support flexible work arrangements and wellness programs to ensure you can thrive both professionally and personally.
• Impact-Driven Work: Be part of a company driving innovation and transforming financial services across Africa.
• Diversity, Equity & Inclusion Commitment: Be part of a workplace where everyone feels valued and appreciated

• As an Information Security Officer , your job purpose is to be held accountable in respect to assisting the Senior Security and Infrastructure Engineer and the Senior DevOps Engineers in the following:
  • Assisting in maintaining the safety and security of the organisation’s systems and network database to prevent unauthorized access and avoid data breaches.
  • Maintaining the organisation’s systems and networks.
  • Assisting in overseeing the entire software development process, from planning and development to deployment and maintenance.
  • This role requires expertise in both software development and operations, as well as an understanding of the DevOps methodology.
  • This includes CI/CD, Infrastructure management (AWS), Automation, Monitoring, logging and metrics, Collaboration and Security.
  • The role also requires a significant focus on PCI compliance and support and collaboration with the Security and Infrastructure team is required.
• You will be responsible for owning the Futurex HSM and Thales HSM device management which includes:
  • Yearly Key management/replacement ceremonies.
  • PCI compliance as it relates to the HSM.
• Assisting with new security compliance:
  • ISO27001.
  • PCI+PIN.

• Facilitate annual PCI audits.
• Linux Operating systems are security patched in a timely manner. If patching will affect customers, arrange with operations support, and follow the correct change control process.
• Maintain Elastic SIEM.
• Respond to and investigate SIEM alerts.
• Respond to operational system alerts and/or operational queries across the entire technology stack (Production and QA system issues, infrastructure issues, Databaseissues, Network issues, Security and Firewall issues and any 3rd party or customer integration issues) as they occur.
• Manage / Deploy system tooling that may be beneficial to the business.
• Research, POC and deploy new open source or when applicable closed source tooling that is beneficial to the business systems or processes. This can be in supporting Applications, Monitoring, Logging, SIEM, AI/machine Learning, Fraud Detection, Operational Support applications, Authentication systems, BI / Data Analytics, networks, Security or compliance.
• Create ad hoc Python scripts / Applications to perform various repetitive tasks.
• Ensure that AWS environments and services are architectured and configured in a secure and redundant manner including all security services from AWS.
• Maintain AWS services including but not limited to: VPC, EC2, ECS, ECS Fargate, ECR, Guard Duty, Cloudwatch, Cloudtrail, Security groups, VPC Routing, Site to Site VPNs, Application Load balancers / network load balancers, Web application firewalls,etc.
• Architect, support and maintain connectivity between 3rd parties, Banking partners, integrators and on prem datacentres.
• Ensure best practice security measures are implemented.
• Ensure best practices regarding system isolation and scope reduction.
• Provide support to field engineers on HSMs and key management.
• Maintain internal HSMs and key management procedures.
• Provide support to the product and SLDC teams – this includes consulting on design, finding compliant solutions for customer issues, and filling out cyber risk assessments for customers or tenders.

• Maintain/Improve (PC14) PCI.
• GDPR.
• Ensure Security, Infrastructure & Procedures (with supporting team) are comprehensive and kept up to date.Security Tooling:
• Ensure SSO, Intrusion detection, SIEM, Antivirus, Patch Management and PGP are implanted as per the polices.
• Stimulation / adoption of user-driven security culture (give security a brand within the org and educate).

• To increase efficiency and reduce errors for both security and infrastructure management.
• To reduce costs (optimize) without sacrificing performance and security.

• Ensure that weekly vulnerability scans results are tracked, and vulnerabilities are remediated within set severity timeframes weekly.
• Review all daily and weekly BAU PCI Items for signoff monthly.
• Ensure weekly Internal and External Scans were completed.
• Perform data analysis reporting monthly.
• Maintain a strong security posture within the card holder environment.
• Work with 3rd party to ensure PCI Certification Audit is completed and passed on time.
• Review Security Commitment to third parties.

• Bachelor’s degree in Computer Science or related field.
• 3 years’ relevant experience.
• Experience within the payment / banking sector.
• Experience working with PCI Audits / Security in DevOps, Linux, Mysql, Cloud (AWS).
• Network experience (particularly cloud based / virtual).

• PCI Audits / Security / Processes.
• Linux, Mysql, and Cloud (AWS).
• Experience with automation tools like CloudFormation, Ansible, Puppet, Chef, etc.
• Cloud knowledge, specifically AWS.
• Logging Frameworks: ELK stack, cloudwatch, etc.
• Monitoring and Alerting Framework: Zabbix, Nagios, etc.

• Ability to learn new technologies at pace.
• Problem solving.
• Ability to work within a high stress & flux environment.
• Ability to foster & cultivate relationships with internal & external stakeholders.
• Ability to work autonomously as well as part of a team.
• Assertiveness – communicating feelings and beliefs; being non-offensive.
• Detail & deadline oriented.
• Analytical & critical thinking.
• Celebrate Your Special Day: Enjoy a dedicated day off to celebrate your birthday.
• Wellbeing Matters: Maintain a healthy work-life balance with up to 3 days of wellbeing leave annually.
• Family Comes First: Support your loved ones when it matters most with up to 20 days of family responsibility leave.

• Empowerment
  We trust our team to lead, make decisions, and drive outcomes.
• Financial Inclusion for All
  We build payment solutions that broaden access and support diversity.
• Technology with Purpose
  We design tech that simplifies and improves every transaction.
• Customer-Centric
  Our customers are at the heart of everything we do.

Join EFTCorporation and help shape simpler, more inclusive payments for millions across Africa.

Ready to make your mark? Apply Now

EFT Corporation is an Equal Opportunity Employer. Diversity drives our success, and we welcome passionate individuals from all walks of life to join our team.

EFT Corporation does not accept unsolicited resumes from search firms/recruiters. EFT Corporation will not pay any fees to search firms/recruiters if a search firm/recruiter submits a candidate unless an agreement has been entered into concerning the specific open position(s). Search firms/recruiters offering resumes to EFT Corporation on an unsolicited basis shall be deemed to accept this condition, regardless of any other provision to the contrary.

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

Job title: Information Security Architect

Contract duration: Start with 6 months

First preference: EEE candidates

Location: JHB

The Head of Security Architecture for the organization is responsible for designing, implementing, and maintaining robust security architectures that protect sensitive data in compliance with regulations such as POPIA, GDPR. This role is critical in safeguarding the confidentiality, integrity, and availability of electronic health records (EHR), patient and employee information, medical devices, and cloud-based healthcare services. The role will focus on designing and developing security architecture that aligns business and corporate security strategy. The role will collaboratively direct Security Architects, IT, and Engineers to design and build security controls and solutions compliant with approved enterprise architecture frameworks and standards across business and digital.

Key Responsibilities:

• Design and develop complex and comprehensive security architectures for our systems, applications, and infrastructure, considering both current and future needs.
• Collaborates with stakeholders, including developers, engineers, and project managers, to integrate security requirements into the system design and development lifecycle.
• Provides guidance and expertise in secure coding practices, network security, identity and access management, data protection, and other security domains.
• Model threats and risks, designing the controls necessary to mitigate them, on both an organizational and technical level – thinking like an attacker, understanding and anticipating the moves and tactics that a hacker might use to attack systems.
• Follow the architecture analysis process, which consists of research, validation, and evaluation of all new initiatives, with phase gate reviews presented to all stakeholders during key forums, including current trends such as AI and LLMS.
• Evaluates and selects security technologies, tools, and frameworks to support the organization’s security.
• Define portfolio vision and reusable security patterns aligned with the EA strategy.
• Lead architecture reviews for high-risk projects, driving recommendations to resolution.
• Advise on security controls for hybrid and cloud platforms, balancing usability, cost, and compliance.
• Defines and applies security policies, standards, and procedures to ensure compliance with industry regulations and best practices.
• Leads incident response activities, including identification, containment, eradication, and recovery, in coordination with the incident response team.
• Experience with Cloud Security platform vendors and technologies such as Azure and AWS.
• Manage security architects and mentor engineers, developers, and vendors.

What will you bring?

• Risk-based decision-making - expert in ISO 27001 / NIST / CIS controls, able to quantify and articulate risk, then select proportionate, cost-effective controls.
• Pen-testing & threat-modelling - scoping, overseeing, and translating results into enforceable patterns and backlog items.
• Influential communication - proven ability to engage C-suite and delivery stakeholders alike, adapting style to gain agreement and drive secure-by-design culture.
• Teamwork and Energy – work across different functional and business teams with effective collaboration.
• Technical depth - hands-on knowledge of cloud security, IAM, container & API security, network segmentation, encryption, and DevSecOps toolchains; capable of explaining the exploitability of complex vulnerabilities. Zero trust design thinking.
• Mentoring & governance - experience in line-managing or coaching security architects/engineers and running architecture assurance or design-review boards.
• Secure-system design leadership - demonstrable track record creating or validating architectures for large-scale, high-risk services using recognised frameworks (SABSA, TOGAF).

Requirements / Skills and Competence

• Tertiary qualification in Computer Science, Engineering, or related field (preferred)
• Minimum of 5-10 years of experience in Security Architecture.
• CISSP, CISA, CISM, or other relevant security-related designation(s) preferred.
• Certifications in CISSP-ISSAP, TOGAF, or SABSA, cloud architecture (Microsoft, AWS, GCP)
• Experience in identifying gaps in existing architectures.
• Understanding of security infrastructure in Public and Private Cloud, e.g., virtual network infrastructure, hybrid IaaS/PaaS/SaaS solutions.
• Experience in designing security architectures to mitigate threats and sound knowledge of security strategies and technologies.
• Direct the Project and Security teams with the guidance to build policies, standards, risks, and controls frameworks supporting operational requirements for the business.
• Good experience in security architecture design in Cloud and on-prem.
• Design and implementation of IOT, endpoint protection, and secure IAM.
• Understanding of authentication and authorisation technologies (SAML, LDAP, PKI, etc.) and other IAM technologies
• Understanding of the implementation, operation, and maintenance of SIEM, boundary protection technologies (firewalls, mail gateways), Antivirus, and AD security products
• Knowledge of web application architectures and threat modelling.

Our client, a leading financial services firm, is seeking an Information Security Consultant to join their team on a permanent basis.

• Security Auditing
• Responsible for Security tools monitoring
• Network experience (TCP/IP, Firewalls, IPS, NAC)
• Operating System management and Hardening
• Anti-Virus System management and Configuration
• Logical Access Management
• Vulnerability Management

• Matric and an Information Technology diploma or degree qualification
• 4+ years experience in the field

Salary: Market Related