360 Information Risk Manager jobs in South Africa

Nestled between majestic mountains and overlooking the vineyards of Stellenbosch, Delaire Graff Estate is South Africa's most desirable art, hospitality, and wine destination. This magnificent Cape Winelands property boasts two outstanding restaurants, a state-of-the-art winery, exclusive lodges, a destination spa, and luxury boutiques.

This is a full-time, on-site role for a Information Technology Risk Manager based at Delaire Graff Estate in Stellenbosch.

Main duties & responsibilities:

• Perform monthly vulnerability scans on all IT infrastructure and resolve identified issues.
• Recommend and implement necessary upgrades for vulnerable equipment.
• Ensure Office 365 Cloud Services are secured with all required security measures in place.
• Manage anti-virus and cyber security software on servers and individual devices.
• Conduct penetration tests and implement decoy systems.
• Set up, monitor, and maintain SIEM systems, managing potential risks effectively.
• Configure and maintain firewall security (Checkpoint) and malware protection (ESET Remote Administrator).
• Set up and manage servers (VMware), domain controller (Microsoft Active Directory 2019), Point of Sale systems (EasiPos), accounting software servers (Sage Evolution), biometric access control, fiber internet lines, backup Wi-Fi links, and related processes.
• Collaborate with the Senior IT Systems Administrator on all tasks.
• Liaise with third-party cyber security service providers as required.

Secondary responsibilities:

• Install, configure, and provide technical support for hardware and software.
• Manage configuration and operation of client-based operating systems.
• Monitor systems daily, responding immediately to security or usability concerns.
• Create and verify backups (Acronis Cyber Cloud).
• Upgrade systems and processes for enhanced functionality and security.
• Set up user accounts, workstations, and Office 365 email accounts for new staff members.
• Troubleshoot system issues and outages promptly.
• Manage Wi-Fi connections (Unifi Controller) to ensure 100% uptime for clients and staff.
• Maintain the cloud-based phone system (3CX).

Requirements:

• Relevant tertiary qualification in Cyber Security, Computer Science, or Computer Engineering.
• 5–10 years' experience in Cyber Threat or IT Risk Management preferred.
• Applicable Microsoft certifications.
• Proficiency in networks (LAN/WAN), VPNs, and patch management.
• Strong knowledge of Office 365 Cloud Services, Ubiquiti APs, HP Aruba Switches & VLAN, Windows 10/11, Windows Server 2019/2022, Active Directory (users, groups, policies, DNS, DHCP), and fiber network topologies.
• Excellent problem-solving abilities and attention to detail.
• Ability to take ownership, work independently, and perform under pressure.
• Strong organizational skills with the ability to handle multiple tasks and meet deadlines.
• Excellent interpersonal and communication skills, with the ability to engage at all levels.

Delaire Graff Estate is an equal opportunity employer.

Job Title:
IT & Cyber Security Risk Manager

Contract Duration:
6 Months Renewable

Location:
Hybrid

Domain
: Banking

Job Description / Responsibilities:

The role is a VP role, responsible for managing technology and cybersecurity risks to protect customer data, ensure regulatory compliance, and support the bank's digital resilience.

#No chancers please

Key Responsibilities:

• Develop and maintain a robust IT and cyber risk management framework aligned with banking regulations in accordance to the banks policies and standards.
• Conduct risk assessments across core banking systems, digital platforms, and third-party service providers.
• Collaborate with Information Security, Compliance, and Internal Audit to address control gaps and emerging threats.
• Monitor regulatory developments and ensure timely implementation of required controls and reporting.
• Lead cyber incident response planning, testing, and post-incident reviews.
• Provide regular risk reporting to executive management and risk committees.
• Assist in assurance activities and engagement with assurance providers

Requirements:

• Minimum
  8–10 years
  in
  IT risk management, cybersecurity, or technology governance.
• At least
  5 years
  in a
  leadership or senior advisory role
  within financial services.
• Industry Experience:
  Strong experience in the
  banking and financial services sector
  , with deep understanding of banking operations, digital platforms, and regulatory environments.
• Familiarity with
  local and international banking regulations
  , such as
  SARB, Basel III, POPIA, GDPR, and PCI-DSS.
• Proven track record in managing risk across
  core banking systems
  , cloud environments, and third-party vendors.

Preferred Qualifications & Skills:

• Bachelor's or Master's degree in Information Technology, Cybersecurity, Risk Management, or related field.
• Professional certifications such as
  CISM, CRISC, CISSP, CGEIT, or ISO 27001 Lead Implementer/Auditor
  .
• Strong analytical, communication, and stakeholder engagement skills.
• Experience with risk management tools and frameworks (e.g.,
  COBIT, NIST, FAIR)
  .
• Data Analysis
  and Statistics
• Risk Modeling
• Regulatory Compliance
• Cybersecurity Fundamentals

• Who we're looking for: An experienced Information Security Manager to lead the implementation and ongoing maturity of our Information Security Management System (ISMS), ensure alignment with ISO 27001:2022, and manage risk across the business.
• The challenge: To own the ISMS documentation and audit programme, coordinate internal and external audits, oversee the risk register, and support internal teams on policy compliance and security awareness.
• Where you'll work: This role will be based in Cape Town, you'll be part of our global team, collaborating with colleagues and serving customers across the UK, USA, Australia, South Africa, and beyond. Our hybrid approach offers flexibility with regular team connection in our Cape Town office.

The Tillo Difference

We're in the business of rewards and incentives, so we know a thing or two about the importance of giving back. We can't grow as a business without growing as individuals, so we are committed to providing a workplace where passionate, driven individuals can thrive. We value collaboration, trust, positivity, and a willingness to learn - only by working as a team will we reach our goals.

We're the market leader in the UK and are active in a number of other markets including USA, Europe, Australia and India.

This role will be responsible for:

• ISMS Ownership & Audit Readiness

• Maintain and evolve the ISMS documentation and controls in line with ISO 27001:2022.

• Coordinate and lead internal audits (quarterly for TZ) and external certification audits.
• Write up audit findings and risk reports for SLT and the Board.
• Monitor ISMS KPIs and compliance metrics .

• Risk Management

• Own the company-wide risk register and associated documentation (excluding the risk framework itself).

• Support teams in identifying, assessing, and documenting risks.
• Track and ensure timely implementation of Risk Treatment Plans.
• Monitor and report on key risk metrics.

• Incident & Corrective Action Management

• Maintain the incident log, ensuring proper documentation, root cause analysis and closure.

• Drive corrective actions and improvements from internal/external audits and incidents.

• Security Policy & Training

• Maintain and develop ISO 27001-compliant security policies (non-Engineering).

• Coordinate business-wide security awareness training (e.g., KnowBe4).
• Champion InfoSec awareness and lead monthly security meetings.

• Client & Vendor Security Assurance

• Complete InfoSec and risk sections of client due diligence questionnaires.

• Support the development of a Trust Centre to streamline security responses.

What we're looking for

• 3+ years in an Information Security or Risk Management role with experience in ISO 27001 implementation and audits.
• A strong understanding of risk frameworks, internal controls, and compliance management.
• Experience with audit coordination and ISMS documentation.
• The ability to translate technical and regulatory language into business-friendly advice.
• Working knowledge of privacy, AML, and business continuity requirements.
• Familiarity with InfoSec tooling (e.g., Drata, Vanta, KnowBe4).
• Exceptional communication, reporting and organisational skills.

Benefits

We offer all our employees trust and empower our team to work with flexibility and autonomy. We're a close-knit team and love working collaboratively, with our hybrid model, our team can come together at our fantastic offices, but also focus in their own space. The Tillo team are a motivated bunch and we all work hard to push Tillo forwards, always innovating. We completely understand the importance of work/life balance and offer a supportive and collaborative working environment with the following benefits:

• 21 days holiday per annum
• Retirement Fund (5%)
• Health insurance contribution
• Employee Incentive Scheme
• Hybrid Working
• Top spec equipment including laptop, mouse, keyboard, monitor
• Anniversary gifts
• Monthly breakfasts, drinks, snacks and events
• Team Learning & Development budget

Tillo makes gift cards, rewards, and incentives simple, efficient, and profitable. Operating in over 37 markets and 25 currencies, Tillo processes billions in gift card transactions through a single, plug-and-go API, powering rewards and incentives for the world's leading businesses.

Backed by Tenzing, Tillo is setting the global standard for digital gift card infrastructure.

Diversity, Equity, and Inclusion Statement

We are committed to fostering a diverse and inclusive workplace where everyone feels valued and respected. We welcome applications from individuals of all backgrounds, regardless of age, disability, gender identity, marital status, race, ethnicity, religion or belief, sex, or sexual orientation.

If you require any reasonable adjustments during the recruitment process, please let us know, and we will be happy to accommodate your needs.