What Jobs are available for Intrusion Detection in South Africa?

Company Description

INTERCERT is a multinational company headquartered in Texas, USA, operating in over 28 countries. Founded in 2009, INTERCERT is dedicated to building a secure and sustainable world through customer-centric services. We are accredited by leading organizations, including America's accreditation board under IAF for ISO Certification Services, Cloud Security Alliance for CSA STAR Certification services, AICPA CPA Firm for SOC1 & SOC2 Audit Attestation and CREST accreditation for PEN Testing Services. Our services also encompass CMMC, PCI DSS Certification, and Data Protection compliance for standards such as GDPR, HIPAA, and Cybersecurity frameworks. With a team of over 150 experienced assessors, we deliver global assessment services with a focus on compliance and excellence.

Role Description

This is a full-time, remote working role for an Information Security Analyst in South Africa. The Information Security Analyst will be responsible for day-to-day tasks such as assist with the planning and execution of GRC audits such as ISO 27001, ISO 22301, ISO 27701, SOC2, GDPR etc.

Qualifications

Bachelor's Degree or equivalent focused on Information
Security / Cybersecurity

Experience Level

0-6 months

Roles and Responsibilities

Assist with the planning and execution of GRC audits such as ISO 27001, ISO 22301, ISO 27701, SOC2, GDPR etc.

Help assess the design and effectiveness of internal controls, including business and IT controls.

Prepare reports and documentation for external audits and communicate audit findings and recommendations.

Stay updated on evolving regulatory changes, industry standards, and best practices related to GRC, risk management, and auditing.

Company Description

INTERCERT is a multinational company headquartered in Texas, USA, operating in over 28 countries. Founded in 2009, INTERCERT is dedicated to building a secure and sustainable world through customer-centric services. We are accredited by leading organizations, including America's accreditation board under IAF for ISO Certification Services, Cloud Security Alliance for CSA STAR Certification services, AICPA CPA Firm for SOC1 & SOC2 Audit Attestation and CREST accreditation for PEN Testing Services. Our services also encompass CMMC, PCI DSS Certification, and Data Protection compliance for standards such as GDPR, HIPAA, and Cybersecurity frameworks. With a team of over 150 experienced assessors, we deliver global assessment services with a focus on compliance and excellence.

Role Description

This is a full-time, on-site role for an Information Security Analyst / Interns at INTERCERT INC., located in South Africa. The Information Security Analyst / Intern will be responsible for day-to-day tasks such as assist with the planning and execution of GRC audits such as ISO 27001, ISO 22301, ISO 27701, SOC2, GDPR etc.

Qualifications

Bachelor's Degree or equivalent focused on Information
Security/Cybersecurity

Experience Level

0-6 months

Roles and Responsibilities

Assist with the planning and execution of GRC audits such as ISO 27001, ISO 22301, ISO 27701, SOC2, GDPR etc.

Help assess the design and effectiveness of internal controls, including business and IT controls.

Prepare reports and documentation for external audits and communicate audit findings and recommendations.

Stay updated on evolving regulatory changes, industry standards, and best practices related to GRC, risk management, and auditing.

Our clients in the consulting space are on the hunt for a seasoned Senior Information Security Analyst to join their teams in the Western cape. Work and collaborate with Dynamic teams, architects and stakeholders on a hybrid model and expand your skillset exponentially.

Responsibilities:

• Who we're looking for: An experienced Information Security Manager to lead the implementation and ongoing maturity of our Information Security Management System (ISMS), ensure alignment with ISO 27001:2022, and manage risk across the business.
• The challenge: To own the ISMS documentation and audit programme, coordinate internal and external audits, oversee the risk register, and support internal teams on policy compliance and security awareness.
• Where you'll work: This role will be based in Cape Town, you'll be part of our global team, collaborating with colleagues and serving customers across the UK, USA, Australia, South Africa, and beyond. Our hybrid approach offers flexibility with regular team connection in our Cape Town office.

The Tillo Difference

We're in the business of rewards and incentives, so we know a thing or two about the importance of giving back. We can't grow as a business without growing as individuals, so we are committed to providing a workplace where passionate, driven individuals can thrive. We value collaboration, trust, positivity, and a willingness to learn - only by working as a team will we reach our goals.

We're the market leader in the UK and are active in a number of other markets including USA, Europe, Australia and India.

This role will be responsible for:

• ISMS Ownership & Audit Readiness

• Maintain and evolve the ISMS documentation and controls in line with ISO 27001:2022.

• Coordinate and lead internal audits (quarterly for TZ) and external certification audits.
• Write up audit findings and risk reports for SLT and the Board.
• Monitor ISMS KPIs and compliance metrics .

• Risk Management

• Own the company-wide risk register and associated documentation (excluding the risk framework itself).

• Support teams in identifying, assessing, and documenting risks.
• Track and ensure timely implementation of Risk Treatment Plans.
• Monitor and report on key risk metrics.

• Incident & Corrective Action Management

• Maintain the incident log, ensuring proper documentation, root cause analysis and closure.

• Drive corrective actions and improvements from internal/external audits and incidents.

• Security Policy & Training

• Maintain and develop ISO 27001-compliant security policies (non-Engineering).

• Coordinate business-wide security awareness training (e.g., KnowBe4).
• Champion InfoSec awareness and lead monthly security meetings.

• Client & Vendor Security Assurance

• Complete InfoSec and risk sections of client due diligence questionnaires.

• Support the development of a Trust Centre to streamline security responses.

What we're looking for

• 3+ years in an Information Security or Risk Management role with experience in ISO 27001 implementation and audits.
• A strong understanding of risk frameworks, internal controls, and compliance management.
• Experience with audit coordination and ISMS documentation.
• The ability to translate technical and regulatory language into business-friendly advice.
• Working knowledge of privacy, AML, and business continuity requirements.
• Familiarity with InfoSec tooling (e.g., Drata, Vanta, KnowBe4).
• Exceptional communication, reporting and organisational skills.

Benefits

We offer all our employees trust and empower our team to work with flexibility and autonomy. We're a close-knit team and love working collaboratively, with our hybrid model, our team can come together at our fantastic offices, but also focus in their own space. The Tillo team are a motivated bunch and we all work hard to push Tillo forwards, always innovating. We completely understand the importance of work/life balance and offer a supportive and collaborative working environment with the following benefits:

• 21 days holiday per annum
• Retirement Fund (5%)
• Health insurance contribution
• Employee Incentive Scheme
• Hybrid Working
• Top spec equipment including laptop, mouse, keyboard, monitor
• Anniversary gifts
• Monthly breakfasts, drinks, snacks and events
• Team Learning & Development budget

Tillo makes gift cards, rewards, and incentives simple, efficient, and profitable. Operating in over 37 markets and 25 currencies, Tillo processes billions in gift card transactions through a single, plug-and-go API, powering rewards and incentives for the world's leading businesses.

Backed by Tenzing, Tillo is setting the global standard for digital gift card infrastructure.

Diversity, Equity, and Inclusion Statement

We are committed to fostering a diverse and inclusive workplace where everyone feels valued and respected. We welcome applications from individuals of all backgrounds, regardless of age, disability, gender identity, marital status, race, ethnicity, religion or belief, sex, or sexual orientation.

If you require any reasonable adjustments during the recruitment process, please let us know, and we will be happy to accommodate your needs.

We're Hiring: Information Security Specialist

Company Description

Welcome to JNS Cloud Solutions, where innovation meets excellence in web design and development, SharePoint services, and ICT resourcing. Our comprehensive suite of services is designed to elevate businesses through managed IT services, strategic professional insights, and dedicated quality assurance. We also offer Office 365 solutions, data strategy consulting, application migration & development, and AI-powered transformation to stay ahead in the digital landscape.

Role Description

We are looking for an Information Security Specialist for a contract role in the Johannesburg Metropolitan Area with some work from home flexibility. The Information Security Specialist will be responsible for ensuring the security of applications, managing cybersecurity protocols, and overseeing information security management operations. The role also involves maintaining data privacy and network security within the organization.

Qualifications

• Proficiency in Application Security
• Experience in Cybersecurity and Information Security Management
• Knowledge in Data Privacy practices
• Skills in Network Security management
• Strong analytical and problem-solving abilities
• Excellent written and verbal communication skills
• Ability to work independently and as part of a team
• Relevant industry certifications (e.g., CISSP, CISM) are a plus

Are you passionate about securing enterprise data during high-impact migrations?

Join our team to: Ensure
data encryption
during migration (in transit & at rest)

Perform
risk assessments
for SharePoint Online migration

Guarantee
compliance with security standards

Requirements
:

• Proven experience in
  data security and compliance
• Strong understanding of
  ISO 27001
  or equivalent standards
• Experience with
  SharePoint and Microsoft 365 environments
  is a plus

Contract Duration: 30 months

Submit your
CV and project examples
to (Insert application email or link)

Be part of a team modernising one of South Africa's largest digital ecosystems.

Designation:

Information Security Manager | Waterfall, Midrand, Gauteng | Permanent

Category:

Information Technology

Job Level:

Professionally qualified and experienced specialists and mid-management

Posted by:

PSG Financial Services

Posted on:

03 Oct 2025

Reference Number:

POS08450

Closing date:

30-Oct-2025

Position Type:

Permanent

Location:

Waterfall Magwa Crescent

Overview:

VACANCY | INFORMATION SECURITY MANAGER | WATERFALL, MIDRAND, GAUTENG | PERMANENT

PSGs commitment to transform and embrace diversity is what drives us to achieve a diverse workplace with employment equity as a key goal to create an inclusive workforce. In achieving our employment equity goals, we give preference to applicants from designated groups, and we encourage people with disability to apply.

The Information Security Manager will lead PSG's cybersecurity strategy, governance, and operations across a hybrid cloud infrastructure. This includes managing Microsoft security capabilities, integrating firewall technologies, overseeing the Cyber Security Operations Center (SOC), and ensuring compliance with regulatory and industry standards. The role also includes managing BYOD risks, securing branch networks, and aligning with globally recognized frameworks such as the NIST Cybersecurity Framework and Joint Security Standards (JSS).

• Develop and maintain PSG's enterprise-wide cybersecurity strategy aligned with business objectives and regulatory requirements.
• Establish and enforce security governance frameworks, policies, and standards.
• Ensure alignment with the NIST Cybersecurity Framework (Identify, Protect, Detect, Respond, Recover) and Joint Security Standards.
• Lead the implementation of relevant security compliance initiatives.
• Collaborate with divisional CIOs and executive leadership to align security posture across business units.
• Monitor emerging threats, regulatory changes, and industry trends to inform strategic decisions.

• Design secure solutions for hybrid environments (on-prem + Azure).
• Integrate security into infrastructure and application projects.
• Manage identity and access controls, including Azure AD, MFA, and privileged access management.

• Manage day-to-day security monitoring, incident handling, and threat intelligence.
• Administer Microsoft 365 security features: Defender for Endpoint, Purview, Sentinel, Conditional Access, etc.
• Ensure endpoint, network, and cloud security controls are effectively implemented and monitored.
• Implement and enforce BYOD policies, including mobile device management (MDM), data loss prevention (DLP), and secure access controls.
• Secure branch office networks, including firewalls, VPNs, segmentation, and remote access protocols.

• Develop and manage the annual cybersecurity budget, including licensing, tools, training, and consulting services.
• Track and report on security-related expenditures, ROI, and risk mitigation outcomes.
• Support procurement and vendor management for security solutions.

• Oversee 24/7 SOC operations, ensuring effective threat detection, incident response, and escalation.
• Define SOC roles, workflows, and incident response playbooks.
• Integrate SIEM, SOAR, and threat intelligence platforms for proactive defense.
• Monitor and improve KPIs such as MTTD (Mean Time to Detect) and MTTR (Mean Time to Respond).
• Coordinate with external threat intelligence providers and law enforcement when necessary.

• Oversee the deployment, maintenance, and upgrade of security technologies including Microsoft 365 E3/E5 and Hailstone platforms.
• Ensure timely patching, configuration updates, and feature adoption.
• Maintain compatibility and integration of security tools with PSG's hybrid infrastructure.
• Document system configurations and update operational procedures regularly.

• Conduct regular risk assessments, vulnerability scans, and penetration tests.
• Ensure compliance with POPIA, GDPR, NIST CSF, JSS, and other relevant regulations and frameworks.
• Maintain a risk register and track mitigation actions.
• Coordinate internal and external audits and ensure timely remediation of findings.

• Lead organization-wide cybersecurity awareness programs.
• Deliver targeted training for IT, business, and executive teams.
• Promote secure behaviour and incident reporting culture.

• Build and lead a high-performing cybersecurity team, leveraging SOC analysts, engineers, and compliance specialists.
• Define clear roles, responsibilities, and performance expectations.
• Conduct regular coaching, performance reviews, and career development planning.
• Foster a culture of accountability, innovation, and continuous improvement.
• Promote cybersecurity awareness and ownership across all departments.

• Prepare operational, executive-level reports on security posture, risk exposure, and compliance status.

• Bachelor's degree in Computer Science, Information Technology, or related field.
• 8+ years of IT Security experience, with 5+ years in a leadership role.
• CISSP, CISM, or equivalent
• Microsoft Certified: Cybersecurity Architect Expert
• GIAC Security Operations (GSOM) or equivalent SOC certification
• Familiarity with scripting (PowerShell, Bash) and automation tools.

• Microsoft 365 and SharePoint Online
• Proven experience in cybersecurity leadership within hybrid cloud environments.
• Deep knowledge of Microsoft 365 E3/E5 security stack and Hailstone technologies.
• Strong understanding of SIEM, SOAR, threat intelligence, and SOC operations.
• Experience managing BYOD environments and securing distributed branch networks.
• Familiarity with ISO/IEC 27001, ISO/IEC 2000, NIST, and CIS controls.
• Excellent communication, stakeholder engagement, and team leadership skills.
• Technical documentation

• Strong leadership and problem-solving skills.
• Attention to detail
• Decision making
• Leadership
• Attention to detail
• Resilience
• Good verbal and written communication skills
• Time management skills
• Deadline driven

Candidates interested must apply here by no later than 30 October 2025 OR browse available PSG Careers vacancies

By submitting your application, you are giving PSG Financial Services implicit consent to the storage and processing of your personal information. If you are not contacted within 4 weeks of your application, please accept that your application was not successful. For more information about careers at PSG, visit

Designation: Information Security Manager | Waterfall, Midrand, Gauteng | Permanent

Category: Information Technology

Job Level: Professionally qualified and experienced specialists and mid-management

Posted by: PSG Financial Services

Posted on: 03 Oct 2025

Reference Number: POS08450

Closing date: 30-Oct-2025

Position Type: Permanent

Location: Waterfall Magwa Crescent

Overview
VACANCY | INFORMATION SECURITY MANAGER | WATERFALL, MIDRAND, GAUTENG | PERMANENT
PSGs commitment to transform and embrace diversity is what drives us to achieve a diverse workplace with employment equity as a key goal to create an inclusive workforce. In achieving our employment equity goals, we give preference to applicants from designated groups, and we encourage people with disability to apply.

Job Description
The Information Security Manager will lead PSG's cybersecurity strategy, governance, and operations across a hybrid cloud infrastructure. This includes managing Microsoft security capabilities, integrating firewall technologies, overseeing the Cyber Security Operations Center (SOC), and ensuring compliance with regulatory and industry standards. The role also includes managing BYOD risks, securing branch networks, and aligning with globally recognized frameworks such as the NIST Cybersecurity Framework and Joint Security Standards (JSS).

*Responsibilities:
Strategic Leadership & Governance *

• Develop and maintain PSG's enterprise-wide cybersecurity strategy aligned with business objectives and regulatory requirements.
• Establish and enforce security governance frameworks, policies, and standards.
• Ensure alignment with the NIST Cybersecurity Framework (Identify, Protect, Detect, Respond, Recover) and Joint Security Standards.
• Lead the implementation of relevant security compliance initiatives.
• Collaborate with divisional CIOs and executive leadership to align security posture across business units.
• Monitor emerging threats, regulatory changes, and industry trends to inform strategic decisions.

*Architecture & Identity Management *

• Design secure solutions for hybrid environments (on-prem + Azure).
• Integrate security into infrastructure and application projects.
• Manage identity and access controls, including Azure AD, MFA, and privileged access management.

*Security Operations *

• Manage day-to-day security monitoring, incident handling, and threat intelligence.
• Administer Microsoft 365 security features: Defender for Endpoint, Purview, Sentinel, Conditional Access, etc.
• Ensure endpoint, network, and cloud security controls are effectively implemented and monitored.
• Implement and enforce BYOD policies, including mobile device management (MDM), data loss prevention (DLP), and secure access controls.
• Secure branch office networks, including firewalls, VPNs, segmentation, and remote access protocols.

*Financial Management *

• Develop and manage the annual cybersecurity budget, including licensing, tools, training, and consulting services.
• Track and report on security-related expenditures, ROI, and risk mitigation outcomes.
• Support procurement and vendor management for security solutions.

*Cyber Security Operations Center (SOC) Oversight *

• Oversee 24/7 SOC operations, ensuring effective threat detection, incident response, and escalation.
• Define SOC roles, workflows, and incident response playbooks.
• Integrate SIEM, SOAR, and threat intelligence platforms for proactive defense.
• Monitor and improve KPIs such as MTTD (Mean Time to Detect) and MTTR (Mean Time to Respond).
• Coordinate with external threat intelligence providers and law enforcement when necessary.

*Security Technology Lifecycle Management *

• Oversee the deployment, maintenance, and upgrade of security technologies including Microsoft 365 E3/E5 and Hailstone platforms.
• Ensure timely patching, configuration updates, and feature adoption.
• Maintain compatibility and integration of security tools with PSG's hybrid infrastructure.
• Document system configurations and update operational procedures regularly.

*Risk Management & Compliance *

• Conduct regular risk assessments, vulnerability scans, and penetration tests.
• Ensure compliance with POPIA, GDPR, NIST CSF, JSS, and other relevant regulations and frameworks.
• Maintain a risk register and track mitigation actions.
• Coordinate internal and external audits and ensure timely remediation of findings.

*Awareness, Education & Training *

• Lead organization-wide cybersecurity awareness programs.
• Deliver targeted training for IT, business, and executive teams.
• Promote secure behaviour and incident reporting culture.

*Team Leadership & Culture *

• Build and lead a high-performing cybersecurity team, leveraging SOC analysts, engineers, and compliance specialists.
• Define clear roles, responsibilities, and performance expectations.
• Conduct regular coaching, performance reviews, and career development planning.
• Foster a culture of accountability, innovation, and continuous improvement.
• Promote cybersecurity awareness and ownership across all departments.

*Reporting *

• Prepare operational, executive-level reports on security posture, risk exposure, and compliance status.

*Minimum requirements: *

• Bachelor's degree in Computer Science, Information Technology, or related field.
• 8+ years of IT Security experience, with 5+ years in a leadership role.
• CISSP, CISM, or equivalent
• Microsoft Certified: Cybersecurity Architect Expert
• GIAC Security Operations (GSOM) or equivalent SOC certification
• Familiarity with scripting (PowerShell, Bash) and automation tools.

*Experience in the following technologies and concepts: *

• Microsoft 365 and SharePoint Online
• Proven experience in cybersecurity leadership within hybrid cloud environments.
• Deep knowledge of Microsoft 365 E3/E5 security stack and Hailstone technologies.
• Strong understanding of SIEM, SOAR, threat intelligence, and SOC operations.
• Experience managing BYOD environments and securing distributed branch networks.
• Familiarity with ISO/IEC 27001, ISO/IEC 2000, NIST, and CIS controls.
• Excellent communication, stakeholder engagement, and team leadership skills.
• Technical documentation

*Competencies required: *

• Strong leadership and problem-solving skills.
• Attention to detail
• Decision making
• Leadership
• Attention to detail
• Resilience
• Good verbal and written communication skills
• Time management skills
• Deadline driven

*How to apply: *
Candidates interested must apply here by no later than 30 October 2025 OR browse available PSG Careers vacancies .

By submitting your application, you are giving PSG Financial Services implicit consent to the storage and processing of your personal information. If you are not contacted within 4 weeks of your application, please accept that your application was not successful. For more information about careers at PSG, visit

Join Interfile—South Africa's leading Electronic Bill Presentment & Payment (EBPP) fintech—where we design, build, and run large-scale digital services used by millions, partnering with top banks, major corporates, and government. You'll work on modern architectures across both new builds and enhancements in a culture that prizes innovation, seamless integration, and exceptional delivery. We're customer-obsessed and known for helping organizations modernise. Our Fourways office—right across from Montecasino—offers a modern workspace with a Vitality-certified gym, canteen, and great chill areas.

Purpose Of The Role
Lead and continuously improve our information security posture across on-prem and cloud—covering platforms, hardware, networks, and data centres. You'll drive vulnerability remediation through both automation and hands-on work, ensure compliance with POPIA, and design, implement, and uplift security standards and frameworks (e.g., ISO 27001/27002, NIST CSF 2.0). You'll also own risk management and incident response while championing a security-first culture across the business.

Responsibilities
Security Assessment & Management

• Conduct regular security assessments across infrastructure, applications, and data environments.
• Implement and manage SAST and DAST tools and processes.
• Track, report, and drive remediation of vulnerabilities and security issues.

Security Posture & Reporting

• Develop and maintain dashboards and reports that clearly communicate the organization's security posture.
• Define and track KPIs for security posture, remediation velocity, and compliance.
• Collaborate with internal teams to ensure visibility and accountability for remediation efforts.

Automation & Remediation

• Design and implement automated security controls and remediation workflows.
• Work with DevOps and IT teams to integrate security into CI/CD pipelines.

Compliance & Regulatory Alignment

• Ensure alignment with POPIA and other applicable data protection regulations.
• Support audits and compliance reporting requirements.
• Work with legal and compliance teams to ensure data handling aligns with privacy laws.

Standards & Frameworks

• Contribute to the design and rollout of security standards such as ISO 20027.
• Align security practices with NIST CSF 2.0 and other relevant frameworks.

Risk Management

• Conduct risk assessments and maintain a security risk register.
• Collaborate with business units to understand and mitigate security risks tied to operations and products.

Incident Response & Forensics

• Develop and maintain incident response plans.
• Lead investigations into security breaches and coordinate post-incident reviews.

Security Awareness & Training

• Design and deliver security awareness programs for staff.
• Promote a security-first culture across technical and non-technical teams.

Third-Party & Vendor Security

• Assess and manage security risks related to vendors, partners, and third-party services.
• Ensure contracts and SLAs include appropriate security clauses.

Secure Architecture & Design

• Participate in solution architecture reviews to ensure security is embedded from the start.

Advise on secure design patterns and threat modeling.

Requirements (Essential)

• Bachelor's degree in Information Security, Computer Science, or related field.
• At least one security certification: CISSP, CISM, CEH, CompTIA Security+, ISO 27001 Lead Implementer (or similar).
• 5+ years in an information security role (or similar).
• Proven security experience across infrastructure, applications, and data environments.
• Hands-on with SAST/DAST tools (e.g., SonarQube, OWASP ZAP, Burp Suite).
• Strong vulnerability management and remediation workflow expertise.
• Familiarity with automation/scripting (e.g., Python, PowerShell) and CI/CD tooling.
• Working knowledge of POPIA and other data-protection regulations.
• Experience with security frameworks (e.g., NIST CSF, ISO 27001/27002).
• Ability to communicate technical risks and remediation plans to non-technical stakeholders.

Nice to Have (Desirable)

• Proactive, detail-oriented, strong sense of ownership.
• Comfortable collaborating across multiple teams and disciplines.
• Passion for security, compliance, and continuous improvement.
• Multiple or advanced security certifications.

Permanent

Midrand

Overview
We are a Supply Chain and Sales & Merchandising partner adding value to your business through a fully integrated, temperature-controlled network in Southern Africa.

But we are also more than that. We are people serving people. While we boast the best in tech and infrastructure, our people are our greatest resource. With our skilled, curious, can-do people at the forefront, our assets become your assets, our service your solutions.

Vector's vehicle fleet includes a food industry first in 'multi-temperature' vehicles enabling the company to service business across frozen, chilled and ambient temperature zones on a single delivery.

Job Purpose
Information Security Management System (ISMS) Specialist is responsible for the end-to-end implementation, maintenance, and continuous improvement of the Information Security Management System (ISMS) in accordance with ISO/IEC 27001 standards. The incumbent will play a pivotal role in ensuring the confidentiality, integrity, and availability of our information assets, while also ensuring compliance with legal and regulatory requirements.

Key Responsibilities

ISMS Development And Implementation

• Lead the design, implementation, and continuous improvement of an ISMS aligned with ISO/IEC 27001 and other relevant frameworks (e.g., NIST, POPIA, CIS, CSA etc.).
• Develop, implement, and maintain information security policies, procedures, and guidelines.
• Assess existing information security practices and recommend improvements.
• Ensure the organization's ISMS aligns with business needs, regulatory requirements, and industry best practices.

Risk Assessment And Management

• Perform risk assessments to identify potential security risks to the organization's information assets in alignment to ISO 31000.
• Develop risk treatment plans and assist in the implementation of risk mitigation strategies.
• Conduct ongoing risk assessments and audits to ensure the effectiveness of the ISMS.

Compliance And Audits

• Ensure compliance with ISO/IEC 27001 and other industry standards and regulations.
• Prepare the organization for certification audits and support the audit process.
• Coordinate with auditors and certification bodies.
• Maintain records and documentation to ensure traceability and compliance with ISMS requirements.

Training And Awareness

• Provide training to staff and management on information security best practices, policies, and compliance requirements.
• Promote a culture of information security awareness across the organization.
• Support the creation of an internal security awareness program.

Incident Response And Management

• Assist in the development and testing of incident response plans.
• Provide guidance and support in handling information security incidents.
• Ensure incidents are documented and reported in accordance with regulatory and contractual obligations & assist in post-incident analysis to determine the cause and recommend preventive actions.

Continuous Improvement

• Define and monitor ISMS-related KPIs and metrics.
• Monitor and report on the performance of the ISMS, identifying areas for improvement.
• Monitor compliance with security policies and procedures.
• Lead regular internal audits to assess the effectiveness of the ISMS.
• Recommend and implement improvements based on audit findings, risk assessments, and evolving industry practices.
• Keep up-to-date with emerging threats, vulnerabilities, and regulatory changes.

Vendor And Third-Party Risk Management

• Assess and monitor third-party vendors and service providers for information security compliance.
• Assist in the integration of ISMS controls into third-party contracts and SLAs.

Key Relationships

Key Relationship 1

• This role plays a critical role in managing and maintaining relationships with both internal and external stakeholders.
• These interactions are essential for ensuring the organization's security posture is robust and aligned with its strategic objectives.

Qualifications And Experience
Qualifications, Skills and Experience Required for the Job

• Bachelor's Degree: A bachelor's degree in information security, Computer Science, Information Technology, or a related field is required.
• Mandatory Requirement: ISO27001 Lead Implementer Preferrable: ISO27001 Lead Auditor, Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA)
• The ISMS Specialist role demands a robust combination of technical expertise, specialized knowledge, and strong leadership abilities. The ideal candidate must have an intrinsic understanding of the ISMS statement of applicability.
• The ideal candidate should possess in-depth knowledge of information security frameworks such as ISO/IEC 27001, NIST, and CIS Controls. Familiarity with IT governance frameworks (e.g., COBIT, ITIL)., and have extensive experience in risk management, incident response, and compliance, particularly with South African regulations like POPIA and the Cybercrimes Act.
• Soft skills such as excellent communication, adaptability, attention to detail, and ethical judgment are also vital, enabling the Information Security Compliance Specialist to convey complex security concepts, adapt to evolving threats, and uphold the highest standards of security and privacy within the organization. Experience in BIA, BCM, DR.Include experience in vulnerability management, patching, JML.
• Minimum of 7-10 years of experience in the field of information security, cybersecurity, or a related discipline, with at least 1-3 years in a managerial or leadership capacity. This experience should include hands-on management of security frameworks such as ISO/IEC 27001 and NIST, as well as significant exposure to risk management, incident response, and compliance with industry regulations.
• Proven experience of leading ISO/IEC 27001 certification projects and certification maintenance.
• Experience in working with ISO27001 certification bodies.
• Development of audit and ISMS remediation plans.
• Familiarity with data protection laws and industry regulations.
• Relevant professional certifications such as CISM, CRISC, or CISA, which validate their expertise in key areas of information security. Knowledge of security tools, including Microsoft Sentinel, CyberReason, and Microsoft Defender, is essential for managing the organization's security posture effectively.

Skills and Competencies

• Strategic Thinking: Ability to align security strategies with business objectives and anticipate future challenges.
• Technical Expertise: Knowledge of security frameworks, technologies, and tools, with strong proficiency in threat analysis and mitigation.
• People Management: Strong leadership skills to build, manage, and effectively leverage external resources.
• Decision-Making and Judgment: High discretion in making critical security decisions, balancing immediate needs with long-term goals.
• Collaboration and Communication: Excellent interpersonal skills for engaging with both technical and non-technical stakeholders and building strong relationships.
• Problem-Solving and Analytical Skills: Strong analytical abilities to assess and resolve complex security issues across organizational boundaries.
• Compliance and Regulatory Knowledge: In-depth understanding of relevant regulations and standards, ensuring ongoing compliance.
• Adaptability and Resilience: Ability to adapt to changing security landscapes and manage high-pressure situations.
• Ethical Integrity: Commitment to upholding the highest ethical standards in all security practices

We look forward to hearing from you