45 Security Advisor jobs in South Africa

The role of the Cyber Security Consultant: Operations will form part of our client’s team which focuses on Cyber Security Operations services to businesses on our client’s Shared Network. This team is responsible for management of the PKI, Anti-Virus, Vulnerability Management, Security Configuration Management, Firewall compliance, Web, and Email content filtering environments. The team also manages the Data Leakage Prevention, Network Access Management and Privileged Account Management infrastructure and processes.

• On a day-to-day basis the Consultant will be involved with the configuration, monitoring, and management of:
• Anti-Virus Infrastructure
• Data Leakage Prevention system, rules, and reports
• Privileged Account Management process
• Network Access Control process and exception handling.
• Vulnerability Scanning, reporting, proposing remediation actions and tracking compliance.
• Security hardening baseline compliance scanning, reporting and remediation.
• On an ad hoc basis the consultant will support businesses in:
• Issuing, renewing, and revoking PKI digital certificates.
• Assessing internet and email use on request of Forensics or HR departments.
• The consultant will also be performing scheduled tasks like review Firewall rule configuration and report.
• The consultant will be required to report on the status of the cyber security control environments on a weekly, monthly, and quarterly basis.
• The consultant will continuously consider ways to improve the effectiveness and efficiency of monitoring and response controls.
• The consultant will contribute to Knowledge and Skills of the team, by sharing lessons learned and knowledge gained through research, conferences, training courses or through interaction with experts.

• Matric
• Information Technology diploma or degree
• Information Security certification (preferable)

At least 3 – 5 years in hands-on technical experience which includes:

• Network experience (TCP/IP, Firewalls, IPS, NAC)
• Operating System management and Hardening (Windows, Linux, CIS hardening baselines)
• Anti-Virus System management and Configuration
• Data Leakage Prevention tool configuration
• Logical Access Management (AD, PAM)
• Information Security Operations (Security+, CISSP will be beneficial)
• Vulnerability Management (use of well-known vulnerability scanning tools and interpretation of CVSS scores)

• Security Auditing.
• Risk management.
• Incident Investigation.
• Reporting and Administration.
• Security tools monitoring.

• Interpersonal savvy - Contributing independently.
• Decision quality - Contributing independently.
• Plans and aligns - Contributing independently.
• Optimises work processes - Contributing independently.

• Cultivates innovation - Contributing independently.
• Customer focus - Contributing independently.
• Drives results - Contributing independently.
• Collaborates - Contributing independently.
• Being resilient - Contributing independently.

Market related - Monthly

Our client, a leading financial services company, is seeking an Information Security Consultant to join their team on a permanent basis.

• Security Auditing
• Responsible for Security tools monitoring
• Network experience (TCP/IP, Firewalls, IPS, NAC)
• Operating System management and Hardening
• Anti-Virus System management and Configuration
• Logical Access Management
• Vulnerability Management

• Matric and an Information Technology diploma or degree qualification
• 4+ years experience

Salary Market Related

Job title : Consultant Information System Security X2

Job Location : KwaZulu-Natal, Pietermaritzburg Deadline : August 24, 2025 Quick Recommended Links

• Jobs by Location
• Job by industries

Key Responsibility Areas

• Design and implement security standards and procedures in systems and security policies and guidelines for all system security processes.
• Secures assets in the information system by defining and addressing possible and real security problems.
• Conduct, monitor and maintain threat and vulnerability assessments on a regular basis to minimize associated risk and improve the security capabilities within operational implementation, such as ICT infrastructure linked to SITA managed networks.
• Manage implementation of information security awareness and training programmes for employees and clients.
• Coordinate ongoing activities related to the development, implementation, and maintenance of information security controls and services aligned to the cyber security framework, policies, standards and procedures.

Qualifications and Experience

• Required Qualification : 3-year National Diploma / Degree in Computer Science or Information Technology or Network Management or a relevant discipline NQF level 6 qualification.
• Certification : Professional IT security management certification e.g. CISSP ITIL Foundation, CoBit Foundation or CISM, GIAC, CCNP, ISACA CRISC CCSP : Certified Cloud Security Professional Advanced certifications such as SANS GIAC / GCIA / GCIH, CISSP or CASP and / or SIEM specific training and certification will be an advantage. Certified information system security professional (CISSP) or Certified Information Security Management (CISM), would be an added advantage.
• Experience : 6 - 7 years ICT Infrastructure or application development experience including IT Security working experience.

Information Security • Pietermaritzburg, ZA

Purpose of the Role :

The role of the Cybersecurity Consultant includes contribution to technical insights relevant to client engagements and internal projects. Actively establish, maintain and strengthen internal and external relationships.  Execution of cybersecurity engagements. The Cybersecurity Consultant will be responsible for the following key activities to achieve the main objectives:

 Cyber risk assessment, risk management controls testing
- Cyber security strategies and governance models
- Setting up cyber governance, risk and controls business and technology solutions
- Assess and consult clients on data privacy, implementation of data protection POPIA/ GDPR programs 
- Build a full service vulnerability management offering providing clients with tailored solutions to deploy and run vulnerability management programs
- Penetration testing of systems, network and mobile environments.

Requirements:

• Cyber risk assessment, risk management controls testing.
• Cyber security strategies and governance models
• Setting up cyber governance, risk and controls business and technology solutions
• Assess and consult clients on data privacy, implementation of data protection POPIA/ GDPR programs.
•  Build a full-service vulnerability management offering providing clients with tailored solutions to deploy and run vulnerability management programs.
• Penetration testing of systems, networks, and mobile environments.

Company Description

Standard Bank Group is a leading Africa-focused financial services group and an innovative player on the global stage. We offer a variety of career-enhancing opportunities and the chance to work alongside talented, motivated professionals. Our clients range from individuals to businesses of all sizes, high net worth families, and large multinational corporates and institutions. We are passionate about creating growth in Africa, bringing meaningful value to our clients and communities, and creating a sense of purpose for our employees.

Job Description

To implement the Group Cyber Resilience strategy by securing platforms, ecosystems, and third-party integrations; protecting sensitive data, applications, and infrastructure from infiltration or misuse; guiding security capabilities in client segments and solutions. Facilitate security services ensuring policies, standards, and controls are embedded to prevent losses and ensure regulatory compliance. Educate employees about their InfoSec responsibilities.

• Alert responsible stakeholders of non-compliance with Cyber Resilience Policies and Standards, and collaborate on remediation plans and solutions.
• Assess information security maturity scores, guide implementation for awareness and prioritization, and monitor compliance with standards.
• Collaborate with feature teams, product owners, architecture, IT, vendors, and other stakeholders to investigate risk controls.
• Work with threat intelligence, cybersecurity, security engineering, and other risk functions to develop and maintain a holistic security strategy and remediation plans.
• Communicate and raise awareness of policies within business, technology, and risk communities.

Qualifications

• Degree in Business, Commerce, Information Technology, or Risk Management (minimum)
• Post Graduate Degree in Business, Commerce, or Information Technology (preferred)

Experience Required: Cyber Security

• 5-7 years in an information security or audit role within banking or financial services. Experience with multi-vendor, outsourced, and multi-system IT environments.
• 5-7 years of knowledge and experience with implementing and managing information security policies and frameworks in a corporate environment. Management experience with diverse teams.
• 5-7 years of strong IT understanding, insights into digital and platform operating models, and current cybersecurity trends and solutions.

Behavioural Competencies:

• Adopting Practical Approaches
• Articulating Information
• Checking Things
• Directing People
• Examining Information

Technical Competencies:

• Benefits Management
• Information Security
• Internal & External IT Environment
• IT Risk Management
• Knowledge of Banking & Financial Services

A Security Engineer is a crucial member of an organization’s IT team, specializing in safeguarding digital assets and maintaining the security posture of the company. They work to design, implement, and manage security measures to protect against cyber threats, unauthorized access, and data breaches.

Key Responsibilities:

Security Infrastructure Design:

• Design and implement security infrastructure, including firewalls, intrusion detection systems, and encryption protocols.
• Evaluate and recommend security products and technologies to enhance the organization’s security posture.

Incident Response and Monitoring:

• Monitor network traffic for suspicious activity and potential security breaches.
• Develop and maintain incident response plans and procedures to mitigate security incidents.
• Investigate security incidents, determine the root cause, and implement corrective actions.

Vulnerability Assessment and Penetration Testing:

• Conduct regular security assessments to identify vulnerabilities in systems and applications.
• Perform penetration tests to simulate cyberattacks and assess the organization’s readiness.

Access Control and Authentication:

• Manage user access controls and authentication mechanisms.
• Implement and maintain multi-factor authentication (MFA) solutions.

Security Policies and Compliance:

• Develop and enforce security policies, standards, and procedures.
• Ensure compliance with industry regulations (e.g., GDPR, HIPAA, PCI DSS) and best practices.

Security Awareness and Training:

• Conduct security awareness programs and training for employees.
• Keep the organization informed about emerging threats and security best practices.

Security Patch Management:

• Manage and coordinate the timely installation of security patches and updates.
• Maintain an inventory of software and hardware assets.

Encryption and Data Protection:

• Implement encryption mechanisms to protect sensitive data at rest and in transit.
• Ensure the confidentiality and integrity of data through encryption and access controls.

Qualifications:

• Bachelor’s degree in computer science, information security, or a related field (or equivalent experience).
• Relevant industry certifications such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Certified Information Security Manager (CISM), or equivalent.
• Proven experience in information security roles, including network security, system security, or application security.
• Strong knowledge of security technologies, protocols, and tools.
• Understanding of risk management principles and methodologies.
• Proficiency in scripting and programming languages (e.g., Python, PowerShell) for automation and analysis.
• Familiarity with cloud security concepts (e.g., AWS, Azure, Google Cloud).
• Excellent problem-solving and analytical skills.
• Effective communication and teamwork abilities.

Preferred Skills:

• Experience with security information and event management (SIEM) systems.
• Knowledge of threat intelligence and threat hunting techniques.
• Experience with secure coding practices and application security assessments.
• Familiarity with network and web application firewalls.
• Understanding of security-related regulations and compliance standards.
• Security Engineers typically work in an office environment but may need to respond to security incidents outside regular business hours.
• The role may involve occasional travel to remote offices or data centers.

Security Engineers play a pivotal role in maintaining the confidentiality, integrity, and availability of an organization’s information assets. They are instrumental in protecting against cyber threats and ensuring compliance with industry regulations and security best practices.

A highgrowth fintech backed by global investors is building worldclass payment infrastructure across Africa. The company helps global brands succeed in South Africa by reducing payment friction increasing reliability and ensuring regulatory compliance.

Their clients include leading enterprises and globally recognised brands. With scale and security at the heart of their mission theyre shaping how the world does business on the continent.

Role Overview

As the Information Security Officer you will lead the companys information security function as it grows its enterprise and global client base. Youll design and implement fitforpurpose security strategies that support compliance protect data and enable innovation in a fastpaced environment.

Reporting to the VP of Engineering this crossfunctional role supports engineering compliance operations and leadership teams.

Key Responsibilities

• Own and maintain the information security roadmap and risk register
• Implement security policies across infrastructure applications and endpoints
• Support teams in embedding securitybydesign into the SDLC
• Lead compliance audits and assessments (e.g. PCIDSS ISO 27001 SOC 2)
• Coordinate vulnerability assessments penetration testing and risk modelling
• Develop and maintain incident response procedures
• Promote security awareness across the organisation
• Manage internal IT security needs (cloud MDM Google Workspace password policies)
• Support client security reviews and enterprise procurement processes
• Stay informed on relevant threats and regulatory changes

Challenges Youll Tackle

Ideal Candidate Profile

Required Experience :

Unclear Seniority

Key Skills

International Development,Information Systems,Community,Information Technology Sales,Corporate Recruitment

Employment Type : Contract

Experience : years

Vacancy : 1

Managed Talent Solutions client in the mining sector is looking for a Information Security Analyst on a 12 month fixed term contract. Must have +6 years experience in conducting risk assessments that rely on outside penetration testing support and application of common Information Security Frameworks such as the ISO27000 series, SANS20, NIST and the ISF control framework.

POSITION INFO : Requirements :

• An undergraduate or postgraduate qualification in computer science, business informatics, / technology or equivalent Â
• Professional certifications and experience in Information Security from industry standard security frameworks : ISACA, BCS, CIPP, ITIL, Crest, ISC2, COMPTIA and key security vendors including Microsoft, Crowdstrike, Qualys, IBM.
• Must have experience in appliocation of Information Security frameworks such as the ISO27000 series, SANS20, NIST and the ISF control framework
• Conducting risk assessments that rely on outside penetration testing support
• Information security training and awareness concepts and delivery
• Incident response and crisis management concepts experience

 Key responsibilities :

• Support and monitor cybersecurity initiatives and controls in the region
• Collaborate with regional IT and security teams to implement security measures and protocols
• Conduct security assessments and risk analyses for regional assets and systems
• Facilitate security awareness training for regional employees
• Respond to and investigate security incidents in the region
• Stay updated with regional cybersecurity regulations and compliance requirements

Security Analyst • Johannesburg, South Africa

South Africa

Apply Now and Redefine Digital Payments with Us!

Why EFT Corporation

At EFT Corporation, we don’t just enable payments, we empower possibilities. With over 26 years of experience, we’re Africa’s leading payment solutions provider, working with over 100 financial institutions to deliver cutting-edge technology that drives financial inclusion and transforms lives. Operating in dynamic markets across Africa and beyond, our team of 300+ experts spans Mauritius, Ghana, Kenya, South Africa, Zambia, Zimbabwe, and India. We’re on a mission to shape the future of payments across the continent through innovation, collaboration, and a shared vision of progress.

Why You'll Love Working Here:

• Purpose-Driven Culture : Make an impact in transforming lives through secure and innovative payment solutions.
• Global Collaboration : Work alongside diverse, talented teams from across the globe.
• Continuous Growth : Expand your skills with mentorship, knowledge sharing, and cutting-edge technologies.
• Inclusive Environment : We value and celebrate diversity, fostering a workplace where everyone thrives.

Your Role

• As an Information Security Officer , your job purpose is to be held accountable in respect to assisting the Senior Security and Infrastructure Engineer and the Senior DevOps Engineers in the following:
  • Assisting in maintaining the safety and security of the organisation’s systems and network database to prevent unauthorized access and avoid data breaches.
  • Maintaining the organisation’s systems and networks.
  • Assisting in overseeing the entire software development process, from planning and development to deployment and maintenance.
  • This role requires expertise in both software development and operations, as well as an understanding of the DevOps methodology.
  • This includes CI/CD, Infrastructure management (AWS), Automation, Monitoring, logging and metrics, Collaboration and Security.
  • The role also requires a significant focus on PCI compliance and support and collaboration with the Security and Infrastructure team is required.
• You will be responsible for owning the Futurex HSM and Thales HSM device management which includes:
  • Yearly Key management/replacement ceremonies.
  • PCI compliance as it relates to the HSM.
• Assisting with new security compliance:
  • ISO27001.
  • PCI+PIN.

What You’ll Do Maintain Operational Systems, Networks and Security:

• Facilitate annual PCI audits.
• Linux Operating systems are security patched in a timely manner. If patching will affect customers, arrange with operations support, and follow the correct change control process.
• Maintain Elastic SIEM.
• Respond to and investigate SIEM alerts.
• Respond to operational system alerts and/or operational queries across the entire technology stack (Production and QA system issues, infrastructure issues, Databaseissues, Network issues, Security and Firewall issues and any 3rd party or customer integration issues) as they occur.
• Manage / Deploy system tooling that may be beneficial to the business.
• Research, POC and deploy new open source or when applicable closed source tooling that is beneficial to the business systems or processes. This can be in supporting Applications, Monitoring, Logging, SIEM, AI/machine Learning, Fraud Detection, Operational Support applications, Authentication systems, BI / Data Analytics, networks, Security or compliance.
• Create ad hoc Python scripts / Applications to perform various repetitive tasks.
• Ensure that AWS environments and services are architectured and configured in a secure and redundant manner including all security services from AWS.
• Maintain AWS services including but not limited to: VPC, EC2, ECS, ECS Fargate, ECR, Guard Duty, Cloudwatch, Cloudtrail, Security groups, VPC Routing, Site to Site VPNs, Application Load balancers / network load balancers, Web application firewalls,etc.
• Architect, support and maintain connectivity between 3rd parties, Banking partners, integrators and on prem datacentres.
• Ensure best practice security measures are implemented.
• Ensure best practices regarding system isolation and scope reduction.
• Provide support to field engineers on HSMs and key management.
• Maintain internal HSMs and key management procedures.
• Provide support to the product and SLDC teams – this includes consulting on design, finding compliant solutions for customer issues, and filling out cyber risk assessments for customers or tenders.

• Maintain/Improve (PC14) PCI.
• Stretch: ISO 27001.
• GDPR.

• Ensure Security, Infrastructure & Procedures (with supporting team) are comprehensive and kept up to date.Security Tooling:
• Ensure SSO, Intrusion detection, SIEM, Antivirus, Patch Management and PGP are implanted as per the polices.
• Stimulation / adoption of user-driven security culture (give security a brand within the org and educate).

• To increase efficiency and reduce errors for both security and infrastructure management.

• To reduce costs (optimize) without sacrificing performance and security.

• Ensure that weekly vulnerability scans results are tracked, and vulnerabilities are remediated within set severity timeframes weekly.
• Review all daily and weekly BAU PCI Items for signoff monthly.
• Ensure weekly Internal and External Scans were completed.
• Perform data analysis reporting monthly.
• Maintain a strong security posture within the card holder environment.
• Work with 3rd party to ensure PCI Certification Audit is completed and passed on time.
• Review Security Commitment to third parties.

• Bachelor’s degree in Computer Science or related field.
• 3 years’ relevant experience.
• Experience within the payment / banking sector.
• Experience working with PCI Audits / Security in DevOps, Linux, Mysql, Cloud (AWS).
• Network experience (particularly cloud based / virtual).

• PCI Audits / Security / Processes.
• Linux, Mysql, and Cloud (AWS).
• Experience with automation tools like CloudFormation, Ansible, Puppet, Chef, etc.
• CI/CD tooling eg. Bitbucket pipelines, Jenkins, etc.
• Scripting languages: Bash, Python, etc.
• Cloud knowledge, specifically AWS.
• Containerisation: Docker, Kubernetes, AWS ECS, etc.
• Logging Frameworks: ELK stack, cloudwatch, etc.
• Cloud-based virtual networking eg VPC, subnets, ALB, NLB, WAF, Peering, Transit Gateways, VPN gateways, etc.
• SIEM experience – Elastic, Splunk, etc.
• Monitoring and Alerting Framework: Zabbix, Nagios, etc.

• Ability to learn new technologies at pace.
• Problem solving.
• Ability to work within a high stress & flux environment.
• Ability to foster & cultivate relationships with internal & external stakeholders.
• Ability to work autonomously as well as part of a team.
• Assertiveness – communicating feelings and beliefs; being non-offensive.
• Detail & deadline oriented.
• Analytical & critical thinking.

Our Values

• Purposeful Impact : Every action drives meaningful change.
• Client-Centric Excellence : We succeed when our clients do.
• Integrity : Doing the right thing, always.
• Teamwork : Together, we achieve the extraordinary.

Why Now?

Be part of a pioneering force in digital payments, leading transformative projects across continents. At EFT Corporation, you’re not just joining a company—you’re joining a movement.

Ready to redefine the future of payments with us?

Apply now and let’s create the extraordinary together!

EFT Corporation is an Equal Opportunity Employer. Diversity drives our success, and we welcome passionate individuals from all walks of life to join our team.

EFT Corporation does not accept unsolicited resumes from search firms/recruiters. EFT Corporation will not pay any fees to search firms/recruiters if a search firm/recruiter submits a candidate unless an agreement has been entered into concerning the specific open position(s). Search firms/recruiters offering resumes to EFT Corporation on an unsolicited basis shall be deemed to accept this condition, regardless of any other provision to the contrary.