10 Security Assessment jobs in South Africa

Location: South Africa, Johannesburg, Cape Town

Type: Permanent, Full Time

Published: 2 hours ago

We have a current opportunity for a Security Compliance Analyst on a permanent basis. The position will be based in Cape Town. For further information about this position please apply.

• HR Services, Recruitment & Selection

Exciting Opportunity: Security Analyst: Penetration Testing & Red Teaming Specialist

Our client is looking for a talented Security Analyst who is ready to take on a variety of security assessments and grow their career in a high-energy, cutting-edge environment.

Responsibilities:

Penetration Testing:

• Collaborate within a team of experts to conduct vulnerability assessments and penetration tests across a wide range of technologies.
• Assess network, application (web and thick client), mobile, wireless, social engineering, and physical security, using both automated and manual techniques.
• Engage with clients professionally to deliver insights and constructive feedback, ensuring their security needs are met.
• Dive deep into security topics like network, database, and application security, developing your expertise along the way.
• Leverage your skills with penetration testing tools to uncover vulnerabilities and improve security measures.

Red Teaming:

• Become part of an elite Red Team, focusing on reconnaissance using open-source intelligence (OSINT) to gather actionable data.
• Take the lead in compromising systems by identifying vulnerabilities in people, processes, and technology.
• Develop and deploy command-and-control servers and custom payloads, establishing persistence within target environments.
• Evolve your craft by creating new tools, techniques, and procedures to avoid detection by defenders.
• Work on escalation, maintaining long-term access to compromised networks, and exfiltrating critical data.

Research and Development:

• Stay ahead of the curve by researching and identifying new vulnerabilities, focusing on high-profile products and systems.
• Understand and analyze the latest tactics used by threat actors to craft innovative security strategies.
• Develop and refine attack methodologies that will be used to strengthen future defensive efforts.

Requirements:

Experience:

• 2-5 years' hands-on Penetration Testing, including a strong background in network, mobile, web, and wireless security assessments.
• Strong understanding of common vulnerability assessment and penetration testing tools.
• Ability to think critically and creatively to solve complex security challenges.
• Strong communication skills for both internal collaboration and client-facing interactions.
• Passion for continuous learning and staying updated on the latest in cybersecurity.

Our client is looking for a talented Security Analyst who is ready to take on a variety of security assessments and grow their career in a high-energy, cutting-edge environment.

Responsibilities:

Penetration Testing:

• Collaborate within a team of experts to conduct vulnerability assessments and penetration tests across a wide range of technologies.
• Assess network, application (web and thick client), mobile, wireless, social engineering, and physical security, using both automated and manual techniques.
• Engage with clients professionally to deliver insights and constructive feedback, ensuring their security needs are met.
• Dive deep into security topics like network, database, and application security, developing your expertise along the way.
• Leverage your skills with penetration testing tools to uncover vulnerabilities and improve security measures.

Red Teaming:

• Become part of an elite Red Team, focusing on reconnaissance using open-source intelligence (OSINT) to gather actionable data.
• Take the lead in compromising systems by identifying vulnerabilities in people, processes, and technology.
• Develop and deploy command-and-control servers and custom payloads, establishing persistence within target environments.
• Evolve your craft by creating new tools, techniques, and procedures to avoid detection by defenders.
• Work on escalation, maintaining long-term access to compromised networks, and exfiltrating critical data.

Research and Development:

• Stay ahead of the curve by researching and identifying new vulnerabilities, focusing on high-profile products and systems.
• Understand and analyze the latest tactics used by threat actors to craft innovative security strategies.
• Develop and refine attack methodologies that will be used to strengthen future defensive efforts.

Requirements:

Experience:

• 2-5 years' hands-on Penetration Testing, including a strong background in network, mobile, web, and wireless security assessments.
• Strong understanding of common vulnerability assessment and penetration testing tools.
• Ability to think critically and creatively to solve complex security challenges.
• Strong communication skills for both internal collaboration and client-facing interactions.
• Passion for continuous learning and staying updated on the latest in cybersecurity.

Current job opportunities are posted here as they become available.

Subscribe to our RSS feeds to receive instant updates as new positions become available.

Job Title: Information Security & Vendor Risk Compliance Specialist
Reports To: Manager, Certification, Data Privacy and Internal Audit
Employment Type: Full-Time, Permanent, remote

Your role

Netstock is looking for an experienced Information Security & Vendor Risk Compliance Specialist to join our growing team. In this critical role, you’ll help safeguard our organization by assessing third-party risks, maintaining our Information Security Management System (ISMS) , and driving compliance with international data protection standards.

You'll bring your cybersecurity expertise to the table, especially your knowledge of ISO 27001 , NIST , and key risk assessment framework to support internal IT audits, evaluate vendor security practices, and contribute to Netstock’s ongoing regulatory compliance initiatives.
This role is ideal for someone with strong analytical and communication skills, a proactive mindset, and a passion for cybersecurity and risk management. If you're ready to play a pivotal role in strengthening Netstock’s security posture, we’d love to hear from you.

Required Experience

• Direct experience conducting third-party due diligence, evaluating vendors, partners, or suppliers, conducting IT internal audits and maintenance of the ISMS.
• Cybersecurity Experience: A strong background in cybersecurity, such as experience and knowledge in key security concepts such as vulnerability management, incident response, and network security. This is important because you need to evaluate the security posture of third parties to assess whether their systems and practices could pose a risk to your organization. You will need to perform internal audits against security controls.
• Third-Party Risk Management: Direct experience with third-party risk assessments, focusing on how third-party vendors and service providers manage security and data protection. This includes assessing risks related to data breaches, cybersecurity threats, and the potential compromise of sensitive information.
• Compliance and Regulatory Knowledge: Familiarity with relevant compliance standards and regulations.
• Information Security Management Systems: Direct experience managing, maintaining, and improving the Information Security Management System (ISMS) in accordance with ISO 27001 or similar frameworks. Experience conducting IT internal audits to assess IT systems, infrastructure, and processes for compliance with internal security policies and standards.

Education
Certifications: ISO 27001 Lead Auditor and other relevant security certifications.

Technical skills

Information security knowledge

• Understanding of security frameworks (ISO 27001, NIST, CIS Controls)
• Familiarity with security best practices, including secure software configurations and secure coding practices
• Experience reviewing technology security risks, such as software libraries, desktop software, and technology assessments

Risk assessment and management

• Ability to perform security and privacy risk assessments
• Skilled in maintaining and updating risk registers
• Competence in assessing and documenting risk treatments
• Experience performing gap analysis and implementing corrective action plans
• Competency in performing Artificial Intelligence impact assessments

Privacy and data protection

• Familiarity with global privacy regulations (e.g., GDPR, POPIA, CCPA)
• Experience conducting Data Protection Impact Assessments (DPIA)
• Ability to perform Legitimate Interest Assessments (LIA)
• Maintaining personal data registers and retention schedules
• Knowledge of managing personal data breaches and notifications

Compliance and regulatory expertise

• Understanding of vendor compliance and due diligence processes
• Familiarity with privacy and regulatory obligations embedded within contracts
• Capability in reviewing data processing activities against regulatory requirements
• Ability to interpret contractual terms and conditions from a security and privacy perspective
• Skilled in identifying and clearly communicating contractual obligations to the business

Information Security Management Systems

• Design, implement, and lead the internal IT audit function
• Conduct audits of IT systems, infrastructure, and processes to identify risks, weaknesses, and non-compliance.
• Monitor and report on compliance with internal policies, POPIA, ISO standards, and relevant cybersecurity frameworks.
• Assist with the process of updating, revising, and improving ISMS documentation to reflect changing risks, regulatory requirements, and business needs.
• Strong written and verbal communication to liaise clearly with stakeholders
• Ability to translate technical security/privacy terms into understandable business language
• Detail-oriented approach to evaluating contracts, vendor information and when conducting internal audits.
• Accuracy in describing controls, processes, and compliance requirements.
• Strong analytical skills to effectively identify, assess, and prioritise risks
• Proficiency in maintaining accurate, thorough, and organised documentation (risk registers, vendor assessments, incident reports, internal audit reports, etc.)
• Ability to clearly and concisely document audit findings, observations, and recommendations.
• Ability to translate complex security concepts into clear, concise, and actionable language.
• Collaboration and stakeholder management
• Ability to effectively collaborate across teams, including business stakeholders, technical teams, legal, and vendors
• Confidence in working with external vendors to gather necessary security/privacy information
• Capacity to manage multiple assessments and reviews simultaneously
• Strong organisational skills to maintain accurate documentation, reporting schedules, and deliverables timelines

We receive a high number of applications per role and therefore ONLY successful applicants will be contacted.

This role is open to residents of the Republic of South Africa. Although we may consider candidates with permanent residency, preference will be given to citizens of the Republic of South Africa.

Working with us

Netstock was founded with a clear vision: To give the hungry up-and-comers the capability to level the playing field and compete with the industry giants. Working here means embracing that “challenger” mentality: We are smart, scrappy fighters, building our edge with the agility to move faster than the big guys — pioneering smarter ways to work and innovating new ways to deliver powerfully easy to use technologies for our customers.

About us

Netstock is the driving force accelerating the growth of organizations worldwide. Over the last 15 years, we’ve built out a regional presence that gives us deep insights into supply chain planning factors in each industry. We continue to enhance our supply chain planning solutions, making our predictive engine smarter, accelerating automation, and adding sophisticated new capabilities such as AI and machine learning.

You can read more about Netstock’s history and our product offering at Netstock

Current job opportunities are posted here as they become available.

Subscribe to our RSS feeds to receive instant updates as new positions become available.

Job Title: Information Security & Vendor Risk Compliance Specialist
Reports To: Manager, Certification, Data Privacy and Internal Audit
Employment Type: Full-Time, Permanent, remote

Your role

Netstock is looking for an experienced Information Security & Vendor Risk Compliance Specialist to join our growing team. In this critical role, you’ll help safeguard our organization by assessing third-party risks, maintaining our Information Security Management System (ISMS) , and driving compliance with international data protection standards. You'll bring your cybersecurity expertise to the table, especially your knowledge of ISO 27001 , NIST , and key risk assessment framework to support internal IT audits, evaluate vendor security practices, and contribute to Netstock’s ongoing regulatory compliance initiatives.
This role is ideal for someone with strong analytical and communication skills, a proactive mindset, and a passion for cybersecurity and risk management. If you're ready to play a pivotal role in strengthening Netstock’s security posture, we’d love to hear from you.

Required Experience

• Direct experience conducting third-party due diligence, evaluating vendors, partners, or suppliers, conducting IT internal audits and maintenance of the ISMS.
• Cybersecurity Experience: A strong background in cybersecurity, such as experience and knowledge in key security concepts such as vulnerability management, incident response, and network security. This is important because you need to evaluate the security posture of third parties to assess whether their systems and practices could pose a risk to your organization. You will need to perform internal audits against security controls.
• Third-Party Risk Management: Direct experience with third-party risk assessments, focusing on how third-party vendors and service providers manage security and data protection. This includes assessing risks related to data breaches, cybersecurity threats, and the potential compromise of sensitive information.
• Compliance and Regulatory Knowledge: Familiarity with relevant compliance standards and regulations.
• Information Security Management Systems: Direct experience managing, maintaining, and improving the Information Security Management System (ISMS) in accordance with ISO 27001 or similar frameworks. Experience conducting IT internal audits to assess IT systems, infrastructure, and processes for compliance with internal security policies and standards.

Education
Certifications: ISO 27001 Lead Auditor and other relevant security certifications. Technical skills

Information security knowledge

• Understanding of security frameworks (ISO 27001, NIST, CIS Controls)
• Familiarity with security best practices, including secure software configurations and secure coding practices
• Experience reviewing technology security risks, such as software libraries, desktop software, and technology assessments

Risk assessment and management

• Ability to perform security and privacy risk assessments
• Skilled in maintaining and updating risk registers
• Competence in assessing and documenting risk treatments
• Experience performing gap analysis and implementing corrective action plans
• Competency in performing Artificial Intelligence impact assessments

Privacy and data protection

• Familiarity with global privacy regulations (e.g., GDPR, POPIA, CCPA)
• Experience conducting Data Protection Impact Assessments (DPIA)
• Ability to perform Legitimate Interest Assessments (LIA)
• Maintaining personal data registers and retention schedules
• Knowledge of managing personal data breaches and notifications

Compliance and regulatory expertise

• Understanding of vendor compliance and due diligence processes
• Familiarity with privacy and regulatory obligations embedded within contracts
• Capability in reviewing data processing activities against regulatory requirements
• Ability to interpret contractual terms and conditions from a security and privacy perspective
• Skilled in identifying and clearly communicating contractual obligations to the business

Information Security Management Systems

• Design, implement, and lead the internal IT audit function
• Conduct audits of IT systems, infrastructure, and processes to identify risks, weaknesses, and non-compliance.
• Monitor and report on compliance with internal policies, POPIA, ISO standards, and relevant cybersecurity frameworks.
• Assist with the process of updating, revising, and improving ISMS documentation to reflect changing risks, regulatory requirements, and business needs.
• Strong written and verbal communication to liaise clearly with stakeholders
• Ability to translate technical security/privacy terms into understandable business language
• Detail-oriented approach to evaluating contracts, vendor information and when conducting internal audits.
• Accuracy in describing controls, processes, and compliance requirements.
• Strong analytical skills to effectively identify, assess, and prioritise risks
• Proficiency in maintaining accurate, thorough, and organised documentation (risk registers, vendor assessments, incident reports, internal audit reports, etc.)
• Ability to clearly and concisely document audit findings, observations, and recommendations.
• Ability to translate complex security concepts into clear, concise, and actionable language.
• Collaboration and stakeholder management
• Ability to effectively collaborate across teams, including business stakeholders, technical teams, legal, and vendors
• Confidence in working with external vendors to gather necessary security/privacy information
• Capacity to manage multiple assessments and reviews simultaneously
• Strong organisational skills to maintain accurate documentation, reporting schedules, and deliverables timelines

We receive a high number of applications per role and therefore ONLY successful applicants will be contacted.

This role is open to residents of the Republic of South Africa. Although we may consider candidates with permanent residency, preference will be given to citizens of the Republic of South Africa.

Working with us

Netstock was founded with a clear vision: To give the hungry up-and-comers the capability to level the playing field and compete with the industry giants. Working here means embracing that “challenger” mentality: We are smart, scrappy fighters, building our edge with the agility to move faster than the big guys — pioneering smarter ways to work and innovating new ways to deliver powerfully easy to use technologies for our customers.

About us

Netstock is the driving force accelerating the growth of organizations worldwide. Over the last 15 years, we’ve built out a regional presence that gives us deep insights into supply chain planning factors in each industry. We continue to enhance our supply chain planning solutions, making our predictive engine smarter, accelerating automation, and adding sophisticated new capabilities such as AI and machine learning.

You can read more about Netstock’s history and our product offering at Netstock

Specialist Cyber Security (Governance, Risk and Compliance)

Location: Midrand

Duration: 12 months

Key Accountabilities and Decision

• Continually review and update security policies, standards, and guidelines in response to the ever-changing cyber threats in coordination with Enterprise Risk Management team.

Core competencies, knowledge and experience:

• Bachelors degree in electrical Eng./Computer Science/ Information Technology (or equivalent) from a recognized university.
• At least one professional Information Security Qualification:
• CISM / CISA/ CISSP/ CEH
• Monitor and drive compliance to internal and global cyber security related policies and standards
• Baseline controls and applicable laws and regulations.
• Coordinate stakeholders to deliver on targets or agreed business outcomes.
• Coordinate periodic independent assurance of critical products and services.
• At least 2+ years proven experience with Cyber Security related Standards (ISO 27001, PCI-DSS, etc.)
• Proven experience with GDPR, Data Protection laws, CBK guidelines on Cyber Security amongst others.
• At least 2+ years of hands-on experience in managing Cyber Security technologies and operations.
• Coordinating implementation of recommendations from independent assessments.
• Conduct cyber risk assessments to determine cyber risk profile and define treatment plans.
• Recommend cyber security services improvement plans.
• Coordinate projects handover process within the cyber security functions.
• Continually review, implementation and improvements of the user access governance process.
• Coordinate periodic cyber security knowledge transfer, awareness sessions and phishing simulations to staff in line with strategy.
• Support implementation of the Managed Security Services strategy and roadmap.
• Participate actively in cyber security events and trade shows, reporting and presentations.
• Proven experience in supervising, leading, or coordinating teams and managing stakeholders.

Kempton Park, South Africa | Posted on 03/20/2025

MUSE is a consulting company, specialising in resourcing, recruitment and outsourcing of software development teams.

MUSE was founded and is run by experienced developers who are passionate about technology and innovation. We have a vision to be the best in the industry and to provide software development skills that are cutting-edge and high-quality.

We work with some of the leading companies in South Africa and we help them build software products and solutions that are game-changing and future-oriented. We are also at the forefront of applying AI, AR and Machine-Learning concepts to real-world problems.

Our main goal is to help our clients get the most value from their technology investments. We do this by understanding their needs and providing them with the best talent available. We aim to be a vital part of the SDLC.

The Compliance and Data Security Expert will be responsible for developing, implementing, and maintaining a robust compliance and data security program. This role requires a deep understanding of relevant regulations, industry best practices, and security technologies. The ideal candidate will be a proactive problem solver with excellent communication skills and a passion for ensuring the confidentiality, integrity, and availability of our data.

Responsibilities:

1. Develop and maintain policies and procedures to ensure compliance with relevant regulations (e.g., POPIA, GDPR, ISO 27001, industry-specific regulations).
2. Conduct regular compliance audits and risk assessments.
3. Monitor and report on compliance status.
4. Stay up-to-date with changes in regulations and industry standards.
5. Provide guidance and training to employees on compliance requirements.
6. Develop and implement data security policies and procedures.
7. Conduct security risk assessments and vulnerability scans.
8. Implement and manage security controls (e.g., access control, encryption, intrusion detection).
9. Monitor and respond to security incidents.
10. Manage data loss prevention and data backup/recovery processes.
11. Implement and maintain data governance frameworks.
12. Identify and assess potential compliance and security risks.
13. Develop and implement risk mitigation strategies.
14. Maintain a risk register.
15. Conduct business impact analysis.
16. Develop and maintain an incident response plan.
17. Lead incident response activities.
18. Communicate effectively with stakeholders on compliance and security matters.
19. Provide regular reports to management.
20. Liaise with external auditors and regulatory bodies.

Qualifications and Skills:

1. Bachelor's degree in Computer Science, Information Security, Law, or a related field (or equivalent experience).
2. Relevant certifications (e.g., CISSP, CISM, CISA, CDPO/DPO).
3. Proven experience in compliance and data security management.
4. Deep understanding of relevant regulations (POPIA, GDPR, ISO 27001, etc.).
5. Experience with security risk assessments and vulnerability scanning.
6. Knowledge of security technologies and best practices.
7. Strong analytical and problem-solving skills.
8. Excellent communication and interpersonal skills.
9. Ability to work independently and as part of a team.
10. Experience with data governance frameworks.
11. Experience with cloud security.

Desired Attributes:

1. Proactive and detail-oriented.
2. Strong ethical principles.
3. Ability to manage multiple priorities.

Kempton Park, South Africa | Posted on 03/20/2025

MUSE is a consulting company, specialising in resourcing, recruitment and outsourcing of software development teams.

MUSE was founded and is run by experienced developers who are passionate about technology and innovation. We have a vision to be the best in the industry and to provide software development skills that are cutting-edge and high-quality.

We work with some of the leading companies in South Africa and we help them build software products and solutions that are game-changing and future-oriented. We are also at the forefront of applying AI, AR and Machine-Learning concepts to real-world problems.

Our main goal is to help our clients get the most value from their technology investments. We do this by understanding their needs and providing them with the best talent available. We aim to be a vital part of the SDLC.

The Compliance and Data Security Expert will be responsible for developing, implementing, and maintaining a robust compliance and data security program. This role requires a deep understanding of relevant regulations, industry best practices, and security technologies. The ideal candidate will be a proactive problem solver with excellent communication skills and a passion for ensuring the confidentiality, integrity, and availability of our data.

Responsibilities:

1. Develop and maintain policies and procedures to ensure compliance with relevant regulations (e.g., POPIA, GDPR, ISO 27001, industry-specific regulations).
2. Conduct regular compliance audits and risk assessments.
3. Monitor and report on compliance status.
4. Stay up-to-date with changes in regulations and industry standards.
5. Provide guidance and training to employees on compliance requirements.
6. Develop and implement data security policies and procedures.
7. Conduct security risk assessments and vulnerability scans.
8. Implement and manage security controls (e.g., access control, encryption, intrusion detection).
9. Monitor and respond to security incidents.
10. Manage data loss prevention and data backup/recovery processes.
11. Implement and maintain data governance frameworks.
12. Identify and assess potential compliance and security risks.
13. Develop and implement risk mitigation strategies.
14. Maintain a risk register.
15. Conduct business impact analysis.
16. Develop and maintain an incident response plan.
17. Lead incident response activities.
18. Communicate effectively with stakeholders on compliance and security matters.
19. Provide regular reports to management.
20. Liaise with external auditors and regulatory bodies.

Qualifications and Skills:

1. Bachelor's degree in Computer Science, Information Security, Law, or a related field (or equivalent experience).
2. Relevant certifications (e.g., CISSP, CISM, CISA, CDPO/DPO).
3. Proven experience in compliance and data security management.
4. Deep understanding of relevant regulations (POPIA, GDPR, ISO 27001, etc.).
5. Experience with security risk assessments and vulnerability scanning.
6. Knowledge of security technologies and best practices.
7. Strong analytical and problem-solving skills.
8. Excellent communication and interpersonal skills.
9. Ability to work independently and as part of a team.
10. Experience with data governance frameworks.
11. Experience with cloud security.

Desired Attributes:

1. Proactive and detail-oriented.
2. Strong ethical principles.
3. Ability to manage multiple priorities.

Requirement Review

Manage the effective and timeous cybersecurity audits of public sector Information Technology (IT) systems, thereby ensuring a service is provided to the people of South Africa in terms of relevant laws and regulations.

Implement the business unit’s strategic objectives by managing a portfolio of audits through the effective and efficient allocation of resources, management, stakeholder management and coordination of people to perform quality, effective and timely audits.

Roles and Responsibilities

Strategic Function

• Provide input into the strategic objectives to assist in establishing the strategic direction of the Business Unit (BU).
• Facilitate the implementation of the Business Unit and Specialised Audit Solutions (SAS) strategic plans in accordance with policies, procedures and legislation.
• Manage teams to ensure alignment to the vision, mission, strategic goals and values of the Auditor-General of South Africa (AGSA or Auditor-General)
• Provide feedback on implementation / achievement of strategic objectives to the relevant stakeholders

Strategic Leadership & Innovation

• Ensure the effective execution of cybersecurity audits
• Drive innovation, efficiency, and effectiveness in the cyber audit space.
• Identifying emerging risks, leveraging new audit techniques, and enhancing audit methodologies to strengthen the AGSA’s cybersecurity assurance.

Thought Leadership & Brand Building

• Key driver in positioning AGSA as a cybersecurity audit leader, both locally and internationally.
• Contribute in knowledge-sharing platforms, engage at all levels
• Collaborate with INTOSAI and other key stakeholders to shape the future of cybersecurity audit excellence.

Product Management

Manage Audits

-Lead, direct and coordinate portfolio of audits covering the three audit phases:

• Planning
• Execution
• Reporting

-Liaise with auditees in the provision of advice / recommendations, setting up meetings, etc

-Initiate and lead meetings with the audit team regarding the direction and progress on the audits

-Provide guidance to managers an assistance on audit related matters

-Ensure that all risks are addressed for the specific audit engagements, for example:

• Appointment of specialist staff
• Contract in and out

-Conduct audit team visits to:

• Review work
• Finalise the audit
• Conclude working papers
• Prepare audit report
• Attend meetings with the team and auditees

-Provide motivation talks and training on auditing matters to team members

-Engage with contracted out partners

-Project manage all projects to ensure timeous delivery on milestones and quality of delivery is met

-Perform functions as required by an engagement manager as spelled out in the ISA’s and the Auditor-General policies

-Prepare and take responsibility for presentations

-Report back to the audit steering committees and audit committees on the planning, execution and reporting of the audits

-Manage audits within the allocated time frame

-Manage audits in accordance with policies, procedures and legislation

Stakeholder Management

• Ensure clear understanding of auditees’ business requirements through efficient stakeholder engagement and that this is translated into clear deliverables.
• Build collaborative relationships with internal and external stakeholders.
• Liaise and interact with key stakeholders & management to share information, resolve challenges and make recommendations for improvements.
• Manage and report on stakeholder engagements.
• Promote the AGSA brand and reputation.

Participate in Business Unit Leader/Deputy Business Unit Leader Discussions

-Inform the Business Unit Leader and/or the Deputy Business Unit Leader on:

• Issues arising from audits
• Focus areas for auditing administration matters
• Financial issues
• Compliance concerns
• People and resourcing matters

Manage Internal Stakeholder Relationships:

• Engage with regularity audit on audit proceedings.
• Facilitate debriefing sessions with regularity audit on the previous year’s audits performed
• Engage with the team during the three audit phases (namely planning, execution and reporting)
• Communicate with the team on non-audit and strategic matters
• Liaise with colleagues within the BU
• Liaise with colleagues within the portfolio

Manage External Relationships:

• Engage regularly with the management of the auditee on audit proceedings
• Engage with audit firms regarding contracted out audits
• Participate in audit and steering committee meetings
• Attend Standing Committee on Public Accounts (SCOPA) and portfolio committee meetings by invitation
• Engage with prospective employees

People Management

-Implement the activities outlined on the BU People Plan.

-Manage team performance to drive productivity.

-Contribute to transformation/culture plans.

-Motivate, coach and mentor staff to ensure maximum productivity and development of the staff to their full potential.

-Participate in initiatives to attract talent.

-Contribute to effective administration of the BU training office.

-Cascade strategic organisational alignment messages and commitments.

-Implement relevant centre initiatives to bring about an inclusive culture, enhanced employee experience and employee well-being

-Analyse the business plan to determine the applicable deliverables and targets

-Determine and secure the human resource requirements to ensure that deliverables will be met in accordance with the expected targets

-Manage the staff performance evaluation system for the centre:

• Compile Individual Performance Contracts (IPC)’s and Performance Development Plans (PDP)’s
• Conduct coaching sessions to ensure staff member/s perform at the optimum level
• Conduct performance reviews in accordance with policies and procedures and take corrective action where necessary
• Conduct one-on-one sessions
• Participate in the talent management of the Business Unit to drive a high performance culture in accordance with the AGSA’s roles and responsibilities and competency framework

-Manage the development of staff and ensure each staff member has a Personal Development Plan

-Approve leave, timesheets, subsistence and travel (S&T) and cash advances

-Act as a champion on one of the five strategic goals of the business unit (value add, visibility with impact, viability and visions and values) to ensure that the Business Unit achieves its objectives:

• Provide feedback at the monthly senior management meeting

-Manage the centre’s resources (staff, Contract Work Contractors (CWC) and funding):

• Participate in meetings
• Provide direction and guidance to achieve a timely high quality product
• Develop the staff to optimum productivity levels
• Improve on client relations within the overall business processes captured in the Business Scorecard (BSC)

-Manage Human Resources in accordance with policies, procedures and legal requirements

-Complete Human Resource Management actions within the allocated time frames

Financial management and operational management

• Responsible for compiling the centre budget.
• Manage the centre budget, income and cost to ensure adherence to the required financial performance standards for the portfolio
• Manage debtor’s collection.
• Ensure compliance with internal processes and procedures
• Manage supply chain processes and other adhoc financial requests.

Other responsibilities (Applicable to All JD’s)

• Perform and/or manage other projects, tasks and assignments not stipulated on the Job description as and when required.

Monitor Information

• Track the following to gather and monitor the centre:
• Audits (Own and CWC)
• Stakeholder engagements
• Funding (income and expenditure)
• IPC’s
• HR/Culture Initiatives
• Balanced Scorecard Initiatives
• BU Initiatives
• Compliance matters (internal control)

Skills, Experience and Education

Formal Education

• Minimum qualification of National Qualifications Framework (NQF) Level 7 (i.e. 4 year Bachelor’s Degree / post graduate Diploma) e.g. B Com with specialisation in Auditing and/or Information Technology
• Certified Information Systems Auditor (CISA) or equivalent (e.g. a recognised IT auditing certification)

AND

At least one of the following:

• Offensive Security Certified Professional (OSCP) or equivalent (e.g. CEH)
• Certified Incident Handler (ECIH/ GCIH) or equivalent (e.g. CRIA)

Experience

• Minimum of 8 years’ experience post qualification with at least 4 years’ experience operating at a manager/middle management level.

• Extensive experience in managing cybersecurity and network security audits, with a strong understanding of networked environments that support various application hosting infrastructures, including Windows and Unix-based operating systems, as well as MSSQL and Oracle databases.

• Extensive experience in conducting cybersecurity maturity assessments, particularly within the Southern African context. This includes a strong ability to position insights and control recommendations for clients, guided by leading frameworks such as NIST CSF, ISO 27001/2, CIS, and COBIT.

NB: Please note that only shortlisted candidates will be contacted. Should you not hear from us within four weeks, kindly consider your application unsuccessful.