69 Security Audits jobs in South Africa

Overview

Specialist, Risk Assessment, Group Financial Crime Compliance

Business Segment: Group Functions

Location: ZA, GP, Johannesburg, Baker Street 30

To contribute to the development and maintenance of the Risk Based Approach through the Client Risk- & Business Risk Assessment frameworks and methodologies, pertaining to all client relationships, products & services offered anywhere in the Group across all jurisdictions. Exercise oversight & provide advice on the implementation of the frameworks & methodologies to ensure that business is undertaken in a risk appropriate and compliant manner to avoid operational losses, fines, penalties or reputational damage to the organisation.

• Degree in Risk Management, Business Commerce, Legal, Audit or Information Science
• 3-4 years - The role requires an expert in Compliance with profound knowledge of the full dimensions of the field, but deep expertise in the relevant area of specialisation. Regulatory environment savvy, with the proven ability to influence all levels of employees across multiple countries and business areas to effectively implement compliance frameworks.
• 5-7 years - AML/CFT frameworks across different jurisdictions. Strategic planning and operationalisation. Risk assessment and risk based approach to compliance. Policies, procedures, guidance and advisory. Technology software i.e. MS Excel, Power BI, SAS, etc.
• 3-4 years strong data analytics/data understanding experience.
• 3-4 years research development is essential.

Job title: Information Security Architect

Contract duration: Start with 6 months

First preference: EEE candidates

Location: JHB

The Head of Security Architecture for the organization is responsible for designing, implementing, and maintaining robust security architectures that protect sensitive data in compliance with regulations such as POPIA, GDPR. This role is critical in safeguarding the confidentiality, integrity, and availability of electronic health records (EHR), patient and employee information, medical devices, and cloud-based healthcare services. The role will focus on designing and developing security architecture that aligns business and corporate security strategy. The role will collaboratively direct Security Architects, IT, and Engineers to design and build security controls and solutions compliant with approved enterprise architecture frameworks and standards across business and digital.

Key Responsibilities:

• Design and develop complex and comprehensive security architectures for our systems, applications, and infrastructure, considering both current and future needs.
• Collaborates with stakeholders, including developers, engineers, and project managers, to integrate security requirements into the system design and development lifecycle.
• Provides guidance and expertise in secure coding practices, network security, identity and access management, data protection, and other security domains.
• Model threats and risks, designing the controls necessary to mitigate them, on both an organizational and technical level – thinking like an attacker, understanding and anticipating the moves and tactics that a hacker might use to attack systems.
• Follow the architecture analysis process, which consists of research, validation, and evaluation of all new initiatives, with phase gate reviews presented to all stakeholders during key forums, including current trends such as AI and LLMS.
• Evaluates and selects security technologies, tools, and frameworks to support the organization’s security.
• Define portfolio vision and reusable security patterns aligned with the EA strategy.
• Lead architecture reviews for high-risk projects, driving recommendations to resolution.
• Advise on security controls for hybrid and cloud platforms, balancing usability, cost, and compliance.
• Defines and applies security policies, standards, and procedures to ensure compliance with industry regulations and best practices.
• Leads incident response activities, including identification, containment, eradication, and recovery, in coordination with the incident response team.
• Experience with Cloud Security platform vendors and technologies such as Azure and AWS.
• Manage security architects and mentor engineers, developers, and vendors.

What will you bring?

• Risk-based decision-making - expert in ISO 27001 / NIST / CIS controls, able to quantify and articulate risk, then select proportionate, cost-effective controls.
• Pen-testing & threat-modelling - scoping, overseeing, and translating results into enforceable patterns and backlog items.
• Influential communication - proven ability to engage C-suite and delivery stakeholders alike, adapting style to gain agreement and drive secure-by-design culture.
• Teamwork and Energy – work across different functional and business teams with effective collaboration.
• Technical depth - hands-on knowledge of cloud security, IAM, container & API security, network segmentation, encryption, and DevSecOps toolchains; capable of explaining the exploitability of complex vulnerabilities. Zero trust design thinking.
• Mentoring & governance - experience in line-managing or coaching security architects/engineers and running architecture assurance or design-review boards.
• Secure-system design leadership - demonstrable track record creating or validating architectures for large-scale, high-risk services using recognised frameworks (SABSA, TOGAF).

Requirements / Skills and Competence

• Tertiary qualification in Computer Science, Engineering, or related field (preferred)
• Minimum of 5-10 years of experience in Security Architecture.
• CISSP, CISA, CISM, or other relevant security-related designation(s) preferred.
• Certifications in CISSP-ISSAP, TOGAF, or SABSA, cloud architecture (Microsoft, AWS, GCP)
• Experience in identifying gaps in existing architectures.
• Understanding of security infrastructure in Public and Private Cloud, e.g., virtual network infrastructure, hybrid IaaS/PaaS/SaaS solutions.
• Experience in designing security architectures to mitigate threats and sound knowledge of security strategies and technologies.
• Direct the Project and Security teams with the guidance to build policies, standards, risks, and controls frameworks supporting operational requirements for the business.
• Good experience in security architecture design in Cloud and on-prem.
• Design and implementation of IOT, endpoint protection, and secure IAM.
• Understanding of authentication and authorisation technologies (SAML, LDAP, PKI, etc.) and other IAM technologies
• Understanding of the implementation, operation, and maintenance of SIEM, boundary protection technologies (firewalls, mail gateways), Antivirus, and AD security products
• Knowledge of web application architectures and threat modelling.

The KPMG Africa Information Security Specialist is responsible for ensuring the confidentiality, integrity, and availability of all systems across KPMG Africa offices (South Africa, Botswana, Mauritius, Mozambique, Namibia, Zambia, Zimbabwe, Nigeria, Ghana, Kenya, Uganda, Tanzania, and Rwanda). The role involves actively managing and monitoring information security systems to detect, respond to, and remediate security risks and threats across the infrastructure.

4. Position Specifications

Educational Requirements (minimum necessary to perform the job):

• Professional / Tertiary qualification

Other Requirements:

Experience (minimum necessary):

Desired Qualifications and Experience:

• 3-5 years' experience in Information Technology Support or Information Security, including Microsoft Azure
• Industry-recognized certifications such as A+, N+, Security+, CySA+, and Cloud Security certifications like:

o Microsoft Certified: Security Operations Analyst Associate

o Microsoft Certified: Information Protection and Compliance Administrator Associate

o Microsoft Certified: Security, Compliance, and Identity Fundamentals

o Microsoft Certified: Identity & Access Management

o Microsoft Certified: Azure Security Engineer

• Professional certifications such as CISM, CISSP, ECIH are preferred but not required
• Strong knowledge of information security and cloud security concepts
• Experience in identifying, analyzing, and reporting on security risks and incidents
• Experience with security tools such as Qualys, Microsoft Defender Endpoint, Microsoft Sentinel, etc.
• Ability to evaluate vulnerabilities, develop mitigation strategies, and implement remediation
• Strong knowledge of operating systems, Microsoft Servers, Active Directory, and network protocols and technologies

5. Core Competencies:

• Attention to detail and accurate documentation
• Analytical skills to interpret information
• Ability to work independently and in a team
• Organizational and prioritization skills under pressure

6. Key Responsibilities & KPIs

Main Responsibilities:

• Monitoring incident response channels
• Executing the Information Security Incident Management Process and escalating high-priority issues
• Tracking and escalating open incidents
• Producing weekly and quarterly reports for the CISO on incident status and trends

Security Systems Configuration and Management:

• Daily monitoring of security systems to ensure proper functioning
• Configuration and management of security tools such as vulnerability, privileged access, and log management systems
• Reconciliation of assets to ensure coverage of security systems
• Reporting and issue resolution support for operational teams

Patch Management Monitoring:

• Monitoring patch management performance and identifying risks
• Addressing challenges to compliance

Threat and Event Monitoring:

• Detecting and escalating security threats and events

Vulnerability Management:

• Monitoring vulnerabilities daily
• Monthly asset reconciliation
• Managing vulnerability remediation with owners
• Supporting penetration testing activities

Supporting NITSO projects and other initiatives as required.

ROLE DESCRIPTION: Information security specialists focus on keeping an organisation’s data and IT infrastructure secure, which requires a diverse set of skills and responsibilities.

TASK AND RESPONSIBILITIES:

1. Conduct threat and risk analysis and analyse the business impact of new and existing systems and technologies to eliminate risk, performance, and capacity issues. Implement vulnerability assessments and configure audits of operating systems, web servers, databases, and detect patterns, insecure features, and malicious activities in the infrastructure.
2. Perform research, testing, evaluating, and deployment of security technology and procedures.
3. Run diagnostics on any changes to data to verify any undetected breaches.
4. Develop custom systems for specialized security features and procedures for software systems, networks, data centres, and hardware.
5. Develop and implement information security standards, guidelines, and procedures.
6. Keep current with new intrusion methods and develop protection plans. Have an in-depth understanding of vulnerabilities, management systems, and common security applications.
7. Conduct counteractive protocols and report incidents. Offer customized risk ratings for vulnerabilities based on company policies and maintain IT security controls documentation.
8. Provide customized security assessments, implement security policies, design security training materials, organize training sessions, provide technical support, and communicate security policies and procedures.

FUNCTIONAL KNOWLEDGE:

Contribute to strategy formulation & execution; business requirement analysis; Incident Management and Response; Business Threat Identification and Communication; Information Risk Assessment and Management; Regulatory and Legal Frameworks; Change Management and Change Risk; GRC and Security Standards, Policies and Practices; Information Risks within Systems and IT Architecture; Information Risks within people and processes; Infrastructure Risks to business delivery; Enterprise and Security Architecture; Operational Security Practices and Management; Information Security Awareness.

• NQF 7 Bachelor's degree in Cybersecurity or a related area, such as computer science or related fields.

• 5 - 6 years or more practical experience in IT and Information Security Governance, of which must include at least 3 years in an active Information Risk management role.

Our client, a leading financial services firm, is seeking an Information Security Consultant to join their team on a permanent basis.

• Security Auditing
• Responsible for Security tools monitoring
• Network experience (TCP/IP, Firewalls, IPS, NAC)
• Operating System management and Hardening
• Anti-Virus System management and Configuration
• Logical Access Management
• Vulnerability Management

• Matric and an Information Technology diploma or degree qualification
• 4+ years experience in the field

Salary: Market Related

Job Description

Hello Future Information Security Administrator

Welcome to FNB, the home of the #changeables. We design for the shapeshifters and deliver products and services that make us incredibly proud of people that make it happen.

As part of our talented team, you will be surrounded by unique talents, diverse minds, and an adaptable environment that lives up to the promise of staying curious. Now's the time to imagine your potential in a team where experts come together and ignite effective change. .

To assist in identifying, defining and maintaining the information security policy and baseline standards

Are you someone who can:

• Deliver exceptional service that exceeds customers' expectations through proactive, innovative and appropriate solutions.
• Cultivate and manage objective working relationships with a variety of stakeholders, including end-users, SME's, project managers and senior staff members by providing expert advice and consulting on all aspects of IT security.
• Support IT Security leaders to participate in the FirstRand Bank Information Risk awareness program and to ensure that staff is aware of information security risks.
• Ensure that operating objectives and standards of performance are not only understood but owned by management and employees and to ensure that appropriate standards of conduct are established and complied with.
• Comply, understand and implement all steps for the IT Information Security Processes and Procedures and meet governance in terms of legislative and audit requirements.
• Assist in identifying, defining and maintaining the information security policy and base line standards.
• Assist and administer the implementation of control mechanisms, which enables Information Security Services to have a view of the status of information security.
• Ensure all Information Security analysis and research are captured, recorded and reported on to ensure correct actions are implementation are executed.
• Ensure that operating objectives and standards of performance are not only understood but owned by management and employees and to ensure that appropriate standards of conduct are established and complied with.
• Manage own development to increase own competencies.
• Maintain current knowledge of the Information Systems security industry's emerging technologies.

Dare to imagine the change with us if you are:

• An adaptable problem solver who does not fear change but thrives from it.
• A disruptor in your field of IT expertise
• An initiative taker who identifies opportunity and improves
• Known for your delivery track record.
• Wanting to be in a career that makes meaningful contribution to your and other people's lives.

We'll make a good match if you're:

• Curious - you're driven by always wanting to know more and learn more.
• Obsessed with mastery - you know what it takes to become good at what you do and are constantly pushing yourself to do it.
• Courageous - you're brave enough to think and do things differently and are always ready to put your hand up and take ownership.
• A team player - you believe in the power of teams so you're always part of one, building and leveraging your networks.
• Emotionally intelligent - you have a high EQ that enables you to truly connect with people, no matter how technical or specialist your role is.

You'll benefit from our changeable benefits like:

• Opportunities to network and collaborate.
• Inspiring work environment
• Work that is challenging
• Space to make a difference.
• Opportunities to innovate.
• Conditions that are flexible
• Focus on health and wellbeing (onsite wellness center, gym and crèche at our main campus to innovative employee wellbeing and financial fitness programmes)
• Resources to help you with your professional development.
• Generous leave policy
• Preferential employee banking rates
• When it comes to learning and development, we encourage our changeable to expand their knowledge, on their own, with others, in person or online.
• As for our workspace, it is immersive, collaborative, and energetic because at FNB, innovation is our lifeblood and change in our DNA.

Are you interested to take the step? We look forward to engaging with you further. Apply now

Job Details

Take note that applications will not be accepted on the below date and onwards, kindly submit applications ahead of the closing date indicated below.

06/09/25

All appointments will be made in line with FirstRand Group's Employment Equity plan. The Bank supports the recruitment and advancement of individuals with disabilities. In order for us to fulfill this purpose, candidates can disclose their disability information on a voluntary basis. The Bank will keep this information confidential unless we are required by law to disclose this information to other parties.

Introduction

Through our client-facing brands Metropolitan and Momentum, with Multiply (wellness and rewards program), and our other specialist brands, including Guardrisk and Eris Property Group, the group enables business and people from all walks of life to achieve their financial goals and life aspirations.We help people grow their savings, protect what matters to them and invest for the future. We help companies and organization's care for and reward their employees and members. Through our own network of advisers or via independent brokers and utilising new platforms Momentum Metropolitan provides practical financial solutions for people, communities, and businesses. Visit us at

Disclaimer

As an applicant, please verify the legitimacy of this job advert on our company career page.

Role Purpose

This position is responsible for performing various tasks. This role is also required to conduct ongoing research in the IT security arena and regularly assist in the sales process.The ideal candidate will be responsible for conducting comprehensive penetration tests, identifying vulnerabilities, and providing recommendations to improve security posture. The ideal candidate must have experience in all forms of complex technical security assessments of clients' information technology systems (including the Internet, Intranet, applications, hosts, firewalls, mobile applications, etc.) and related policies and procedures. They must be highly motivated and have a good command of industry best practices.

Requirements

• 5+ years of experience in penetration testing, vulnerability assessment, or a related field.

• Deep knowledge of security testing methodologies and frameworks (OWASP, NIST, etc.).

• Proficiency with advanced penetration testing tools such as Metasploit, Burp Suite, Nessus, Nmap, etc.

• Strong scripting skills (Python, Bash, PowerShell, etc.) for automating security tasks.

• In-depth understanding of network protocols, operating systems, web technologies, and cloud environments.

• CISSP and CEH certification preferred.

• OSCP, OSEP, CCSP, CRTE, CRTP, or CRTO certification or equivalent is an advantage.

Duties & Responsibilities

• Lead and conduct comprehensive penetration tests on networks, applications, and systems to identify security weaknesses.

• Develop and implement advanced security test plans, scenarios, and scripts.

• Perform in-depth vulnerability assessments and security analysis using both automated tools and manual techniques.

• Document and report security findings, providing actionable insights to clients and detailed recommendations for remediation.

• Collaborate with cross-functional teams to prioritize and resolve security vulnerabilities.

• Research and stay current with emerging security threats, vulnerabilities, and technology trends.

• Participate in security incident response activities when required.

• Assist in the development and refinement of security policies, procedures, and standards.

• Provide training, guidance, and mentorship to junior penetration testers and other security staff.

• Perform security assessments, including application scans (using tools such as Nessus, Burp Suite) and code reviews, to ensure compliance with Momentum Group's SDLC policies.

• Participate in a variety of other internal security projects and information security activities as required.

Competencies

• Strong knowledge of OWASP Top 10 vulnerabilities and how to exploit/mitigate them.

• Excellent technical writing skills for creating detailed assessment reports.

• Self-driven, motivated, independent yet communicative and collaborative.

• Ability to work unsupervised in a remote capacity and deliver results.

• Good organizational skills and time management; ability to resolve conflicts, prioritize tasks, and follow quality benchmarks.

• Strong verbal communication skills for presenting findings to technical and non-technical stakeholders.

• Demonstrate a strong ability to engage with various stakeholders, have a team-based approach, and work towards shared goals and outcomes.

• Ability to think outside the box and a passion to improve your skills and drive innovation.

• Who we're looking for: An experienced Information Security Manager to lead the implementation and ongoing maturity of our Information Security Management System (ISMS), ensure alignment with ISO 27001:2022, and manage risk across the business.
• The challenge: To own the ISMS documentation and audit programme, coordinate internal and external audits, oversee the risk register, and support internal teams on policy compliance and security awareness.
• Where you'll work: This role will be based in Cape Town, you'll be part of our global team, collaborating with colleagues and serving customers across the UK, USA, Australia, South Africa, and beyond. Our hybrid approach offers flexibility with regular team connection in our Cape Town office.

The Tillo Difference

We're in the business of rewards and incentives, so we know a thing or two about the importance of giving back. We can't grow as a business without growing as individuals, so we are committed to providing a workplace where passionate, driven individuals can thrive. We value collaboration, trust, positivity, and a willingness to learn - only by working as a team will we reach our goals.

We're the market leader in the UK and are active in a number of other markets including USA, Europe, Australia and India.

This role will be responsible for:

• ISMS Ownership & Audit Readiness

• Maintain and evolve the ISMS documentation and controls in line with ISO 27001:2022.

• Coordinate and lead internal audits (quarterly for TZ) and external certification audits.
• Write up audit findings and risk reports for SLT and the Board.
• Monitor ISMS KPIs and compliance metrics .

• Risk Management

• Own the company-wide risk register and associated documentation (excluding the risk framework itself).

• Support teams in identifying, assessing, and documenting risks.
• Track and ensure timely implementation of Risk Treatment Plans.
• Monitor and report on key risk metrics.

• Incident & Corrective Action Management

• Maintain the incident log, ensuring proper documentation, root cause analysis and closure.

• Drive corrective actions and improvements from internal/external audits and incidents.

• Security Policy & Training

• Maintain and develop ISO 27001-compliant security policies (non-Engineering).

• Coordinate business-wide security awareness training (e.g., KnowBe4).
• Champion InfoSec awareness and lead monthly security meetings.

• Client & Vendor Security Assurance

• Complete InfoSec and risk sections of client due diligence questionnaires.

• Support the development of a Trust Centre to streamline security responses.

What we're looking for

• 3+ years in an Information Security or Risk Management role with experience in ISO 27001 implementation and audits.
• A strong understanding of risk frameworks, internal controls, and compliance management.
• Experience with audit coordination and ISMS documentation.
• The ability to translate technical and regulatory language into business-friendly advice.
• Working knowledge of privacy, AML, and business continuity requirements.
• Familiarity with InfoSec tooling (e.g., Drata, Vanta, KnowBe4).
• Exceptional communication, reporting and organisational skills.

Benefits

We offer all our employees trust and empower our team to work with flexibility and autonomy. We're a close-knit team and love working collaboratively, with our hybrid model, our team can come together at our fantastic offices, but also focus in their own space. The Tillo team are a motivated bunch and we all work hard to push Tillo forwards, always innovating. We completely understand the importance of work/life balance and offer a supportive and collaborative working environment with the following benefits:

• 21 days holiday per annum
• Retirement Fund (5%)
• Health insurance contribution
• Employee Incentive Scheme
• Hybrid Working
• Top spec equipment including laptop, mouse, keyboard, monitor
• Anniversary gifts
• Monthly breakfasts, drinks, snacks and events
• Team Learning & Development budget

Tillo makes gift cards, rewards, and incentives simple, efficient, and profitable. Operating in over 37 markets and 25 currencies, Tillo processes billions in gift card transactions through a single, plug-and-go API, powering rewards and incentives for the world's leading businesses.

Backed by Tenzing, Tillo is setting the global standard for digital gift card infrastructure.

Diversity, Equity, and Inclusion Statement

We are committed to fostering a diverse and inclusive workplace where everyone feels valued and respected. We welcome applications from individuals of all backgrounds, regardless of age, disability, gender identity, marital status, race, ethnicity, religion or belief, sex, or sexual orientation.

If you require any reasonable adjustments during the recruitment process, please let us know, and we will be happy to accommodate your needs.

Job Overview

Business Segment: Group Functions

Location: ZA, GP, Johannesburg, 30 Baker Street

Job Type: Full-time

Job Ref ID: A-0001

Date Posted: 8/25/2025

Job Description

To implement the Group Cyber Resilience strategy securing platforms ecosystems 3rd party integration protecting sensitive data, applications and supporting infrastructure from infiltration or misuse guiding security capabilities in client segment and solutions. Facilitate security services ensuring that policies, standards and controls are embedded to prevent reputational, financial or other losses and compliance with regulatory requirements.Educate employees about their InfoSec responsibilities

Qualifications

A Degree in Business Commerce or Information Technology or Risk Management.

Experience Required:

5-7 years experience in an information security or Audit role within the banking and /or financial services sector. Experience working in a multi-vendor and outsourced and multi-system IT environment

5-7 years good working knowledge and experience with the implementation and management of information security policies and frameworks within a corporate environment. Management experience working with individuals and teams from diverse cultures

5-7 years strong IT understanding, gaining insight into digital and platform operating models and cyber security trends and solutions

Additional Information

Behavioural Competencies:

Adopting Practical Approaches

Articulating Information

Checking Things

Directing People

Examining Information

Exploring Possibilities

Interpreting Data

Making Decisions

Providing Insights

Pursuing Goals

Showing Composure

Upholding Standards

Technical Competencies:

Benefits Management

Information Security

Internal & External IT Environment

IT Risk Management

Knowledge of Banking & Financial Service

Stakeholder Management (IT)

Please note: All our recruitment processes comply with the applicable local laws and regulations. We will never ask for money or any from of payment as part of our recruitment process. If you experience this, please contact our Fraud line on or