28 Security Audits jobs in South Africa

Job Overview

Business Segment: Group Functions

Location: ZA, GP, Johannesburg, 30 Baker Street

Job Type: Full-time

Job Ref ID: A-0001

Date Posted: 8/25/2025

Job Description

To implement the Group Cyber Resilience strategy securing platforms ecosystems 3rd party integration protecting sensitive data, applications and supporting infrastructure from infiltration or misuse guiding security capabilities in client segment and solutions. Facilitate security services ensuring that policies, standards and controls are embedded to prevent reputational, financial or other losses and compliance with regulatory requirements.Educate employees about their InfoSec responsibilities

Qualifications

A Degree in Business Commerce or Information Technology or Risk Management.

Experience Required:

5-7 years experience in an information security or Audit role within the banking and /or financial services sector. Experience working in a multi-vendor and outsourced and multi-system IT environment

5-7 years good working knowledge and experience with the implementation and management of information security policies and frameworks within a corporate environment. Management experience working with individuals and teams from diverse cultures

5-7 years strong IT understanding, gaining insight into digital and platform operating models and cyber security trends and solutions

Additional Information

Behavioural Competencies:

Adopting Practical Approaches

Articulating Information

Checking Things

Directing People

Examining Information

Exploring Possibilities

Interpreting Data

Making Decisions

Providing Insights

Pursuing Goals

Showing Composure

Upholding Standards

Technical Competencies:

Benefits Management

Information Security

Internal & External IT Environment

IT Risk Management

Knowledge of Banking & Financial Service

Stakeholder Management (IT)

Please note: All our recruitment processes comply with the applicable local laws and regulations. We will never ask for money or any from of payment as part of our recruitment process. If you experience this, please contact our Fraud line on or

Information Security Analyst

Acacium Group – Woodstock, Cape Town

Permanent, Full Time

Salary: R35 000 per month plus amazing benefits

Unlock Your Potential

Are you a technically minded individual with a passion for cybersecurity? Are you eager to grow and develop within a global organisation?

This is an excellent entry-level opportunity to launch your career in Information Security.

As an Information Security Analyst, you will play a key role in supporting our security operations and governance frameworks. You'll work closely with both technical teams—such as Infrastructure, Service Delivery, and Application Management—and non-technical teams including Legal, Compliance, HR, Audit, and Risk. You'll also engage with end users to promote best practices and ensure ongoing compliance across the organisation.

Every Day, You Will…

• Conduct threat hunting activities to proactively identify and mitigate risks.
• Assist in security incident management, including triaging alerts and coordinating responses.
• Support regular reviews of suppliers, project risks, and user access.
• Help update IT security policies and practices.
• Deliver and assess IT Security & Cyber Awareness training, audits, and testing.
• Contribute to maintaining compliance with standards like ISO 27001, Cyber Essentials Plus, NHS DSP Toolkit, and GDPR.
• Compile monthly and quarterly security reports.
• Assist in cyber incident response and business continuity efforts.

What's In It For You?

• Hands-on technical training and exposure to a wide range of systems
• Opportunities to earn certifications in the Information Security field
• Access to senior stakeholders and involvement in impactful corporate projects
• Mentorship from experienced professionals to guide your development
• A strong focus on your career growth, with the tools, support, and guidance to help you thrive
• Unmatched career progression, thanks to being part of a global group spanning healthcare, staffing, and life sciences
• Exciting events and incentives, both locally and across the wider group
• Employer contributions to medical aid
• Subsidised transport options

Join Us and Make a Difference

Acacium Group is a global healthcare solutions partner offering staffing, managed services, and innovative delivery models to health and social care systems and the life sciences industry. We are powered by the best people and have an unrivalled and diverse range of capabilities, all while incorporating our company values into everything we do:

Putting People First, Always by Your Side, Driven by Excellence.

Join us and play a key part in shaping the future of society and improving people's lives

To Thrive in This Role, You Must Have…

• A positive, logical, and proactive approach to problem-solving
• Strong organisational and time management skills
• The ability to prioritise tasks and deliver high-quality outcomes
• Clear written communication skills, especially when creating technical documentation for non-technical audiences
• The ability to identify and manage risks within the business and Information Security framework
• Confidence and strong verbal communication skills
• CompTIA Security+
• Microsoft Security Operations Analyst

Employment Equity

The Company's approved Employment Equity Plan and Targets will be considered as part of the recruitment process. As an Equal Opportunities employer, we actively encourage and welcome people with various disabilities to apply.

Designation:

Information Security Manager | Waterfall, Midrand, Gauteng | Permanent

Category:

Information Technology

Job Level:

Professionally qualified and experienced specialists and mid-management

Posted by:

PSG Financial Services

Posted on:

03 Oct 2025

Reference Number:

POS08450

Closing date:

30-Oct-2025

Position Type:

Permanent

Location:

Waterfall Magwa Crescent

Overview:

VACANCY | INFORMATION SECURITY MANAGER | WATERFALL, MIDRAND, GAUTENG | PERMANENT

PSGs commitment to transform and embrace diversity is what drives us to achieve a diverse workplace with employment equity as a key goal to create an inclusive workforce. In achieving our employment equity goals, we give preference to applicants from designated groups, and we encourage people with disability to apply.

The Information Security Manager will lead PSG's cybersecurity strategy, governance, and operations across a hybrid cloud infrastructure. This includes managing Microsoft security capabilities, integrating firewall technologies, overseeing the Cyber Security Operations Center (SOC), and ensuring compliance with regulatory and industry standards. The role also includes managing BYOD risks, securing branch networks, and aligning with globally recognized frameworks such as the NIST Cybersecurity Framework and Joint Security Standards (JSS).

• Develop and maintain PSG's enterprise-wide cybersecurity strategy aligned with business objectives and regulatory requirements.
• Establish and enforce security governance frameworks, policies, and standards.
• Ensure alignment with the NIST Cybersecurity Framework (Identify, Protect, Detect, Respond, Recover) and Joint Security Standards.
• Lead the implementation of relevant security compliance initiatives.
• Collaborate with divisional CIOs and executive leadership to align security posture across business units.
• Monitor emerging threats, regulatory changes, and industry trends to inform strategic decisions.

• Design secure solutions for hybrid environments (on-prem + Azure).
• Integrate security into infrastructure and application projects.
• Manage identity and access controls, including Azure AD, MFA, and privileged access management.

• Manage day-to-day security monitoring, incident handling, and threat intelligence.
• Administer Microsoft 365 security features: Defender for Endpoint, Purview, Sentinel, Conditional Access, etc.
• Ensure endpoint, network, and cloud security controls are effectively implemented and monitored.
• Implement and enforce BYOD policies, including mobile device management (MDM), data loss prevention (DLP), and secure access controls.
• Secure branch office networks, including firewalls, VPNs, segmentation, and remote access protocols.

• Develop and manage the annual cybersecurity budget, including licensing, tools, training, and consulting services.
• Track and report on security-related expenditures, ROI, and risk mitigation outcomes.
• Support procurement and vendor management for security solutions.

• Oversee 24/7 SOC operations, ensuring effective threat detection, incident response, and escalation.
• Define SOC roles, workflows, and incident response playbooks.
• Integrate SIEM, SOAR, and threat intelligence platforms for proactive defense.
• Monitor and improve KPIs such as MTTD (Mean Time to Detect) and MTTR (Mean Time to Respond).
• Coordinate with external threat intelligence providers and law enforcement when necessary.

• Oversee the deployment, maintenance, and upgrade of security technologies including Microsoft 365 E3/E5 and Hailstone platforms.
• Ensure timely patching, configuration updates, and feature adoption.
• Maintain compatibility and integration of security tools with PSG's hybrid infrastructure.
• Document system configurations and update operational procedures regularly.

• Conduct regular risk assessments, vulnerability scans, and penetration tests.
• Ensure compliance with POPIA, GDPR, NIST CSF, JSS, and other relevant regulations and frameworks.
• Maintain a risk register and track mitigation actions.
• Coordinate internal and external audits and ensure timely remediation of findings.

• Lead organization-wide cybersecurity awareness programs.
• Deliver targeted training for IT, business, and executive teams.
• Promote secure behaviour and incident reporting culture.

• Build and lead a high-performing cybersecurity team, leveraging SOC analysts, engineers, and compliance specialists.
• Define clear roles, responsibilities, and performance expectations.
• Conduct regular coaching, performance reviews, and career development planning.
• Foster a culture of accountability, innovation, and continuous improvement.
• Promote cybersecurity awareness and ownership across all departments.

• Prepare operational, executive-level reports on security posture, risk exposure, and compliance status.

• Bachelor's degree in Computer Science, Information Technology, or related field.
• 8+ years of IT Security experience, with 5+ years in a leadership role.
• CISSP, CISM, or equivalent
• Microsoft Certified: Cybersecurity Architect Expert
• GIAC Security Operations (GSOM) or equivalent SOC certification
• Familiarity with scripting (PowerShell, Bash) and automation tools.

• Microsoft 365 and SharePoint Online
• Proven experience in cybersecurity leadership within hybrid cloud environments.
• Deep knowledge of Microsoft 365 E3/E5 security stack and Hailstone technologies.
• Strong understanding of SIEM, SOAR, threat intelligence, and SOC operations.
• Experience managing BYOD environments and securing distributed branch networks.
• Familiarity with ISO/IEC 27001, ISO/IEC 2000, NIST, and CIS controls.
• Excellent communication, stakeholder engagement, and team leadership skills.
• Technical documentation

• Strong leadership and problem-solving skills.
• Attention to detail
• Decision making
• Leadership
• Attention to detail
• Resilience
• Good verbal and written communication skills
• Time management skills
• Deadline driven

Candidates interested must apply here by no later than 30 October 2025 OR browse available PSG Careers vacancies

By submitting your application, you are giving PSG Financial Services implicit consent to the storage and processing of your personal information. If you are not contacted within 4 weeks of your application, please accept that your application was not successful. For more information about careers at PSG, visit

Designation: Information Security Manager | Waterfall, Midrand, Gauteng | Permanent

Category: Information Technology

Job Level: Professionally qualified and experienced specialists and mid-management

Posted by: PSG Financial Services

Posted on: 03 Oct 2025

Reference Number: POS08450

Closing date: 30-Oct-2025

Position Type: Permanent

Location: Waterfall Magwa Crescent

Overview
VACANCY | INFORMATION SECURITY MANAGER | WATERFALL, MIDRAND, GAUTENG | PERMANENT
PSGs commitment to transform and embrace diversity is what drives us to achieve a diverse workplace with employment equity as a key goal to create an inclusive workforce. In achieving our employment equity goals, we give preference to applicants from designated groups, and we encourage people with disability to apply.

Job Description
The Information Security Manager will lead PSG's cybersecurity strategy, governance, and operations across a hybrid cloud infrastructure. This includes managing Microsoft security capabilities, integrating firewall technologies, overseeing the Cyber Security Operations Center (SOC), and ensuring compliance with regulatory and industry standards. The role also includes managing BYOD risks, securing branch networks, and aligning with globally recognized frameworks such as the NIST Cybersecurity Framework and Joint Security Standards (JSS).

*Responsibilities:
Strategic Leadership & Governance *

• Develop and maintain PSG's enterprise-wide cybersecurity strategy aligned with business objectives and regulatory requirements.
• Establish and enforce security governance frameworks, policies, and standards.
• Ensure alignment with the NIST Cybersecurity Framework (Identify, Protect, Detect, Respond, Recover) and Joint Security Standards.
• Lead the implementation of relevant security compliance initiatives.
• Collaborate with divisional CIOs and executive leadership to align security posture across business units.
• Monitor emerging threats, regulatory changes, and industry trends to inform strategic decisions.

*Architecture & Identity Management *

• Design secure solutions for hybrid environments (on-prem + Azure).
• Integrate security into infrastructure and application projects.
• Manage identity and access controls, including Azure AD, MFA, and privileged access management.

*Security Operations *

• Manage day-to-day security monitoring, incident handling, and threat intelligence.
• Administer Microsoft 365 security features: Defender for Endpoint, Purview, Sentinel, Conditional Access, etc.
• Ensure endpoint, network, and cloud security controls are effectively implemented and monitored.
• Implement and enforce BYOD policies, including mobile device management (MDM), data loss prevention (DLP), and secure access controls.
• Secure branch office networks, including firewalls, VPNs, segmentation, and remote access protocols.

*Financial Management *

• Develop and manage the annual cybersecurity budget, including licensing, tools, training, and consulting services.
• Track and report on security-related expenditures, ROI, and risk mitigation outcomes.
• Support procurement and vendor management for security solutions.

*Cyber Security Operations Center (SOC) Oversight *

• Oversee 24/7 SOC operations, ensuring effective threat detection, incident response, and escalation.
• Define SOC roles, workflows, and incident response playbooks.
• Integrate SIEM, SOAR, and threat intelligence platforms for proactive defense.
• Monitor and improve KPIs such as MTTD (Mean Time to Detect) and MTTR (Mean Time to Respond).
• Coordinate with external threat intelligence providers and law enforcement when necessary.

*Security Technology Lifecycle Management *

• Oversee the deployment, maintenance, and upgrade of security technologies including Microsoft 365 E3/E5 and Hailstone platforms.
• Ensure timely patching, configuration updates, and feature adoption.
• Maintain compatibility and integration of security tools with PSG's hybrid infrastructure.
• Document system configurations and update operational procedures regularly.

*Risk Management & Compliance *

• Conduct regular risk assessments, vulnerability scans, and penetration tests.
• Ensure compliance with POPIA, GDPR, NIST CSF, JSS, and other relevant regulations and frameworks.
• Maintain a risk register and track mitigation actions.
• Coordinate internal and external audits and ensure timely remediation of findings.

*Awareness, Education & Training *

• Lead organization-wide cybersecurity awareness programs.
• Deliver targeted training for IT, business, and executive teams.
• Promote secure behaviour and incident reporting culture.

*Team Leadership & Culture *

• Build and lead a high-performing cybersecurity team, leveraging SOC analysts, engineers, and compliance specialists.
• Define clear roles, responsibilities, and performance expectations.
• Conduct regular coaching, performance reviews, and career development planning.
• Foster a culture of accountability, innovation, and continuous improvement.
• Promote cybersecurity awareness and ownership across all departments.

*Reporting *

• Prepare operational, executive-level reports on security posture, risk exposure, and compliance status.

*Minimum requirements: *

• Bachelor's degree in Computer Science, Information Technology, or related field.
• 8+ years of IT Security experience, with 5+ years in a leadership role.
• CISSP, CISM, or equivalent
• Microsoft Certified: Cybersecurity Architect Expert
• GIAC Security Operations (GSOM) or equivalent SOC certification
• Familiarity with scripting (PowerShell, Bash) and automation tools.

*Experience in the following technologies and concepts: *

• Microsoft 365 and SharePoint Online
• Proven experience in cybersecurity leadership within hybrid cloud environments.
• Deep knowledge of Microsoft 365 E3/E5 security stack and Hailstone technologies.
• Strong understanding of SIEM, SOAR, threat intelligence, and SOC operations.
• Experience managing BYOD environments and securing distributed branch networks.
• Familiarity with ISO/IEC 27001, ISO/IEC 2000, NIST, and CIS controls.
• Excellent communication, stakeholder engagement, and team leadership skills.
• Technical documentation

*Competencies required: *

• Strong leadership and problem-solving skills.
• Attention to detail
• Decision making
• Leadership
• Attention to detail
• Resilience
• Good verbal and written communication skills
• Time management skills
• Deadline driven

*How to apply: *
Candidates interested must apply here by no later than 30 October 2025 OR browse available PSG Careers vacancies .

By submitting your application, you are giving PSG Financial Services implicit consent to the storage and processing of your personal information. If you are not contacted within 4 weeks of your application, please accept that your application was not successful. For more information about careers at PSG, visit

Company Description

INTERCERT is a multinational company headquartered in Texas, USA, operating in over 28 countries. Founded in 2009, INTERCERT is dedicated to building a secure and sustainable world through customer-centric services. We are accredited by leading organizations, including America's accreditation board under IAF for ISO Certification Services, Cloud Security Alliance for CSA STAR Certification services, AICPA CPA Firm for SOC1 & SOC2 Audit Attestation and CREST accreditation for PEN Testing Services. Our services also encompass CMMC, PCI DSS Certification, and Data Protection compliance for standards such as GDPR, HIPAA, and Cybersecurity frameworks. With a team of over 150 experienced assessors, we deliver global assessment services with a focus on compliance and excellence.

Role Description

This is a full-time, remote working role for an Information Security Analyst in South Africa. The Information Security Analyst will be responsible for day-to-day tasks such as assist with the planning and execution of GRC audits such as ISO 27001, ISO 22301, ISO 27701, SOC2, GDPR etc.

Qualifications

Bachelor's Degree or equivalent focused on Information
Security / Cybersecurity

Experience Level

0-6 months

Roles and Responsibilities

Assist with the planning and execution of GRC audits such as ISO 27001, ISO 22301, ISO 27701, SOC2, GDPR etc.

Help assess the design and effectiveness of internal controls, including business and IT controls.

Prepare reports and documentation for external audits and communicate audit findings and recommendations.

Stay updated on evolving regulatory changes, industry standards, and best practices related to GRC, risk management, and auditing.

Company Description

INTERCERT is a multinational company headquartered in Texas, USA, operating in over 28 countries. Founded in 2009, INTERCERT is dedicated to building a secure and sustainable world through customer-centric services. We are accredited by leading organizations, including America's accreditation board under IAF for ISO Certification Services, Cloud Security Alliance for CSA STAR Certification services, AICPA CPA Firm for SOC1 & SOC2 Audit Attestation and CREST accreditation for PEN Testing Services. Our services also encompass CMMC, PCI DSS Certification, and Data Protection compliance for standards such as GDPR, HIPAA, and Cybersecurity frameworks. With a team of over 150 experienced assessors, we deliver global assessment services with a focus on compliance and excellence.

Role Description

This is a full-time, on-site role for an Information Security Analyst / Interns at INTERCERT INC., located in South Africa. The Information Security Analyst / Intern will be responsible for day-to-day tasks such as assist with the planning and execution of GRC audits such as ISO 27001, ISO 22301, ISO 27701, SOC2, GDPR etc.

Qualifications

Bachelor's Degree or equivalent focused on Information
Security/Cybersecurity

Experience Level

0-6 months

Roles and Responsibilities

Assist with the planning and execution of GRC audits such as ISO 27001, ISO 22301, ISO 27701, SOC2, GDPR etc.

Help assess the design and effectiveness of internal controls, including business and IT controls.

Prepare reports and documentation for external audits and communicate audit findings and recommendations.

Stay updated on evolving regulatory changes, industry standards, and best practices related to GRC, risk management, and auditing.

Join Interfile—South Africa's leading Electronic Bill Presentment & Payment (EBPP) fintech—where we design, build, and run large-scale digital services used by millions, partnering with top banks, major corporates, and government. You'll work on modern architectures across both new builds and enhancements in a culture that prizes innovation, seamless integration, and exceptional delivery. We're customer-obsessed and known for helping organizations modernise. Our Fourways office—right across from Montecasino—offers a modern workspace with a Vitality-certified gym, canteen, and great chill areas.

Purpose Of The Role
Lead and continuously improve our information security posture across on-prem and cloud—covering platforms, hardware, networks, and data centres. You'll drive vulnerability remediation through both automation and hands-on work, ensure compliance with POPIA, and design, implement, and uplift security standards and frameworks (e.g., ISO 27001/27002, NIST CSF 2.0). You'll also own risk management and incident response while championing a security-first culture across the business.

Responsibilities
Security Assessment & Management

• Conduct regular security assessments across infrastructure, applications, and data environments.
• Implement and manage SAST and DAST tools and processes.
• Track, report, and drive remediation of vulnerabilities and security issues.

Security Posture & Reporting

• Develop and maintain dashboards and reports that clearly communicate the organization's security posture.
• Define and track KPIs for security posture, remediation velocity, and compliance.
• Collaborate with internal teams to ensure visibility and accountability for remediation efforts.

Automation & Remediation

• Design and implement automated security controls and remediation workflows.
• Work with DevOps and IT teams to integrate security into CI/CD pipelines.

Compliance & Regulatory Alignment

• Ensure alignment with POPIA and other applicable data protection regulations.
• Support audits and compliance reporting requirements.
• Work with legal and compliance teams to ensure data handling aligns with privacy laws.

Standards & Frameworks

• Contribute to the design and rollout of security standards such as ISO 20027.
• Align security practices with NIST CSF 2.0 and other relevant frameworks.

Risk Management

• Conduct risk assessments and maintain a security risk register.
• Collaborate with business units to understand and mitigate security risks tied to operations and products.

Incident Response & Forensics

• Develop and maintain incident response plans.
• Lead investigations into security breaches and coordinate post-incident reviews.

Security Awareness & Training

• Design and deliver security awareness programs for staff.
• Promote a security-first culture across technical and non-technical teams.

Third-Party & Vendor Security

• Assess and manage security risks related to vendors, partners, and third-party services.
• Ensure contracts and SLAs include appropriate security clauses.

Secure Architecture & Design

• Participate in solution architecture reviews to ensure security is embedded from the start.

Advise on secure design patterns and threat modeling.

Requirements (Essential)

• Bachelor's degree in Information Security, Computer Science, or related field.
• At least one security certification: CISSP, CISM, CEH, CompTIA Security+, ISO 27001 Lead Implementer (or similar).
• 5+ years in an information security role (or similar).
• Proven security experience across infrastructure, applications, and data environments.
• Hands-on with SAST/DAST tools (e.g., SonarQube, OWASP ZAP, Burp Suite).
• Strong vulnerability management and remediation workflow expertise.
• Familiarity with automation/scripting (e.g., Python, PowerShell) and CI/CD tooling.
• Working knowledge of POPIA and other data-protection regulations.
• Experience with security frameworks (e.g., NIST CSF, ISO 27001/27002).
• Ability to communicate technical risks and remediation plans to non-technical stakeholders.

Nice to Have (Desirable)

• Proactive, detail-oriented, strong sense of ownership.
• Comfortable collaborating across multiple teams and disciplines.
• Passion for security, compliance, and continuous improvement.
• Multiple or advanced security certifications.

Job Description

Hello Future Information Security Administrator

Welcome to FNB, the home of the #changeables. We design for the shapeshifters and deliver products and services that make us incredibly proud of people that make it happen.

As part of our talented team, you will be surrounded by unique talents, diverse minds, and an adaptable environment that lives up to the promise of staying curious. Now's the time to imagine your potential in a team where experts come together and ignite effective change. .

To assist in identifying, defining and maintaining the information security policy and baseline standards

Are you someone who can:

• Deliver exceptional service that exceeds customers' expectations through proactive, innovative and appropriate solutions.
• Cultivate and manage objective working relationships with a variety of stakeholders, including end-users, SME's, project managers and senior staff members by providing expert advice and consulting on all aspects of IT security.
• Support IT Security leaders to participate in the FirstRand Bank Information Risk awareness program and to ensure that staff is aware of information security risks.
• Ensure that operating objectives and standards of performance are not only understood but owned by management and employees and to ensure that appropriate standards of conduct are established and complied with.
• Comply, understand and implement all steps for the IT Information Security Processes and Procedures and meet governance in terms of legislative and audit requirements.
• Assist in identifying, defining and maintaining the information security policy and base line standards.
• Assist and administer the implementation of control mechanisms, which enables Information Security Services to have a view of the status of information security.
• Ensure all Information Security analysis and research are captured, recorded and reported on to ensure correct actions are implementation are executed.
• Ensure that operating objectives and standards of performance are not only understood but owned by management and employees and to ensure that appropriate standards of conduct are established and complied with.
• Manage own development to increase own competencies.
• Maintain current knowledge of the Information Systems security industry's emerging technologies.

Dare to imagine the change with us if you are:

• An adaptable problem solver who does not fear change but thrives from it.
• A disruptor in your field of IT expertise
• An initiative taker who identifies opportunity and improves
• Known for your delivery track record.
• Wanting to be in a career that makes meaningful contribution to your and other people's lives.

We'll make a good match if you're:

• Curious - you're driven by always wanting to know more and learn more.
• Obsessed with mastery - you know what it takes to become good at what you do and are constantly pushing yourself to do it.
• Courageous - you're brave enough to think and do things differently and are always ready to put your hand up and take ownership.
• A team player - you believe in the power of teams so you're always part of one, building and leveraging your networks.
• Emotionally intelligent - you have a high EQ that enables you to truly connect with people, no matter how technical or specialist your role is.

You'll benefit from our changeable benefits like:

• Opportunities to network and collaborate.
• Inspiring work environment
• Work that is challenging
• Space to make a difference.
• Opportunities to innovate.
• Conditions that are flexible
• Focus on health and wellbeing (onsite wellness center, gym and crèche at our main campus to innovative employee wellbeing and financial fitness programmes)
• Resources to help you with your professional development.
• Generous leave policy
• Preferential employee banking rates
• When it comes to learning and development, we encourage our changeable to expand their knowledge, on their own, with others, in person or online.
• As for our workspace, it is immersive, collaborative, and energetic because at FNB, innovation is our lifeblood and change in our DNA.

Are you interested to take the step? We look forward to engaging with you further. Apply now

Job Details

Take note that applications will not be accepted on the below date and onwards, kindly submit applications ahead of the closing date indicated below.

06/09/25

All appointments will be made in line with FirstRand Group's Employment Equity plan. The Bank supports the recruitment and advancement of individuals with disabilities. In order for us to fulfill this purpose, candidates can disclose their disability information on a voluntary basis. The Bank will keep this information confidential unless we are required by law to disclose this information to other parties.

Introduction

Through our client-facing brands Metropolitan and Momentum, with Multiply (wellness and rewards program), and our other specialist brands, including Guardrisk and Eris Property Group, the group enables business and people from all walks of life to achieve their financial goals and life aspirations.We help people grow their savings, protect what matters to them and invest for the future. We help companies and organization's care for and reward their employees and members. Through our own network of advisers or via independent brokers and utilising new platforms Momentum Metropolitan provides practical financial solutions for people, communities, and businesses. Visit us at

Disclaimer

As an applicant, please verify the legitimacy of this job advert on our company career page.

Role Purpose

This position is responsible for performing various tasks. This role is also required to conduct ongoing research in the IT security arena and regularly assist in the sales process.The ideal candidate will be responsible for conducting comprehensive penetration tests, identifying vulnerabilities, and providing recommendations to improve security posture. The ideal candidate must have experience in all forms of complex technical security assessments of clients' information technology systems (including the Internet, Intranet, applications, hosts, firewalls, mobile applications, etc.) and related policies and procedures. They must be highly motivated and have a good command of industry best practices.

Requirements

• 5+ years of experience in penetration testing, vulnerability assessment, or a related field.

• Deep knowledge of security testing methodologies and frameworks (OWASP, NIST, etc.).

• Proficiency with advanced penetration testing tools such as Metasploit, Burp Suite, Nessus, Nmap, etc.

• Strong scripting skills (Python, Bash, PowerShell, etc.) for automating security tasks.

• In-depth understanding of network protocols, operating systems, web technologies, and cloud environments.

• CISSP and CEH certification preferred.

• OSCP, OSEP, CCSP, CRTE, CRTP, or CRTO certification or equivalent is an advantage.

Duties & Responsibilities

• Lead and conduct comprehensive penetration tests on networks, applications, and systems to identify security weaknesses.

• Develop and implement advanced security test plans, scenarios, and scripts.

• Perform in-depth vulnerability assessments and security analysis using both automated tools and manual techniques.

• Document and report security findings, providing actionable insights to clients and detailed recommendations for remediation.

• Collaborate with cross-functional teams to prioritize and resolve security vulnerabilities.

• Research and stay current with emerging security threats, vulnerabilities, and technology trends.

• Participate in security incident response activities when required.

• Assist in the development and refinement of security policies, procedures, and standards.

• Provide training, guidance, and mentorship to junior penetration testers and other security staff.

• Perform security assessments, including application scans (using tools such as Nessus, Burp Suite) and code reviews, to ensure compliance with Momentum Group's SDLC policies.

• Participate in a variety of other internal security projects and information security activities as required.

Competencies

• Strong knowledge of OWASP Top 10 vulnerabilities and how to exploit/mitigate them.

• Excellent technical writing skills for creating detailed assessment reports.

• Self-driven, motivated, independent yet communicative and collaborative.

• Ability to work unsupervised in a remote capacity and deliver results.

• Good organizational skills and time management; ability to resolve conflicts, prioritize tasks, and follow quality benchmarks.

• Strong verbal communication skills for presenting findings to technical and non-technical stakeholders.

• Demonstrate a strong ability to engage with various stakeholders, have a team-based approach, and work towards shared goals and outcomes.

• Ability to think outside the box and a passion to improve your skills and drive innovation.