34 Security Awareness jobs in Johannesburg

Job title: Information Security Architect

Contract duration: Start with 6 months

First preference: EEE candidates

Location: JHB

The Head of Security Architecture for the organization is responsible for designing, implementing, and maintaining robust security architectures that protect sensitive data in compliance with regulations such as POPIA, GDPR. This role is critical in safeguarding the confidentiality, integrity, and availability of electronic health records (EHR), patient and employee information, medical devices, and cloud-based healthcare services. The role will focus on designing and developing security architecture that aligns business and corporate security strategy. The role will collaboratively direct Security Architects, IT, and Engineers to design and build security controls and solutions compliant with approved enterprise architecture frameworks and standards across business and digital.

• Design and develop complex and comprehensive security architectures for our systems, applications, and infrastructure, considering both current and future needs
• Collaborates with stakeholders, including developers, engineers, and project managers, to integrate security requirements into the system design and development lifecycle
• Provides guidance and expertise in secure coding practices, network security, identity and access management, data protection, and other security domains
• Model threats and risks, designing the controls necessary to mitigate them, on both an organizational and technical level - thinking like an attacker, understanding and anticipating the moves and tactics that a hacker might use to attack systems
• Follow the architecture analysis process, which consists of research, validation, and evaluation of all new initiatives, with phase gate reviews presented to all stakeholders during key forums, including current trends such as AI and LLMS
• Evaluates and selects security technologies, tools, and frameworks to support the organization's security
• Define portfolio vision and reusable security patterns aligned with the EA strategy
• Lead architecture reviews for high-risk projects, driving recommendations to resolution
• Advise on security controls for hybrid and cloud platforms, balancing usability, cost, and compliance
• Defines and applies security policies, standards, and procedures to ensure compliance with industry regulations and best practices
• Leads incident response activities, including identification, containment, eradication, and recovery, in coordination with the incident response team
• Experience with Cloud Security platform vendors and technologies such as Azure and AWS
• Manage security architects and mentor engineers, developers, and vendors

• Risk-based decision-making - expert in ISO 27001 / NIST / CIS controls, able to quantify and articulate risk, then select proportionate, cost-effective controls
• Pen-testing & threat-modelling - scoping, overseeing, and translating results into enforceable patterns and backlog items
• Influential communication - proven ability to engage C-suite and delivery stakeholders alike, adapting style to gain agreement and drive secure-by-design culture
• Teamwork and Energy - work across different functional and business teams with effective collaboration
• Technical depth - hands-on knowledge of cloud security, IAM, container & API security, network segmentation, encryption, and DevSecOps toolchains; capable of explaining the exploitability of complex vulnerabilities. Zero trust design thinking
• Mentoring & governance - experience in line-managing or coaching security architects/engineers and running architecture assurance or design-review boards
• Secure-system design leadership - demonstrable track record creating or validating architectures for large-scale, high-risk services using recognised frameworks (SABSA, TOGAF)

• Tertiary qualification in Computer Science, Engineering, or related field (preferred)
• Minimum of 5-10 years of experience in Security Architecture
• CISSP, CISA, CISM, or other relevant security-related designation(s) preferred
• Certifications in CISSP-ISSAP, TOGAF, or SABSA, cloud architecture (Microsoft, AWS, GCP)
• Experience in identifying gaps in existing architectures
• Understanding of security infrastructure in Public and Private Cloud, e.g., virtual network infrastructure, hybrid IaaS/PaaS/SaaS solutions
• Experience in designing security architectures to mitigate threats and sound knowledge of security strategies and technologies
• Direct the Project and Security teams with the guidance to build policies, standards, risks, and controls frameworks supporting operational requirements for the business
• Good experience in security architecture design in Cloud and on-prem
• Design and implementation of IOT, endpoint protection, and secure IAM
• Understanding of authentication and authorisation technologies (SAML, LDAP, PKI, etc.) and other IAM technologies
• Understanding of the implementation, operation, and maintenance of SIEM, boundary protection technologies (firewalls, mail gateways), Antivirus, and AD security products
• Knowledge of web application architectures and threat modelling

• Mid-Senior level

• Contract

• Information Technology

• IT Services and IT Consulting

Job title: Information Security Architect

Contract duration: Start with 6 months

First preference: EEE candidates

Location: JHB

The Head of Security Architecture for the organization is responsible for designing, implementing, and maintaining robust security architectures that protect sensitive data in compliance with regulations such as POPIA, GDPR. This role is critical in safeguarding the confidentiality, integrity, and availability of electronic health records (EHR), patient and employee information, medical devices, and cloud-based healthcare services. The role will focus on designing and developing security architecture that aligns business and corporate security strategy. The role will collaboratively direct Security Architects, IT, and Engineers to design and build security controls and solutions compliant with approved enterprise architecture frameworks and standards across business and digital.

Key Responsibilities:

• Design and develop complex and comprehensive security architectures for our systems, applications, and infrastructure, considering both current and future needs.
• Collaborates with stakeholders, including developers, engineers, and project managers, to integrate security requirements into the system design and development lifecycle.
• Provides guidance and expertise in secure coding practices, network security, identity and access management, data protection, and other security domains.
• Model threats and risks, designing the controls necessary to mitigate them, on both an organizational and technical level – thinking like an attacker, understanding and anticipating the moves and tactics that a hacker might use to attack systems.
• Follow the architecture analysis process, which consists of research, validation, and evaluation of all new initiatives, with phase gate reviews presented to all stakeholders during key forums, including current trends such as AI and LLMS.
• Evaluates and selects security technologies, tools, and frameworks to support the organization’s security.
• Define portfolio vision and reusable security patterns aligned with the EA strategy.
• Lead architecture reviews for high-risk projects, driving recommendations to resolution.
• Advise on security controls for hybrid and cloud platforms, balancing usability, cost, and compliance.
• Defines and applies security policies, standards, and procedures to ensure compliance with industry regulations and best practices.
• Leads incident response activities, including identification, containment, eradication, and recovery, in coordination with the incident response team.
• Experience with Cloud Security platform vendors and technologies such as Azure and AWS.
• Manage security architects and mentor engineers, developers, and vendors.

What will you bring?

• Risk-based decision-making - expert in ISO 27001 / NIST / CIS controls, able to quantify and articulate risk, then select proportionate, cost-effective controls.
• Pen-testing & threat-modelling - scoping, overseeing, and translating results into enforceable patterns and backlog items.
• Influential communication - proven ability to engage C-suite and delivery stakeholders alike, adapting style to gain agreement and drive secure-by-design culture.
• Teamwork and Energy – work across different functional and business teams with effective collaboration.
• Technical depth - hands-on knowledge of cloud security, IAM, container & API security, network segmentation, encryption, and DevSecOps toolchains; capable of explaining the exploitability of complex vulnerabilities. Zero trust design thinking.
• Mentoring & governance - experience in line-managing or coaching security architects/engineers and running architecture assurance or design-review boards.
• Secure-system design leadership - demonstrable track record creating or validating architectures for large-scale, high-risk services using recognised frameworks (SABSA, TOGAF).

Requirements / Skills and Competence

• Tertiary qualification in Computer Science, Engineering, or related field (preferred)
• Minimum of 5-10 years of experience in Security Architecture.
• CISSP, CISA, CISM, or other relevant security-related designation(s) preferred.
• Certifications in CISSP-ISSAP, TOGAF, or SABSA, cloud architecture (Microsoft, AWS, GCP)
• Experience in identifying gaps in existing architectures.
• Understanding of security infrastructure in Public and Private Cloud, e.g., virtual network infrastructure, hybrid IaaS/PaaS/SaaS solutions.
• Experience in designing security architectures to mitigate threats and sound knowledge of security strategies and technologies.
• Direct the Project and Security teams with the guidance to build policies, standards, risks, and controls frameworks supporting operational requirements for the business.
• Good experience in security architecture design in Cloud and on-prem.
• Design and implementation of IOT, endpoint protection, and secure IAM.
• Understanding of authentication and authorisation technologies (SAML, LDAP, PKI, etc.) and other IAM technologies
• Understanding of the implementation, operation, and maintenance of SIEM, boundary protection technologies (firewalls, mail gateways), Antivirus, and AD security products
• Knowledge of web application architectures and threat modelling.

Job Description

We are representing a cornerstone of the South African financial services landscape with a legacy spanning over a century. As a mission-driven trusted service provider our client is dedicated to delivering value and security to its members. This is an opportunity to join an organisation that prides itself on strong values employee development and rewarding excellent performance while leading a critical function in a stable and respected institution.

As the new Chief Information Security Officer you will inherit the critical mission of evolving and leading the enterprise-wide cybersecurity strategy for the entire Group. This is not a maintenance role. You will be the central figure in protecting the organizations digital assets systems and data against an ever-evolving threat landscape. Your success will be measured by your ability to balance robust security with business innovation ensuring the company can confidently adopt new technologies while strengthening its reputation as a secure and trustworthy partner for its clients.

Performance Objectives for Year One

Success in this role will be defined by achieving the following key outcomes within the first 12 months :

• Develop and Launch the Next-Generation Security Strategy : Within the first nine months conduct a comprehensive review of the current security posture and develop gain executive approval for and begin executing a future-focused information security strategy. This strategy must align with the Groups business goals and securely enable key digital innovation initiatives including the adoption of cloud AI and advanced data analytics.
• Lead a Comprehensive Compliance & Governance Overhaul : Drive a thorough assessment of all information security policies and controls to ensure robust compliance with key regulations and standards including POPIA GDPR and ISO 27001. You will lead all related initiatives to mitigate gaps and successfully guide the organization through all security and compliance audits within the first year.
• Strengthen Cyber Resilience and Incident Response : Within the first six months lead the project to re-engineer test and enforce a modernized Cyber Incident Response Plan (CIRP) and disaster recovery framework. The goal is to create a highly responsive capability that demonstrably minimizes legal reputational and financial risk from potential cyber threats like ransomware and data breaches.
• Build a Company-Wide Culture of Security Awareness : Design and implement a new engaging cybersecurity awareness and training program that extends to all departments. Success will be measured by a significant verifiable increase in employee vigilance and a corresponding reduction in user-related security incidents.
• Architect Security for Key Technology Transformation : Serve as the primary security advisor and architect for the enterprise. You will collaborate with ICT and business leaders to embed security-by-design principles into the adoption of new technologies ensuring the secure deployment of new cloud services IAM solutions and data platforms.

Profile for Success

To accomplish these objectives you will need a track record of past performance including :

Required Experience :

Chief

Key Skills

International Development,Information Systems,Community,Information Technology Sales,Corporate Recruitment

Employment Type : Full-Time

Experience : years

Vacancy : 1

Location: ZA, GP, Johannesburg, 30 Baker Street

To implement the Group Cyber Resilience strategy, securing platform ecosystems, third-party integration, and protecting sensitive data, applications, and supporting infrastructure from infiltration or misuse. The role involves guiding security capabilities in client segments and solutions, facilitating security services, and ensuring policies, standards, and controls are embedded to prevent reputational, financial, or other losses, while ensuring compliance with regulatory requirements. Educating employees about their InfoSec responsibilities is also a key part of this role.

• A Degree in Business, Commerce, Information Technology, or Risk Management.

• 5-7 years experience in an information security or audit role within the banking and/or financial services sector. Experience working in a multi-vendor, outsourced, and multi-system IT environment.
• 5-7 years of good working knowledge and experience with the implementation and management of information security policies and frameworks within a corporate environment. Management experience working with individuals and teams from diverse cultures.
• 5-7 years of strong IT understanding, gaining insight into digital and platform operating models, cybersecurity trends, and solutions.

• Adopting practical approaches
• Articulating information
• Checking things
• Directing people
• Examining information
• Exploring possibilities
• Interpreting data
• Making decisions
• Providing insights
• Pursuing goals
• Showing composure
• Upholding standards
• Benefits management
• Information security
• Internal & external IT environment
• Knowledge of banking & financial services

To analyse information security related tasks within the ambit of existing information security policies, standards and processes, procedures and practices as well as business rules. Working independently to deliver on work tasks. Mentor Administrators and Analyst I. Collaborate with other specialists to execute analysis work tasks, perform operational tasks, question, recommend and update improvements to the existing policies, process and procedures. To ensure stability and up-time for areas the incumbent takes responsibility for, which could require availability on demand to perform job related duties outside of normal working hours.

• We are looking for a suitable resource with general network security or web security experience to alleviate work pressures on our current team members
• Experience with Email and Web Proxies
• DNS Security knowledge
• Experience with Microsoft O365
• Assist with support of current email and web security tasks
• Liaise with other teams to promote good security practices and explain security procedures
• Experience with Security Technologies
• Building relationships with I&O Teams
• Oversee the implementation of the information security changes and check for the short comings and risks.
• Interpret MIS and system logs/ reports with the view to analyse and correct any deviations against standards and best practices.
• Participate in the implementation of new products as provided in the selection criteria.
• Act as the 1st point of problem resolution for non routine incidents and 1st line support for problems.
• Ensure compliance to standards and practises by familiarizing and keeping abreast of information security policies, rules, standards and processes, procedures and practices as well as business rules.
• Document and maintain all relevant processes and procedures mindful of current policies and standards.
• Create and maintain information security standards.
• Oversee and monitor the information security environment according to set standards.
• Review and contribute to project documentation including business requirements, designs and implementation.
• Create design documentation according to relevant standards and practices
• Implement specific Information security technologies.
• Gain further exposure and experience on multiple technologies by job shadowing Information Security analysts III and Technical Specialist.
• Log submit and implement low, medium and high risk changes independently.
• Provide guidance and supervision to Administrators and Analyst I on implementation and changes.
• Oversee and ensure change was successful in certain cases and when required perform unit testing.
• Oversee and ensure back-ups are done, documents are stored and statuses updated.
• Analyse logs and reports independently and provide supervision to Administrators and Analyst I.
• Monitor and action Service Manager low, medium and high impact incidents and e-mails related to Information Security.
• Ensure job related tasks and processes are in place.
• Ensure that the logging and submitting of all relevant incidents have taken place and resolve low, medium and high incidents.
• Conduct risk and root cause analyses around exceptions, queries, incidents as per operational procedures with the relevant internal and external stakeholders and provide feedback, confirm stakeholder satisfaction.
• Keep abreast of legislation and other industry changes that impacts on role by reading the relevant newsletters, websites and attending sessions.
• Improve personal capability and to stay abreast of developments in field of expertise by identify training courses and career progression opportunities for self through input and feedback from managers.
• Ensure information is provided correctly to stakeholders by maintaining knowledge sharing knowledge with team.
• Transfer of knowledge to team members.
• Identify and recommend opportunities to enhance processes, systems and policies and support implementation of new processes, policies and systems.

• Strong knowledge of Information Security Principles
• Ensuring security best practices are implemented , safeguarding network infrastructure against any potential threats
• Knowledge of Email Security
• Experience with Email Security Technologies
• Experience Service Now
• Experience Microsoft O365

• Matric / Grade 12 / National Senior Certificate
• Advanced Diplomas/National 1st Degrees

• CCNA - Security
• Security +
• Network +
• MS Azure Certifications – MS 365

Minimum of 3 years’ experience in an IT operations team dealing with the network Security tasks

• Administrative procedures and systems
• Data analysis
• Governance, Risk and Controls
• Principles of project management
• Relevant regulatory knowledge
• Relevant software and systems knowledge
• Cluster Specific Operational Knowledge
• System Development Life cycle(SDLC)
• TCP/IP
• Information Security terms and definitions
• Information Security policies and procedures
• Communication
• Customer Focus
• Initiating Action
• Managing Work
• Technical/Professional Knowledge and Skills

---

Please contact the Nedbank Recruiting Team at

If you can't find the job you're looking for, activate job alerts to be one of the first to know when new positions open up.

Nedbank Ltd Reg No 1951/ /06.
Authorised financial services and registered credit provider (NCRCP16).

For assistance please contact the Nedbank Recruiting Team at

Location: ZA, GP, Johannesburg, 30 Baker Street

To implement the Group Cyber Resilience strategy, securing platform ecosystems, third-party integration, and protecting sensitive data, applications, and supporting infrastructure from infiltration or misuse. The role involves guiding security capabilities in client segments and solutions, facilitating security services, and ensuring policies, standards, and controls are embedded to prevent reputational, financial, or other losses, while ensuring compliance with regulatory requirements. Educating employees about their InfoSec responsibilities is also a key part of this role.

• A Degree in Business, Commerce, Information Technology, or Risk Management.

• 5-7 years experience in an information security or audit role within the banking and/or financial services sector. Experience working in a multi-vendor, outsourced, and multi-system IT environment.
• 5-7 years of good working knowledge and experience with the implementation and management of information security policies and frameworks within a corporate environment. Management experience working with individuals and teams from diverse cultures.
• 5-7 years of strong IT understanding, gaining insight into digital and platform operating models, cybersecurity trends, and solutions.

• Adopting practical approaches
• Articulating information
• Checking things
• Directing people
• Examining information
• Exploring possibilities
• Interpreting data
• Making decisions
• Providing insights
• Pursuing goals
• Showing composure
• Upholding standards
• Benefits management
• Information security
• Internal & external IT environment
• Knowledge of banking & financial services

We are looking for an Information Security Officer to join the Clientèle Infrastructure and Operations department. As the Information Security Officer, you will be responsible for the information security vision, strategy, governance, management, processes, and user education.

Purpose:
Responsible for creating the vision and setting the strategy for information security. Responsibilities also include security-related governance, management, and processes.

Responsibilities:

1. Oversee information systems and company security
2. Evaluate, report on, and suggest new ideas related to any security threats
3. Develop the steps necessary to protect the company’s interests
4. Provide advice and leadership to existing administrative security policies
5. Audit the current systems in place, as well as direct and implement new standards
6. Track the latest IT security innovations and keep abreast of the latest cybersecurity technologies
7. Create and implement a robust IT security strategy
8. Manage IT security operations
9. Develop, enhance and deploy a cloud-centric cybersecurity model
10. Deploy robust IT Security technologies
11. Perform IT Security Risk assessments and investigate ways to minimize threats
12. Monitor IT Security vulnerabilities and hacking threats in network and host systems
13. Implement an effective process for reporting IT Security risks, incidents, and investigation of breaches
14. Respond to all information security incidents
15. Serve as a point of contact to develop and sustain controls to ensure compliance and security throughout the life cycle of data and services
16. Review new vendor requests and manage the vendor cybersecurity risk assessment process
17. Review and respond to all relevant audits, including all Data Security and Compliance client audits and assessments
18. Support the strategic requirements of the IT departments
19. Responsible for the protection of the electronic data processed by or stored
20. Develop, implement and monitor a strategic, comprehensive enterprise information security and risk management program
21. Work directly with the business units to facilitate risk assessment and risk management processes
22. Develop and enhance an information security management framework
23. Establish the appropriate security and governance practices
24. Proactively monitor, identify, investigate, and resolve technical incidents and problems

Experience and qualifications:

1. Bachelor’s degree in information security, computer science, or a related field
2. Relevant certification(s) preferred (e.g. CIPP; CIPM; CISSP; CISM)
3. 5-7 years experience with information technology security
4. 5-7 years experience in security principles and security standards
5. 5-7 years experience assessing, monitoring and managing security risks
6. 5-7 years experience in information security management
7. Experience with risk management and governance solutions
8. Experience with contract and vendor negotiations and management, including managed services