63 Security Compliance jobs in South Africa

Published : 06/09/2022

Location : South Africa

Career Level : Experienced

Entity : DQS South Africa

Type of employment : Associate

Reference number : ISMS0023

For almost four decades, the DQS group has been known internationally for the highest quality and reliability in the certification of processes or management systems. Above all, our success is based on a high level of customer and service orientation that goes far beyond verifying checklists, and of course, on our employees who give their best every day.

DQS is currently looking for qualified Information Security, Cyber Security and Risk Management specialists interested in pursuing a career in auditing.

Your primary role would be to carry out assessments of our customer's management systems to ensure they meet the requirements of International Standards such as

ISO 22301

,

ISO 27001

,

TISAX

and other related standards.

To apply you'll need at least:

• Professional education (academic or technical): Completed higher education with a university or trade school degree, master craftsman's diploma or equivalent.
• Professional experience: At least five years of professional experience, including management, personnel, or project responsibility, two of them relating to the respective management system (

ISO 27001

,

ISO 22301

,

TISAX

).
- Experience with information and cyber security technologies.
- It is important for us to assign experts and managers with practical experience in auditing.

Our success is based on our highly qualified and experienced auditors. They have completed professional training and/or a degree, have extensive experience with management techniques and management systems, and have proven practical experience in the various industries they audit.

Training and development will be provided to ensure your success as an auditor

Various trainings will be provided on an ongoing basis.

International working environment

Weiterbildungsmöglichkeiten

Exciting Projects

Open-minded team

DQS: Simply leveraging Quality.

Our success is based on our highly qualified and experienced auditors. They have completed professional training and/or a degree, have extensive experience with management techniques and management systems, and have proven practical experience in the various industries they audit.

Would you like to join a dynamic team of auditors and further expand the success of DQS? If you meet the above requirements and are interested in becoming a certified auditor with DQS, please send us your CV to

Apply Now

Job ads

Haven't found the right one for you yet? Feel free to take another look at our overview.

Back to the overview

• Who we're looking for: An experienced Information Security Manager to lead the implementation and ongoing maturity of our Information Security Management System (ISMS), ensure alignment with ISO 27001:2022, and manage risk across the business.
• The challenge: To own the ISMS documentation and audit programme, coordinate internal and external audits, oversee the risk register, and support internal teams on policy compliance and security awareness.
• Where you'll work: This role will be based in Cape Town, you'll be part of our global team, collaborating with colleagues and serving customers across the UK, USA, Australia, South Africa, and beyond. Our hybrid approach offers flexibility with regular team connection in our Cape Town office.

The Tillo Difference

We're in the business of rewards and incentives, so we know a thing or two about the importance of giving back. We can't grow as a business without growing as individuals, so we are committed to providing a workplace where passionate, driven individuals can thrive. We value collaboration, trust, positivity, and a willingness to learn - only by working as a team will we reach our goals.

We're the market leader in the UK and are active in a number of other markets including USA, Europe, Australia and India.

This role will be responsible for:

• ISMS Ownership & Audit Readiness

• Maintain and evolve the ISMS documentation and controls in line with ISO 27001:2022.

• Coordinate and lead internal audits (quarterly for TZ) and external certification audits.
• Write up audit findings and risk reports for SLT and the Board.
• Monitor ISMS KPIs and compliance metrics .

• Risk Management

• Own the company-wide risk register and associated documentation (excluding the risk framework itself).

• Support teams in identifying, assessing, and documenting risks.
• Track and ensure timely implementation of Risk Treatment Plans.
• Monitor and report on key risk metrics.

• Incident & Corrective Action Management

• Maintain the incident log, ensuring proper documentation, root cause analysis and closure.

• Drive corrective actions and improvements from internal/external audits and incidents.

• Security Policy & Training

• Maintain and develop ISO 27001-compliant security policies (non-Engineering).

• Coordinate business-wide security awareness training (e.g., KnowBe4).
• Champion InfoSec awareness and lead monthly security meetings.

• Client & Vendor Security Assurance

• Complete InfoSec and risk sections of client due diligence questionnaires.

• Support the development of a Trust Centre to streamline security responses.

What we're looking for

• 3+ years in an Information Security or Risk Management role with experience in ISO 27001 implementation and audits.
• A strong understanding of risk frameworks, internal controls, and compliance management.
• Experience with audit coordination and ISMS documentation.
• The ability to translate technical and regulatory language into business-friendly advice.
• Working knowledge of privacy, AML, and business continuity requirements.
• Familiarity with InfoSec tooling (e.g., Drata, Vanta, KnowBe4).
• Exceptional communication, reporting and organisational skills.

Benefits

We offer all our employees trust and empower our team to work with flexibility and autonomy. We're a close-knit team and love working collaboratively, with our hybrid model, our team can come together at our fantastic offices, but also focus in their own space. The Tillo team are a motivated bunch and we all work hard to push Tillo forwards, always innovating. We completely understand the importance of work/life balance and offer a supportive and collaborative working environment with the following benefits:

• 21 days holiday per annum
• Retirement Fund (5%)
• Health insurance contribution
• Employee Incentive Scheme
• Hybrid Working
• Top spec equipment including laptop, mouse, keyboard, monitor
• Anniversary gifts
• Monthly breakfasts, drinks, snacks and events
• Team Learning & Development budget

Tillo makes gift cards, rewards, and incentives simple, efficient, and profitable. Operating in over 37 markets and 25 currencies, Tillo processes billions in gift card transactions through a single, plug-and-go API, powering rewards and incentives for the world's leading businesses.

Backed by Tenzing, Tillo is setting the global standard for digital gift card infrastructure.

Diversity, Equity, and Inclusion Statement

We are committed to fostering a diverse and inclusive workplace where everyone feels valued and respected. We welcome applications from individuals of all backgrounds, regardless of age, disability, gender identity, marital status, race, ethnicity, religion or belief, sex, or sexual orientation.

If you require any reasonable adjustments during the recruitment process, please let us know, and we will be happy to accommodate your needs.

Information Security Analyst

Acacium Group – Woodstock, Cape Town

Permanent, Full Time

Salary: R35 000 per month plus amazing benefits

Unlock Your Potential

Are you a technically minded individual with a passion for cybersecurity? Are you eager to grow and develop within a global organisation?

This is an excellent entry-level opportunity to launch your career in Information Security.

As an Information Security Analyst, you will play a key role in supporting our security operations and governance frameworks. You'll work closely with both technical teams—such as Infrastructure, Service Delivery, and Application Management—and non-technical teams including Legal, Compliance, HR, Audit, and Risk. You'll also engage with end users to promote best practices and ensure ongoing compliance across the organisation.

Every Day, You Will…

• Conduct threat hunting activities to proactively identify and mitigate risks.
• Assist in security incident management, including triaging alerts and coordinating responses.
• Support regular reviews of suppliers, project risks, and user access.
• Help update IT security policies and practices.
• Deliver and assess IT Security & Cyber Awareness training, audits, and testing.
• Contribute to maintaining compliance with standards like ISO 27001, Cyber Essentials Plus, NHS DSP Toolkit, and GDPR.
• Compile monthly and quarterly security reports.
• Assist in cyber incident response and business continuity efforts.

What's In It For You?

• Hands-on technical training and exposure to a wide range of systems
• Opportunities to earn certifications in the Information Security field
• Access to senior stakeholders and involvement in impactful corporate projects
• Mentorship from experienced professionals to guide your development
• A strong focus on your career growth, with the tools, support, and guidance to help you thrive
• Unmatched career progression, thanks to being part of a global group spanning healthcare, staffing, and life sciences
• Exciting events and incentives, both locally and across the wider group
• Employer contributions to medical aid
• Subsidised transport options

Join Us and Make a Difference

Acacium Group is a global healthcare solutions partner offering staffing, managed services, and innovative delivery models to health and social care systems and the life sciences industry. We are powered by the best people and have an unrivalled and diverse range of capabilities, all while incorporating our company values into everything we do:

Putting People First, Always by Your Side, Driven by Excellence.

Join us and play a key part in shaping the future of society and improving people's lives

To Thrive in This Role, You Must Have…

• A positive, logical, and proactive approach to problem-solving
• Strong organisational and time management skills
• The ability to prioritise tasks and deliver high-quality outcomes
• Clear written communication skills, especially when creating technical documentation for non-technical audiences
• The ability to identify and manage risks within the business and Information Security framework
• Confidence and strong verbal communication skills
• CompTIA Security+
• Microsoft Security Operations Analyst

Employment Equity

The Company's approved Employment Equity Plan and Targets will be considered as part of the recruitment process. As an Equal Opportunities employer, we actively encourage and welcome people with various disabilities to apply.

Designation:

Information Security Manager | Waterfall, Midrand, Gauteng | Permanent

Category:

Information Technology

Job Level:

Professionally qualified and experienced specialists and mid-management

Posted by:

PSG Financial Services

Posted on:

03 Oct 2025

Reference Number:

POS08450

Closing date:

30-Oct-2025

Position Type:

Permanent

Location:

Waterfall Magwa Crescent

Overview:

VACANCY | INFORMATION SECURITY MANAGER | WATERFALL, MIDRAND, GAUTENG | PERMANENT

PSGs commitment to transform and embrace diversity is what drives us to achieve a diverse workplace with employment equity as a key goal to create an inclusive workforce. In achieving our employment equity goals, we give preference to applicants from designated groups, and we encourage people with disability to apply.

The Information Security Manager will lead PSG's cybersecurity strategy, governance, and operations across a hybrid cloud infrastructure. This includes managing Microsoft security capabilities, integrating firewall technologies, overseeing the Cyber Security Operations Center (SOC), and ensuring compliance with regulatory and industry standards. The role also includes managing BYOD risks, securing branch networks, and aligning with globally recognized frameworks such as the NIST Cybersecurity Framework and Joint Security Standards (JSS).

• Develop and maintain PSG's enterprise-wide cybersecurity strategy aligned with business objectives and regulatory requirements.
• Establish and enforce security governance frameworks, policies, and standards.
• Ensure alignment with the NIST Cybersecurity Framework (Identify, Protect, Detect, Respond, Recover) and Joint Security Standards.
• Lead the implementation of relevant security compliance initiatives.
• Collaborate with divisional CIOs and executive leadership to align security posture across business units.
• Monitor emerging threats, regulatory changes, and industry trends to inform strategic decisions.

• Design secure solutions for hybrid environments (on-prem + Azure).
• Integrate security into infrastructure and application projects.
• Manage identity and access controls, including Azure AD, MFA, and privileged access management.

• Manage day-to-day security monitoring, incident handling, and threat intelligence.
• Administer Microsoft 365 security features: Defender for Endpoint, Purview, Sentinel, Conditional Access, etc.
• Ensure endpoint, network, and cloud security controls are effectively implemented and monitored.
• Implement and enforce BYOD policies, including mobile device management (MDM), data loss prevention (DLP), and secure access controls.
• Secure branch office networks, including firewalls, VPNs, segmentation, and remote access protocols.

• Develop and manage the annual cybersecurity budget, including licensing, tools, training, and consulting services.
• Track and report on security-related expenditures, ROI, and risk mitigation outcomes.
• Support procurement and vendor management for security solutions.

• Oversee 24/7 SOC operations, ensuring effective threat detection, incident response, and escalation.
• Define SOC roles, workflows, and incident response playbooks.
• Integrate SIEM, SOAR, and threat intelligence platforms for proactive defense.
• Monitor and improve KPIs such as MTTD (Mean Time to Detect) and MTTR (Mean Time to Respond).
• Coordinate with external threat intelligence providers and law enforcement when necessary.

• Oversee the deployment, maintenance, and upgrade of security technologies including Microsoft 365 E3/E5 and Hailstone platforms.
• Ensure timely patching, configuration updates, and feature adoption.
• Maintain compatibility and integration of security tools with PSG's hybrid infrastructure.
• Document system configurations and update operational procedures regularly.

• Conduct regular risk assessments, vulnerability scans, and penetration tests.
• Ensure compliance with POPIA, GDPR, NIST CSF, JSS, and other relevant regulations and frameworks.
• Maintain a risk register and track mitigation actions.
• Coordinate internal and external audits and ensure timely remediation of findings.

• Lead organization-wide cybersecurity awareness programs.
• Deliver targeted training for IT, business, and executive teams.
• Promote secure behaviour and incident reporting culture.

• Build and lead a high-performing cybersecurity team, leveraging SOC analysts, engineers, and compliance specialists.
• Define clear roles, responsibilities, and performance expectations.
• Conduct regular coaching, performance reviews, and career development planning.
• Foster a culture of accountability, innovation, and continuous improvement.
• Promote cybersecurity awareness and ownership across all departments.

• Prepare operational, executive-level reports on security posture, risk exposure, and compliance status.

• Bachelor's degree in Computer Science, Information Technology, or related field.
• 8+ years of IT Security experience, with 5+ years in a leadership role.
• CISSP, CISM, or equivalent
• Microsoft Certified: Cybersecurity Architect Expert
• GIAC Security Operations (GSOM) or equivalent SOC certification
• Familiarity with scripting (PowerShell, Bash) and automation tools.

• Microsoft 365 and SharePoint Online
• Proven experience in cybersecurity leadership within hybrid cloud environments.
• Deep knowledge of Microsoft 365 E3/E5 security stack and Hailstone technologies.
• Strong understanding of SIEM, SOAR, threat intelligence, and SOC operations.
• Experience managing BYOD environments and securing distributed branch networks.
• Familiarity with ISO/IEC 27001, ISO/IEC 2000, NIST, and CIS controls.
• Excellent communication, stakeholder engagement, and team leadership skills.
• Technical documentation

• Strong leadership and problem-solving skills.
• Attention to detail
• Decision making
• Leadership
• Attention to detail
• Resilience
• Good verbal and written communication skills
• Time management skills
• Deadline driven

Candidates interested must apply here by no later than 30 October 2025 OR browse available PSG Careers vacancies

By submitting your application, you are giving PSG Financial Services implicit consent to the storage and processing of your personal information. If you are not contacted within 4 weeks of your application, please accept that your application was not successful. For more information about careers at PSG, visit

Designation: Information Security Manager | Waterfall, Midrand, Gauteng | Permanent

Category: Information Technology

Job Level: Professionally qualified and experienced specialists and mid-management

Posted by: PSG Financial Services

Posted on: 03 Oct 2025

Reference Number: POS08450

Closing date: 30-Oct-2025

Position Type: Permanent

Location: Waterfall Magwa Crescent

Overview
VACANCY | INFORMATION SECURITY MANAGER | WATERFALL, MIDRAND, GAUTENG | PERMANENT
PSGs commitment to transform and embrace diversity is what drives us to achieve a diverse workplace with employment equity as a key goal to create an inclusive workforce. In achieving our employment equity goals, we give preference to applicants from designated groups, and we encourage people with disability to apply.

Job Description
The Information Security Manager will lead PSG's cybersecurity strategy, governance, and operations across a hybrid cloud infrastructure. This includes managing Microsoft security capabilities, integrating firewall technologies, overseeing the Cyber Security Operations Center (SOC), and ensuring compliance with regulatory and industry standards. The role also includes managing BYOD risks, securing branch networks, and aligning with globally recognized frameworks such as the NIST Cybersecurity Framework and Joint Security Standards (JSS).

*Responsibilities:
Strategic Leadership & Governance *

• Develop and maintain PSG's enterprise-wide cybersecurity strategy aligned with business objectives and regulatory requirements.
• Establish and enforce security governance frameworks, policies, and standards.
• Ensure alignment with the NIST Cybersecurity Framework (Identify, Protect, Detect, Respond, Recover) and Joint Security Standards.
• Lead the implementation of relevant security compliance initiatives.
• Collaborate with divisional CIOs and executive leadership to align security posture across business units.
• Monitor emerging threats, regulatory changes, and industry trends to inform strategic decisions.

*Architecture & Identity Management *

• Design secure solutions for hybrid environments (on-prem + Azure).
• Integrate security into infrastructure and application projects.
• Manage identity and access controls, including Azure AD, MFA, and privileged access management.

*Security Operations *

• Manage day-to-day security monitoring, incident handling, and threat intelligence.
• Administer Microsoft 365 security features: Defender for Endpoint, Purview, Sentinel, Conditional Access, etc.
• Ensure endpoint, network, and cloud security controls are effectively implemented and monitored.
• Implement and enforce BYOD policies, including mobile device management (MDM), data loss prevention (DLP), and secure access controls.
• Secure branch office networks, including firewalls, VPNs, segmentation, and remote access protocols.

*Financial Management *

• Develop and manage the annual cybersecurity budget, including licensing, tools, training, and consulting services.
• Track and report on security-related expenditures, ROI, and risk mitigation outcomes.
• Support procurement and vendor management for security solutions.

*Cyber Security Operations Center (SOC) Oversight *

• Oversee 24/7 SOC operations, ensuring effective threat detection, incident response, and escalation.
• Define SOC roles, workflows, and incident response playbooks.
• Integrate SIEM, SOAR, and threat intelligence platforms for proactive defense.
• Monitor and improve KPIs such as MTTD (Mean Time to Detect) and MTTR (Mean Time to Respond).
• Coordinate with external threat intelligence providers and law enforcement when necessary.

*Security Technology Lifecycle Management *

• Oversee the deployment, maintenance, and upgrade of security technologies including Microsoft 365 E3/E5 and Hailstone platforms.
• Ensure timely patching, configuration updates, and feature adoption.
• Maintain compatibility and integration of security tools with PSG's hybrid infrastructure.
• Document system configurations and update operational procedures regularly.

*Risk Management & Compliance *

• Conduct regular risk assessments, vulnerability scans, and penetration tests.
• Ensure compliance with POPIA, GDPR, NIST CSF, JSS, and other relevant regulations and frameworks.
• Maintain a risk register and track mitigation actions.
• Coordinate internal and external audits and ensure timely remediation of findings.

*Awareness, Education & Training *

• Lead organization-wide cybersecurity awareness programs.
• Deliver targeted training for IT, business, and executive teams.
• Promote secure behaviour and incident reporting culture.

*Team Leadership & Culture *

• Build and lead a high-performing cybersecurity team, leveraging SOC analysts, engineers, and compliance specialists.
• Define clear roles, responsibilities, and performance expectations.
• Conduct regular coaching, performance reviews, and career development planning.
• Foster a culture of accountability, innovation, and continuous improvement.
• Promote cybersecurity awareness and ownership across all departments.

*Reporting *

• Prepare operational, executive-level reports on security posture, risk exposure, and compliance status.

*Minimum requirements: *

• Bachelor's degree in Computer Science, Information Technology, or related field.
• 8+ years of IT Security experience, with 5+ years in a leadership role.
• CISSP, CISM, or equivalent
• Microsoft Certified: Cybersecurity Architect Expert
• GIAC Security Operations (GSOM) or equivalent SOC certification
• Familiarity with scripting (PowerShell, Bash) and automation tools.

*Experience in the following technologies and concepts: *

• Microsoft 365 and SharePoint Online
• Proven experience in cybersecurity leadership within hybrid cloud environments.
• Deep knowledge of Microsoft 365 E3/E5 security stack and Hailstone technologies.
• Strong understanding of SIEM, SOAR, threat intelligence, and SOC operations.
• Experience managing BYOD environments and securing distributed branch networks.
• Familiarity with ISO/IEC 27001, ISO/IEC 2000, NIST, and CIS controls.
• Excellent communication, stakeholder engagement, and team leadership skills.
• Technical documentation

*Competencies required: *

• Strong leadership and problem-solving skills.
• Attention to detail
• Decision making
• Leadership
• Attention to detail
• Resilience
• Good verbal and written communication skills
• Time management skills
• Deadline driven

*How to apply: *
Candidates interested must apply here by no later than 30 October 2025 OR browse available PSG Careers vacancies .

By submitting your application, you are giving PSG Financial Services implicit consent to the storage and processing of your personal information. If you are not contacted within 4 weeks of your application, please accept that your application was not successful. For more information about careers at PSG, visit

Company Description

INTERCERT is a multinational company headquartered in Texas, USA, operating in over 28 countries. Founded in 2009, INTERCERT is dedicated to building a secure and sustainable world through customer-centric services. We are accredited by leading organizations, including America's accreditation board under IAF for ISO Certification Services, Cloud Security Alliance for CSA STAR Certification services, AICPA CPA Firm for SOC1 & SOC2 Audit Attestation and CREST accreditation for PEN Testing Services. Our services also encompass CMMC, PCI DSS Certification, and Data Protection compliance for standards such as GDPR, HIPAA, and Cybersecurity frameworks. With a team of over 150 experienced assessors, we deliver global assessment services with a focus on compliance and excellence.

Role Description

This is a full-time, remote working role for an Information Security Analyst in South Africa. The Information Security Analyst will be responsible for day-to-day tasks such as assist with the planning and execution of GRC audits such as ISO 27001, ISO 22301, ISO 27701, SOC2, GDPR etc.

Qualifications

Bachelor's Degree or equivalent focused on Information
Security / Cybersecurity

Experience Level

0-6 months

Roles and Responsibilities

Assist with the planning and execution of GRC audits such as ISO 27001, ISO 22301, ISO 27701, SOC2, GDPR etc.

Help assess the design and effectiveness of internal controls, including business and IT controls.

Prepare reports and documentation for external audits and communicate audit findings and recommendations.

Stay updated on evolving regulatory changes, industry standards, and best practices related to GRC, risk management, and auditing.

Company Description

INTERCERT is a multinational company headquartered in Texas, USA, operating in over 28 countries. Founded in 2009, INTERCERT is dedicated to building a secure and sustainable world through customer-centric services. We are accredited by leading organizations, including America's accreditation board under IAF for ISO Certification Services, Cloud Security Alliance for CSA STAR Certification services, AICPA CPA Firm for SOC1 & SOC2 Audit Attestation and CREST accreditation for PEN Testing Services. Our services also encompass CMMC, PCI DSS Certification, and Data Protection compliance for standards such as GDPR, HIPAA, and Cybersecurity frameworks. With a team of over 150 experienced assessors, we deliver global assessment services with a focus on compliance and excellence.

Role Description

This is a full-time, on-site role for an Information Security Analyst / Interns at INTERCERT INC., located in South Africa. The Information Security Analyst / Intern will be responsible for day-to-day tasks such as assist with the planning and execution of GRC audits such as ISO 27001, ISO 22301, ISO 27701, SOC2, GDPR etc.

Qualifications

Bachelor's Degree or equivalent focused on Information
Security/Cybersecurity

Experience Level

0-6 months

Roles and Responsibilities

Assist with the planning and execution of GRC audits such as ISO 27001, ISO 22301, ISO 27701, SOC2, GDPR etc.

Help assess the design and effectiveness of internal controls, including business and IT controls.

Prepare reports and documentation for external audits and communicate audit findings and recommendations.

Stay updated on evolving regulatory changes, industry standards, and best practices related to GRC, risk management, and auditing.

Join Interfile—South Africa's leading Electronic Bill Presentment & Payment (EBPP) fintech—where we design, build, and run large-scale digital services used by millions, partnering with top banks, major corporates, and government. You'll work on modern architectures across both new builds and enhancements in a culture that prizes innovation, seamless integration, and exceptional delivery. We're customer-obsessed and known for helping organizations modernise. Our Fourways office—right across from Montecasino—offers a modern workspace with a Vitality-certified gym, canteen, and great chill areas.

Purpose Of The Role
Lead and continuously improve our information security posture across on-prem and cloud—covering platforms, hardware, networks, and data centres. You'll drive vulnerability remediation through both automation and hands-on work, ensure compliance with POPIA, and design, implement, and uplift security standards and frameworks (e.g., ISO 27001/27002, NIST CSF 2.0). You'll also own risk management and incident response while championing a security-first culture across the business.

Responsibilities
Security Assessment & Management

• Conduct regular security assessments across infrastructure, applications, and data environments.
• Implement and manage SAST and DAST tools and processes.
• Track, report, and drive remediation of vulnerabilities and security issues.

Security Posture & Reporting

• Develop and maintain dashboards and reports that clearly communicate the organization's security posture.
• Define and track KPIs for security posture, remediation velocity, and compliance.
• Collaborate with internal teams to ensure visibility and accountability for remediation efforts.

Automation & Remediation

• Design and implement automated security controls and remediation workflows.
• Work with DevOps and IT teams to integrate security into CI/CD pipelines.

Compliance & Regulatory Alignment

• Ensure alignment with POPIA and other applicable data protection regulations.
• Support audits and compliance reporting requirements.
• Work with legal and compliance teams to ensure data handling aligns with privacy laws.

Standards & Frameworks

• Contribute to the design and rollout of security standards such as ISO 20027.
• Align security practices with NIST CSF 2.0 and other relevant frameworks.

Risk Management

• Conduct risk assessments and maintain a security risk register.
• Collaborate with business units to understand and mitigate security risks tied to operations and products.

Incident Response & Forensics

• Develop and maintain incident response plans.
• Lead investigations into security breaches and coordinate post-incident reviews.

Security Awareness & Training

• Design and deliver security awareness programs for staff.
• Promote a security-first culture across technical and non-technical teams.

Third-Party & Vendor Security

• Assess and manage security risks related to vendors, partners, and third-party services.
• Ensure contracts and SLAs include appropriate security clauses.

Secure Architecture & Design

• Participate in solution architecture reviews to ensure security is embedded from the start.

Advise on secure design patterns and threat modeling.

Requirements (Essential)

• Bachelor's degree in Information Security, Computer Science, or related field.
• At least one security certification: CISSP, CISM, CEH, CompTIA Security+, ISO 27001 Lead Implementer (or similar).
• 5+ years in an information security role (or similar).
• Proven security experience across infrastructure, applications, and data environments.
• Hands-on with SAST/DAST tools (e.g., SonarQube, OWASP ZAP, Burp Suite).
• Strong vulnerability management and remediation workflow expertise.
• Familiarity with automation/scripting (e.g., Python, PowerShell) and CI/CD tooling.
• Working knowledge of POPIA and other data-protection regulations.
• Experience with security frameworks (e.g., NIST CSF, ISO 27001/27002).
• Ability to communicate technical risks and remediation plans to non-technical stakeholders.

Nice to Have (Desirable)

• Proactive, detail-oriented, strong sense of ownership.
• Comfortable collaborating across multiple teams and disciplines.
• Passion for security, compliance, and continuous improvement.
• Multiple or advanced security certifications.

Let's Write Africa's Story Together
Old Mutual is a firm believer in the African opportunity and our diverse talent reflects this.

Job Description
Qualification

• Bachelor's Degree in Information Security discipline or Computer-related field. An Honours or Master's Degree is preferred.
• Relevant ISO trainings and certifications from a recognised institution
• Agile certification from a recognised institution is advantageous

Attributes

• Business acumen
• Effective communication and teamwork skills
• Threat analysis and problem-solving skills
• Ethical judgement and confidentiality
• Proven leadership skills

Experience

• 10+ years of experience in information security industry or similar
• Experience with Agile methodologies, e.g. SAFe, Scrum, LeSS, etc.

Skills And Knowledge
ADDITIONAL QUALIFICATIONS/EXPERIENCE (
PREFERRED, NOT A REQUIREMENT
)

• Security architecture and design
• Security frameworks and methodologies i.e. NIST, ISO 27001, CIS Controls, etc.
• Risk management and incident response
• Network, application and cloud security principles
• Expert understanding of compliance and regulatory frameworks and standards

The CISO oversees an Old Mutual's information, cyber and technology security strategy, vision and implementation. The CISO's responsibilities include developing, implementing and enforcing security policies to protect critical organization data

The Chief Information Security Officer (CISO) will be a thought leader in the area of information security for the organization. The CISO will establish information security strategy for the organization and direct the implementation and monitoring of information security standards and policies. The CISO will provide information security guidance to executive leadership within the organization by recommending information security investments which mitigate risks, strengthen defenses, and reduce vulnerabilities for development, internal and client facing systems and products. This role is part of the leadership team of Operations and Corporate Governance across OML. The role is accountable for achieving strategic objectives through other managers and their teams over periods of 3 to 5 years.

• Information security strategy and governance – Develop and implement an information security strategy that aligns with the Old Mutual's overall business goals and objectives. Establish and enforce security governance frameworks, policies and procedures to ensure compliance and risk management.
• Risk management – Oversee the regular conduct of risk assessments to identify, evaluate and prioritise security risks to Old Mutual. Develop and implement risk mitigation strategies and controls to address identified security risks and vulnerabilities.
• Incident management and response – Develop, maintain and test an incident response plan to address and manage security incidents effectively. Lead and coordinate the response to security incidents, including communication with stakeholders and external parties.
• Compliance and regulatory adherence – Ensure compliance with relevant laws, regulations and industry standards related to information security.
• Security architecture and technology – Design and oversee the implementation of security architecture to protect Old Mutual's information systems and data. Evaluate, select and manage security technologies and solutions that support Old Mutual's security objectives.
• Data protection and privacy – Implement measures to protect sensitive and critical data from unauthorised access, breaches and loss.
• Agile software development frameworks and implementation – Demonstrate an understanding of Agile frameworks (e.g. Scrum, SAFe, LeSS) including their principles, roles, ceremonies and artifacts. Be able to articulate the differences and benefits of each framework and apply them to different project scenarios.
• Evaluate emerging technology and trends – Identify opportunities for technology-driven improvements to enhance information security productivity and performance. Explore and pilot innovative technologies and solutions that can provide a competitive advantage or significantly improve information security capabilities.
• Stakeholder and team collaboration – Build trust through strong delivery and product management practices for engaging within teams and stakeholders.

• Leadership and mentorship – Provide leadership, guidance and mentorship to various levels within Information Security teams.

• Maintaining Balance: Effectively balances personal priorities with the responsibility of directing and motivating team members, ensuring that individual and team objectives are aligned with organizational goals.

• Work Planning and Assignment: Develops comprehensive plans and assigns tasks strategically, considering individual strengths and workload capacity to optimize team productivity and efficiency.
• Guidance and Direction: Provides clear guidance and direction to team members, empowering them to achieve operational excellence standards while fostering a supportive and collaborative work environment.
• Performance Optimization: Cultivates a climate conducive to optimal performance by fostering open communication, providing constructive feedback, and recognizing and celebrating team achievements to motivate and inspire continuous improvement.

Skills
Competencies
Communication Technologies

Executing

Strategic

Education
Bachelor of Computer Science (BCoSc): Information Technology (Required)

Closing Date
19 October 2025 , 23:59

The appointment will be made from the designated group in line with the Employment Equity Plan of Old Mutual South Africa and the specific business unit in question.
The Old Mutual Story