205 Security Managers jobs in South Africa

Information Security Management System (ISMS) Specialist

Permanent

Midrand

Overview

We are a Supply Chain and Sales & Merchandising partner adding value to your business through a fully integrated, temperature-controlled network in Southern Africa.

But we are also more than that. We are people serving people. While we boast the best in tech and infrastructure, our people are our greatest resource. With our skilled, curious, can-do people at the forefront, our assets become your assets, our service your solutions.

Vector’s vehicle fleet includes a food industry first in ‘multi-temperature’ vehicles enabling the company to service business across frozen, chilled and ambient temperature zones on a single delivery.

Job Purpose
Information Security Management System (ISMS) Specialist isresponsible for the end-to-end implementation, maintenance, and continuousimprovement of the Information Security Management System (ISMS) in accordancewith ISO/IEC 27001 standards. The incumbent will play a pivotal role inensuring the confidentiality, integrity, and availability of our informationassets, while also ensuring compliance with legal and regulatory requirements.

Key Responsibilities

ISMS Development and Implementation:

• Lead the design, implementation, and continuous improvement of an ISMS aligned with ISO/IEC 27001 and other relevant frameworks (e.g., NIST, POPIA, CIS, CSA etc.).
• Develop, implement, and maintain information security policies, procedures, and guidelines.
• Assess existing information security practices and recommend improvements.

• Ensure the organization's ISMS aligns with business needs, regulatory requirements, and industry best practices.

Risk Assessment and Management:

• Perform risk assessments to identify potential security risks to the organization's information assets in alignment to ISO 31000.
• Develop risk treatment plans and assist in the implementation of risk mitigation strategies.
• Conduct ongoing risk assessments and audits to ensure the effectiveness of the ISMS.

Compliance and Audits:

• Ensure compliance with ISO/IEC 27001 and other industry standards and regulations.
• Prepare the organization for certification audits and support the audit process.
• Coordinate with auditors and certification bodies.
• Maintain records and documentation to ensure traceability and compliance with ISMS requirements.

Training and Awareness:

• Provide training to staff and management on information security best practices, policies, and compliance requirements.
• Promote a culture of information security awareness across the organization.
• Support the creation of an internal security awareness program.

Incident Response and Management:

• Assist in the development and testing of incident response plans.
• Provide guidance and support in handling information security incidents.
• Ensure incidents are documented and reported in accordance with regulatory and contractual obligations & assist in post-incident analysis to determine the cause and recommend preventive actions.

Continuous Improvement:

• Define and monitor ISMS-related KPIs and metrics.
• Monitor and report on the performance of the ISMS, identifying areas for improvement.
• Monitor compliance with security policies and procedures.
• Lead regular internal audits to assess the effectiveness of the ISMS.
• Recommend and implement improvements based on audit findings, risk assessments, and evolving industry practices.
• Keep up-to-date with emerging threats, vulnerabilities, and regulatory changes.

Vendor and Third-Party Risk Management:

• Assess and monitor third-party vendors and service providers for information security compliance.
• Assist in the integration of ISMS controls intothird-party contracts and SLAs.

Key Relationships

Key Relationship 1

• This role plays a critical role in managing and maintaining relationships with both internal and external stakeholders.
• These interactions are essential for ensuringthe organization’s security posture is robust and aligned with its strategicobjectives.

Qualifications, Skills and Experience Required for the Job

Qualifications and Experience

• Bachelor’s Degree: A bachelor’s degree in information security, Computer Science, Information Technology, or a related field is required.
• Mandatory Requirement: ISO27001 Lead Implementer
  Preferrable:ISO27001 Lead Auditor, Certified Information Security Manager (CISM), CertifiedInformation Systems Auditor (CISA)

• The ISMS Specialist role demands a robust combination of technical expertise, specialized knowledge, and strong leadership abilities. The ideal candidate must have an intrinsic understanding of the ISMS statement of applicability.
• The ideal candidate should possess in-depth knowledge of information security frameworks such as ISO/IEC 27001, NIST, and CIS Controls. Familiarity with IT governance frameworks (e.g., COBIT, ITIL)., and have extensive experience in risk management, incident response, and compliance, particularly with South African regulations like POPIA and the Cybercrimes Act.
• Soft skills such as excellent communication, adaptability, attention to detail, and ethical judgment are also vital, enabling the Information Security Compliance Specialist to convey complex security concepts, adapt to evolving threats, and uphold the highest standards of security and privacy within the organization. Experience in BIA, BCM, DR.Include experience in vulnerability management, patching, JML.
• Minimum of 7-10 years of experience in the field of information security, cybersecurity, or a related discipline, with at least 1-3 years in a managerial or leadership capacity. This experience should include hands-on management of security frameworks such as ISO/IEC 27001 and NIST, as well as significant exposure to risk management, incident response, and compliance with industry regulations.
• Proven experience of leading ISO/IEC 27001 certification projects and certification maintenance.
• Experience in working with ISO27001 certification bodies.
• Development of audit and ISMS remediation plans.
• Familiarity with data protection laws and industry regulations.
• Relevant professional certifications such as CISM, CRISC, or CISA, which validate their expertise in key areas of information security. Knowledge of security tools, including Microsoft Sentinel, CyberReason, and Microsoft Defender, is essential for managing the organization’s security posture effectively.

Skills and Competencies

• Strategic Thinking: Ability to align security strategies with business objectives and anticipate future challenges.
• Technical Expertise: Knowledge of security frameworks, technologies, and tools, with strong proficiency in threat analysis and mitigation.
• People Management: Strong leadership skills to build, manage, and effectively leverage external resources.
• Decision-Making and Judgment: High discretion in making critical security decisions, balancing immediate needs with long-term goals.
• Collaboration and Communication: Excellent interpersonal skills for engaging with both technical and non-technical stakeholders and building strong relationships.
• Problem-Solving and Analytical Skills: Strong analytical abilities to assess and resolve complex security issues across organizational boundaries.
• Compliance and Regulatory Knowledge: In-depth understanding of relevant regulations and standards, ensuring ongoing compliance.
• Adaptability and Resilience: Ability to adapt to changing security landscapes and manage high-pressure situations.
• Ethical Integrity: Commitment to upholding thehighest ethical standards in all security practices

We look forward to hearing from you!

#J-18808-Ljbffr

Information Security Management System (ISMS) Specialist Permanent Midrand Overview We are a Supply Chain and Sales & Merchandising partner adding value to your business through a fully integrated, temperature-controlled network in Southern Africa. But we are also more than that. We are people serving people. While we boast the best in tech and infrastructure, our people are our greatest resource. With our skilled, curious, can-do people at the forefront, our assets become your assets, our service your solutions. Vector’s vehicle fleet includes a food industry first in ‘multi-temperature’ vehicles enabling the company to service business across frozen, chilled and ambient temperature zones on a single delivery. Job PurposeInformation Security Management System (ISMS) Specialist isresponsible for the end-to-end implementation, maintenance, and continuousimprovement of the Information Security Management System (ISMS) in accordancewith ISO/IEC 27001 standards. The incumbent will play a pivotal role inensuring the confidentiality, integrity, and availability of our informationassets, while also ensuring compliance with legal and regulatory requirements. Key Responsibilities ISMS Development and Implementation: Lead the design, implementation, and continuous improvement of an ISMS aligned with ISO/IEC 27001 and other relevant frameworks (e.g., NIST, POPIA, CIS, CSA etc.). Develop, implement, and maintain information security policies, procedures, and guidelines. Assess existing information security practices and recommend improvements. Ensure the organization's ISMS aligns with business needs, regulatory requirements, and industry best practices. Risk Assessment and Management: Perform risk assessments to identify potential security risks to the organization's information assets in alignment to ISO 31000. Develop risk treatment plans and assist in the implementation of risk mitigation strategies. Conduct ongoing risk assessments and audits to ensure the effectiveness of the ISMS. Compliance and Audits: Ensure compliance with ISO/IEC 27001 and other industry standards and regulations. Prepare the organization for certification audits and support the audit process. Coordinate with auditors and certification bodies. Maintain records and documentation to ensure traceability and compliance with ISMS requirements. Training and Awareness: Provide training to staff and management on information security best practices, policies, and compliance requirements. Promote a culture of information security awareness across the organization. Support the creation of an internal security awareness program. Incident Response and Management: Assist in the development and testing of incident response plans. Provide guidance and support in handling information security incidents. Ensure incidents are documented and reported in accordance with regulatory and contractual obligations & assist in post-incident analysis to determine the cause and recommend preventive actions. Continuous Improvement: Define and monitor ISMS-related KPIs and metrics. Monitor and report on the performance of the ISMS, identifying areas for improvement. Monitor compliance with security policies and procedures. Lead regular internal audits to assess the effectiveness of the ISMS. Recommend and implement improvements based on audit findings, risk assessments, and evolving industry practices. Keep up-to-date with emerging threats, vulnerabilities, and regulatory changes. Vendor and Third-Party Risk Management: Assess and monitor third-party vendors and service providers for information security compliance. Assist in the integration of ISMS controls intothird-party contracts and SLAs. Key Relationships Key Relationship 1 This role plays a critical role in managing and maintaining relationships with both internal and external stakeholders. These interactions are essential for ensuringthe organization’s security posture is robust and aligned with its strategicobjectives. Qualifications, Skills and Experience Required for the Job Qualifications and Experience Bachelor’s Degree: A bachelor’s degree in information security, Computer Science, Information Technology, or a related field is required. Mandatory Requirement: ISO27001 Lead ImplementerPreferrable: ISO27001 Lead Auditor, Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) The ISMS Specialist role demands a robust combination of technical expertise, specialized knowledge, and strong leadership abilities. The ideal candidate must have an intrinsic understanding of the ISMS statement of applicability. The ideal candidate should possess in-depth knowledge of information security frameworks such as ISO/IEC 27001, NIST, and CIS Controls. Familiarity with IT governance frameworks (e.g., COBIT, ITIL)., and have extensive experience in risk management, incident response, and compliance, particularly with South African regulations like POPIA and the Cybercrimes Act. Soft skills such as excellent communication, adaptability, attention to detail, and ethical judgment are also vital, enabling the Information Security Compliance Specialist to convey complex security concepts, adapt to evolving threats, and uphold the highest standards of security and privacy within the organization. Experience in BIA, BCM, DR. Include experience in vulnerability management, patching, JML. Minimum of 7-10 years of experience in the field of information security, cybersecurity, or a related discipline, with at least 1-3 years in a managerial or leadership capacity. This experience should include hands-on management of security frameworks such as ISO/IEC 27001 and NIST, as well as significant exposure to risk management, incident response, and compliance with industry regulations. Proven experience of leading ISO/IEC 27001 certification projects and certification maintenance. Experience in working with ISO27001 certification bodies. Development of audit and ISMS remediation plans. Familiarity with data protection laws and industry regulations. Relevant professional certifications such as CISM, CRISC, or CISA, which validate their expertise in key areas of information security. Knowledge of security tools, including Microsoft Sentinel, Cyber Reason, and Microsoft Defender, is essential for managing the organization’s security posture effectively. Skills and Competencies Strategic Thinking: Ability to align security strategies with business objectives and anticipate future challenges. Technical Expertise: Knowledge of security frameworks, technologies, and tools, with strong proficiency in threat analysis and mitigation. People Management: Strong leadership skills to build, manage, and effectively leverage external resources. Decision-Making and Judgment: High discretion in making critical security decisions, balancing immediate needs with long-term goals. Collaboration and Communication: Excellent interpersonal skills for engaging with both technical and non-technical stakeholders and building strong relationships. Problem-Solving and Analytical Skills: Strong analytical abilities to assess and resolve complex security issues across organizational boundaries. Compliance and Regulatory Knowledge: In-depth understanding of relevant regulations and standards, ensuring ongoing compliance. Adaptability and Resilience: Ability to adapt to changing security landscapes and manage high-pressure situations. Ethical Integrity: Commitment to upholding thehighest ethical standards in all security practices We look forward to hearing from you! #J-18808-Ljbffr

Information Security Management System (ISMS) Specialist Permanent Midrand Overview We are a Supply Chain and Sales & Merchandising partner adding value to your business through a fully integrated, temperature-controlled network in Southern Africa. But we are also more than that. We are people serving people. While we boast the best in tech and infrastructure, our people are our greatest resource. With our skilled, curious, can-do people at the forefront, our assets become your assets, our service your solutions. Vector’s vehicle fleet includes a food industry first in ‘multi-temperature’ vehicles enabling the company to service business across frozen, chilled and ambient temperature zones on a single delivery. Job PurposeInformation Security Management System (ISMS) Specialist isresponsible for the end-to-end implementation, maintenance, and continuousimprovement of the Information Security Management System (ISMS) in accordancewith ISO/IEC 27001 standards. The incumbent will play a pivotal role inensuring the confidentiality, integrity, and availability of our informationassets, while also ensuring compliance with legal and regulatory requirements. Key Responsibilities ISMS Development and Implementation: Lead the design, implementation, and continuous improvement of an ISMS aligned with ISO/IEC 27001 and other relevant frameworks (e.g., NIST, POPIA, CIS, CSA etc.). Develop, implement, and maintain information security policies, procedures, and guidelines. Assess existing information security practices and recommend improvements. Ensure the organization's ISMS aligns with business needs, regulatory requirements, and industry best practices. Risk Assessment and Management: Perform risk assessments to identify potential security risks to the organization's information assets in alignment to ISO 31000. Develop risk treatment plans and assist in the implementation of risk mitigation strategies. Conduct ongoing risk assessments and audits to ensure the effectiveness of the ISMS. Compliance and Audits: Ensure compliance with ISO/IEC 27001 and other industry standards and regulations. Prepare the organization for certification audits and support the audit process. Coordinate with auditors and certification bodies. Maintain records and documentation to ensure traceability and compliance with ISMS requirements. Training and Awareness: Provide training to staff and management on information security best practices, policies, and compliance requirements. Promote a culture of information security awareness across the organization. Support the creation of an internal security awareness program. Incident Response and Management: Assist in the development and testing of incident response plans. Provide guidance and support in handling information security incidents. Ensure incidents are documented and reported in accordance with regulatory and contractual obligations & assist in post-incident analysis to determine the cause and recommend preventive actions. Continuous Improvement: Define and monitor ISMS-related KPIs and metrics. Monitor and report on the performance of the ISMS, identifying areas for improvement. Monitor compliance with security policies and procedures. Lead regular internal audits to assess the effectiveness of the ISMS. Recommend and implement improvements based on audit findings, risk assessments, and evolving industry practices. Keep up-to-date with emerging threats, vulnerabilities, and regulatory changes. Vendor and Third-Party Risk Management: Assess and monitor third-party vendors and service providers for information security compliance. Assist in the integration of ISMS controls intothird-party contracts and SLAs. Key Relationships Key Relationship 1 This role plays a critical role in managing and maintaining relationships with both internal and external stakeholders. These interactions are essential for ensuringthe organization’s security posture is robust and aligned with its strategicobjectives. Qualifications, Skills and Experience Required for the Job Qualifications and Experience Bachelor’s Degree: A bachelor’s degree in information security, Computer Science, Information Technology, or a related field is required. Mandatory Requirement: ISO27001 Lead ImplementerPreferrable: ISO27001 Lead Auditor, Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) The ISMS Specialist role demands a robust combination of technical expertise, specialized knowledge, and strong leadership abilities. The ideal candidate must have an intrinsic understanding of the ISMS statement of applicability. The ideal candidate should possess in-depth knowledge of information security frameworks such as ISO/IEC 27001, NIST, and CIS Controls. Familiarity with IT governance frameworks (e.g., COBIT, ITIL)., and have extensive experience in risk management, incident response, and compliance, particularly with South African regulations like POPIA and the Cybercrimes Act. Soft skills such as excellent communication, adaptability, attention to detail, and ethical judgment are also vital, enabling the Information Security Compliance Specialist to convey complex security concepts, adapt to evolving threats, and uphold the highest standards of security and privacy within the organization. Experience in BIA, BCM, DR. Include experience in vulnerability management, patching, JML. Minimum of 7-10 years of experience in the field of information security, cybersecurity, or a related discipline, with at least 1-3 years in a managerial or leadership capacity. This experience should include hands-on management of security frameworks such as ISO/IEC 27001 and NIST, as well as significant exposure to risk management, incident response, and compliance with industry regulations. Proven experience of leading ISO/IEC 27001 certification projects and certification maintenance. Experience in working with ISO27001 certification bodies. Development of audit and ISMS remediation plans. Familiarity with data protection laws and industry regulations. Relevant professional certifications such as CISM, CRISC, or CISA, which validate their expertise in key areas of information security. Knowledge of security tools, including Microsoft Sentinel, Cyber Reason, and Microsoft Defender, is essential for managing the organization’s security posture effectively. Skills and Competencies Strategic Thinking: Ability to align security strategies with business objectives and anticipate future challenges. Technical Expertise: Knowledge of security frameworks, technologies, and tools, with strong proficiency in threat analysis and mitigation. People Management: Strong leadership skills to build, manage, and effectively leverage external resources. Decision-Making and Judgment: High discretion in making critical security decisions, balancing immediate needs with long-term goals. Collaboration and Communication: Excellent interpersonal skills for engaging with both technical and non-technical stakeholders and building strong relationships. Problem-Solving and Analytical Skills: Strong analytical abilities to assess and resolve complex security issues across organizational boundaries. Compliance and Regulatory Knowledge: In-depth understanding of relevant regulations and standards, ensuring ongoing compliance. Adaptability and Resilience: Ability to adapt to changing security landscapes and manage high-pressure situations. Ethical Integrity: Commitment to upholding thehighest ethical standards in all security practices We look forward to hearing from you! #J-18808-Ljbffr

Information Security & Risk Management Analyst

Date Posted: 09/02/2025
Req ID: 45029
Faculty/Division: VP - Division of University Advancement
Department: Advancement Services
Campus: St. George (Downtown Toronto)
Position Number:

Description:

About us: The Division of University Advancement (DUA) aims to sustain and enhance the University’s academic mission, leadership, and worldwide impact, by engaging alumni and private sector constituents meaningfully in the mission of the University, building mutually beneficial relationships of increasing value and satisfaction over time.

DUA at the University of Toronto is engaged in a transformative agenda deeply rooted in the University’s vision for growth and innovation. We are focused on growing fundraising efforts; enhancing the effectiveness and satisfaction of alumni engagement and programs; building advancement talent capacity within and across divisions and creating an organization and culture that fosters diversity and inclusiveness.

Your opportunity:

The Information Security & Risk Management Analyst will join a dynamic and innovative team focused on delivering technology solutions with comprehensive analysis in support of DUA’s information systems and program initiatives.

The incumbent analyzes complex projects, business/operational practices, digital platforms, services and devices, for information security aspects such as disaster recovery, business continuity, and use of standard architecture design patterns and services such as enterprise identity and access management and standards-based application deployment. This work is realized by the execution of a Threat Risk Assessment (TRA). The incumbent reviews the storage, use, transmission and or modification of information within division and across the Advancement community, including restricted, confidential and public information, and other definitions as required by the business unit or project. The identification of potential information security and privacy risks is done through a Privacy Impact Assessments (PIA).

The incumbent helps develop and deliver outreach and awareness campaigns and contributes to guidelines and practices to implement University policy on the protection of digital assets, and information risk. The incumbent will bring highly developed interpersonal skills, and a strong information security posture to the team, in pursuit of information security goals. The responsibilities are designed to address information security and privacy risks to all types of assets, including the convergence of people, process, regulatory and technology risks.

The incumbent has frequent interaction with all levels of University Advancement community, including stakeholders in divisions and departments; and central departments such as FIPP Office. As a privacy subject matter expert, the incumbent provides guidance to stakeholders to help them assess and understand potential privacy risks. The incumbent will engage with stakeholders to understand current business processes and identify optimal strategies for transitioning these processes, workflows, and data to existing or new systems as well as leading complex system integration projects.

Your responsibilities will include:

• Analysing projects or business practices to identify potential privacy and security risks through Threat/Risk Assessments (TRA) and Privacy Impact Assessments (PIA)
• Conducting application vulnerability assessments and/or penetration testing and interpreting the results for business unit staff
• Preparing documents for the protection of restricted or confidential information, or need thereof, and the reduction of service risks such as loss of availability due to inadequate service design, compromise of services due to inadequate design or maintenance procedures through the application of University, industry and regulatory standards, guidelines and procedures
• Analysing and recommending options for risk management based on the assessment and knowledge of current and emerging information security threats to project owners or business units
• Training data users on privacy principles as they relate to their duties. Providing education and awareness to end-users units in understanding the University’s information security procedures, standards and guidelines.
• Implementing risk management plans and processes
• Keeping well-informed on changes to applicable regulatory and legislative requirements
• Advising clients and technical subject matter experts on best practice for documenting system requirements

Essential Qualifications:

• Bachelor's Degree or acceptable combination of equivalent experience.
• Minimum four years of related experience working in a similar capacity, with demonstrated experience in information security and risk management, and/or risk analysis.
• Experience in analysis of information system hardware, operating systems, middleware, application software, and network devices to find vulnerabilities or risks and provide recommendations on risk mitigations.
• Strong knowledge of privacy and security concepts, trends, and issues; including an understanding of their impact on business processes, as well as skills with interpretation and communication of principles and compliance requirements.
• Knowledge of applicable legislation such as Freedom of Information and Protection Act (FIPPA).
• Ability to interpret and apply University guidelines pertaining to access to records and the protection of privacy.
• Strong knowledge of information security frameworks, incident response practices, industry standards, trends, and issues.
• Experience and familiarity with a broad range of technologies (operating systems, networking, cloud and on-prem services, etc.) with the ability to find vulnerabilities provide recommendations for mitigation.
• Experience of Threat-Risk Assessment and Privacy Impact Assessment processes.
• Demonstrated strong analytical ability, attention to detail and problem-solving skills.
• Good organizational skills and the ability to work accurately and quickly under pressure with frequent interruptions.
• Demonstrated ability to exercise initiative, respond to changing priorities.
• Demonstrated effective oral and written communication skills including both technical and business writing, documentation and presentation skills.
• Ability to explain technical concepts to a wide range of non-technical users, both orally and in writing.
• Strong time management and organizational skills with the ability to work within tight timelines.
• Strong commitment to equity, diversity, inclusion, and the promotion of a respectful and collegial learning and working.

Assets (Nonessential):

• An appreciation for / exposure to information security and threat/risk analysis activities.
• Ability to identify areas of vulnerability in the use, storage or modification of personal information.
• Understanding of project management and procurement processes.
• Security and/or privacy certifications, or progress in their pursuit.
• ITIL foundations level (or higher) certification.
• Familiarity with the University environment, governance, and policies.

To be successful in this role you will be:

• Motivated self-learner
• Organized
• Perceptive
• Resilient

Closing Date: 09/11/2025, 11:59PM ET
Employee Group: USW
Appointment Type : Budget - Continuing
Schedule: Full-Time
Pay Scale Group & Hiring Zone:
USW Pay Band 12 -- $81,312, with an annual step progression to a maximum of $103,986. Pay scale and job class assignment is subject to determination pursuant to the Job Evaluation/Pay Equity Maintenance Protocol.
Job Category: Information Technology (IT)
Recruiter: Fiona Chan

Lived Experience Statement
Candidates who are members of Indigenous, Black, racialized and 2SLGBTQ+ communities, persons with disabilities, and other equity deserving groups are encouraged to apply, and their lived experience shall be taken into consideration as applicable to the posted position.

Diversity Statement

The University of Toronto embraces Diversity and is building a culture of belonging that increases our capacity to effectively address and serve the interests of our global community. We strongly encourage applications from Indigenous Peoples, Black and racialized persons, women, persons with disabilities, and people of diverse sexual and gender identities. We value applicants who have demonstrated a commitment to equity, diversity and inclusion and recognize that diverse perspectives, experiences, and expertise are essential to strengthening our academic mission.

As part of your application, you will be asked to complete a brief Diversity Survey. This survey is voluntary. Any information directly related to you is confidential and cannot be accessed by search committees or human resources staff. Results will be aggregated for institutional planning purposes. For more information, please see

Accessibility Statement

The University strives to be an equitable and inclusive community, and proactively seeks to increase diversity among its community members. Our values regarding equity and diversity are linked with our unwavering commitment to excellence in the pursuit of our academic mission.

The University is committed to the principles of the Accessibility for Ontarians with Disabilities Act (AODA). As such, we strive to make our recruitment, assessment and selection processes as accessible as possible and provide accommodations as required for applicants with disabilities.

If you require any accommodations at any point during the application and hiring process, please contact

#J-18808-Ljbffr

Information Security & Risk Management Analyst Date Posted: 09/02/2025Req ID: 45029Faculty/Division: VP - Division of University AdvancementDepartment: Advancement ServicesCampus: St. George (Downtown Toronto)Position Number: Description: About us: The Division of University Advancement (DUA) aims to sustain and enhance the University’s academic mission, leadership, and worldwide impact, by engaging alumni and private sector constituents meaningfully in the mission of the University, building mutually beneficial relationships of increasing value and satisfaction over time. DUA at the University of Toronto is engaged in a transformative agenda deeply rooted in the University’s vision for growth and innovation. We are focused on growing fundraising efforts; enhancing the effectiveness and satisfaction of alumni engagement and programs; building advancement talent capacity within and across divisions and creating an organization and culture that fosters diversity and inclusiveness. Your opportunity: The Information Security & Risk Management Analyst will join a dynamic and innovative team focused on delivering technology solutions with comprehensive analysis in support of DUA’s information systems and program initiatives. The incumbent analyzes complex projects, business/operational practices, digital platforms, services and devices, for information security aspects such as disaster recovery, business continuity, and use of standard architecture design patterns and services such as enterprise identity and access management and standards-based application deployment. This work is realized by the execution of a Threat Risk Assessment (TRA). The incumbent reviews the storage, use, transmission and or modification of information within division and across the Advancement community, including restricted, confidential and public information, and other definitions as required by the business unit or project. The identification of potential information security and privacy risks is done through a Privacy Impact Assessments (PIA). The incumbent helps develop and deliver outreach and awareness campaigns and contributes to guidelines and practices to implement University policy on the protection of digital assets, and information risk. The incumbent will bring highly developed interpersonal skills, and a strong information security posture to the team, in pursuit of information security goals. The responsibilities are designed to address information security and privacy risks to all types of assets, including the convergence of people, process, regulatory and technology risks. The incumbent has frequent interaction with all levels of University Advancement community, including stakeholders in divisions and departments; and central departments such as FIPP Office. As a privacy subject matter expert, the incumbent provides guidance to stakeholders to help them assess and understand potential privacy risks. The incumbent will engage with stakeholders to understand current business processes and identify optimal strategies for transitioning these processes, workflows, and data to existing or new systems as well as leading complex system integration projects. Your responsibilities will include: Analysing projects or business practices to identify potential privacy and security risks through Threat/Risk Assessments (TRA) and Privacy Impact Assessments (PIA) Conducting application vulnerability assessments and/or penetration testing and interpreting the results for business unit staff Preparing documents for the protection of restricted or confidential information, or need thereof, and the reduction of service risks such as loss of availability due to inadequate service design, compromise of services due to inadequate design or maintenance procedures through the application of University, industry and regulatory standards, guidelines and procedures Analysing and recommending options for risk management based on the assessment and knowledge of current and emerging information security threats to project owners or business units Training data users on privacy principles as they relate to their duties. Providing education and awareness to end-users units in understanding the University’s information security procedures, standards and guidelines. Implementing risk management plans and processes Keeping well-informed on changes to applicable regulatory and legislative requirements Advising clients and technical subject matter experts on best practice for documenting system requirements Essential Qualifications: Bachelor's Degree or acceptable combination of equivalent experience. Minimum four years of related experience working in a similar capacity, with demonstrated experience in information security and risk management, and/or risk analysis. Experience in analysis of information system hardware, operating systems, middleware, application software, and network devices to find vulnerabilities or risks and provide recommendations on risk mitigations. Strong knowledge of privacy and security concepts, trends, and issues; including an understanding of their impact on business processes, as well as skills with interpretation and communication of principles and compliance requirements. Knowledge of applicable legislation such as Freedom of Information and Protection Act (FIPPA). Ability to interpret and apply University guidelines pertaining to access to records and the protection of privacy. Strong knowledge of information security frameworks, incident response practices, industry standards, trends, and issues. Experience and familiarity with a broad range of technologies (operating systems, networking, cloud and on-prem services, etc.) with the ability to find vulnerabilities provide recommendations for mitigation. Experience of Threat-Risk Assessment and Privacy Impact Assessment processes. Demonstrated strong analytical ability, attention to detail and problem-solving skills. Good organizational skills and the ability to work accurately and quickly under pressure with frequent interruptions. Demonstrated ability to exercise initiative, respond to changing priorities. Demonstrated effective oral and written communication skills including both technical and business writing, documentation and presentation skills. Ability to explain technical concepts to a wide range of non-technical users, both orally and in writing. Strong time management and organizational skills with the ability to work within tight timelines. Strong commitment to equity, diversity, inclusion, and the promotion of a respectful and collegial learning and working. Assets (Nonessential): An appreciation for / exposure to information security and threat/risk analysis activities. Ability to identify areas of vulnerability in the use, storage or modification of personal information. Understanding of project management and procurement processes. Security and/or privacy certifications, or progress in their pursuit. ITIL foundations level (or higher) certification. Familiarity with the University environment, governance, and policies. To be successful in this role you will be: Motivated self-learner Organized Perceptive Resilient Closing Date: 09/11/2025, 11:59 PM ETEmployee Group: USWAppointment Type : Budget - ContinuingSchedule: Full-TimePay Scale Group & Hiring Zone: USW Pay Band 12 -- $81,312, with an annual step progression to a maximum of $103,986. Pay scale and job class assignment is subject to determination pursuant to the Job Evaluation/Pay Equity Maintenance Protocol. Job Category: Information Technology (IT)Recruiter: Fiona Chan Lived Experience Statement Candidates who are members of Indigenous, Black, racialized and 2 SLGBTQ+ communities, persons with disabilities, and other equity deserving groups are encouraged to apply, and their lived experience shall be taken into consideration as applicable to the posted position. Diversity Statement The University of Toronto embraces Diversity and is building a culture of belonging that increases our capacity to effectively address and serve the interests of our global community. We strongly encourage applications from Indigenous Peoples, Black and racialized persons, women, persons with disabilities, and people of diverse sexual and gender identities. We value applicants who have demonstrated a commitment to equity, diversity and inclusion and recognize that diverse perspectives, experiences, and expertise are essential to strengthening our academic mission.As part of your application, you will be asked to complete a brief Diversity Survey. This survey is voluntary. Any information directly related to you is confidential and cannot be accessed by search committees or human resources staff. Results will be aggregated for institutional planning purposes. For more information, please see Accessibility Statement The University strives to be an equitable and inclusive community, and proactively seeks to increase diversity among its community members. Our values regarding equity and diversity are linked with our unwavering commitment to excellence in the pursuit of our academic mission.The University is committed to the principles of the Accessibility for Ontarians with Disabilities Act (AODA). As such, we strive to make our recruitment, assessment and selection processes as accessible as possible and provide accommodations as required for applicants with disabilities.If you require any accommodations at any point during the application and hiring process, please contact #J-18808-Ljbffr

Application and Security Management Analyst

Experian Johannesburg, Gauteng, South Africa

Application and Security Management Analyst

Experian Johannesburg, Gauteng, South Africa

Get AI-powered advice on this job and more exclusive features.

Experian is a global data and technology company, powering opportunities for people and businesses around the world. We help to redefine lending practices, uncover and prevent fraud, simplify healthcare, create marketing solutions, and gain deeper insights into the automotive market, all using our unique combination of data, analytics and software. We also assist millions of people to realize their financial goals and help them save time and money.

We operate across a range of markets, from financial services to healthcare, automotive, agribusiness, insurance, and many more industry segments.

We invest in people and new advanced technologies to unlock the power of data. As a FTSE 100 Index company listed on the London Stock Exchange (EXPN), we have a team of 22,500 people across 32 countries. Our corporate headquarters are in Dublin, Ireland. Learn more at experianplc.com.

Experian is a global data and technology company, powering opportunities for people and businesses around the world. We help to redefine lending practices, uncover and prevent fraud, simplify healthcare, create marketing solutions, and gain deeper insights into the automotive market, all using our unique combination of data, analytics and software. We also assist millions of people to realize their financial goals and help them save time and money.

We operate across a range of markets, from financial services to healthcare, automotive, agribusiness, insurance, and many more industry segments.

We invest in people and new advanced technologies to unlock the power of data. As a FTSE 100 Index company listed on the London Stock Exchange (EXPN), we have a team of 22,500 people across 32 countries. Our corporate headquarters are in Dublin, Ireland. Learn more at experianplc.com.

Job Description

Principal Responsibilities

• Collaborate with technical and business teams to address security flaws and implement remediation plans.

• Oversee application security tasks, ensuring alignment with audit requirements and internal policies.

• Support change and incident management processes, with a focus on high-priority incidents (P1 & P2).

• Provide guidance to development and support teams on security-related ticket requirements and process expectations, ensuring SLA compliance.

• Act as a liaison with internal stakeholders to ensure clear communication and quality engagements.

• Support governance and administrative functions, including audit preparation and policy development.

• Compile and deliver regular reports, including weekly, monthly, and OSM-specific security metrics.

Required Key Skills (Functional/Technical)

Application Security & Vulnerability Management

• Familiarity with Common Vulnerability Scoring System (CVSS)

• Experience with tools like OWASP ZAP, Veracode, Rapid7 (on-prem), and Wiz.IO (cloud vulnerability management and CSPM)

• Track and assist in the closure of identified vulnerabilities, working closely with IT and Development teams

• Review and maintain secure configurations for systems, applications, and network devices

Security Fundamentals

• Working knowledge of encryption, authentication, and secure data transmission

• Knowledge of network security principles and firewall configurations

• Familiarity with SSO and MFA using OKTA, and directory services such as MS Active Directory

• Experience with CyberArk PAM for privileged access management

Security Information and Event Management (SIEM)

• Use of Splunk SIEM for real-time threat detection and log analysis

• Review and optimise SIEM use cases to enhance threat detection and response capabilities

Monitoring & Endpoint Security

• Experience with Tanium and MS Defender for server and endpoint security management

• Familiarity with IBM Guardium for database activity monitoring

• Exposure to Cyera for data identification and classification

Cloud & Infrastructure Security

• Experience with Wiz.IO for cloud security posture management (CSPM) and IaC scanning

• Understanding of secrets management using AWS Secrets Manager, Azure Key Vault, or GCP Secrets Manager

• Familiarity with Thales and AWS KMS/HSM for key management

Other Tools & Platforms

• Knowledge of SailPoint for identity governance

• Experience with CyCognito for external attack surface management

• Familiarity with Imperva for WAF, DDoS, and botnet protection

• Exposure to ProofPoint and MS Office365 Message Security for email security

• Use of 1Password for credential management

• Awareness of Netwrix for password policy enforcement

Qualifications

• Degree or equivalent qualifications and experience in Computer Science, Information Technology, Data or a related field Technical & Security Experience
• Experience with automated and manual methods for evaluating security controls in both on-prem and cloud environments
• Experience in monitoring and reporting on security flaws and supporting related remediation activities
• Familiarity with change management processes in technology environments Risk, Controls & Compliance
• Contribute to accurate statistical reporting on the market’s IT security posture
• Ensure first line of defence (1LoD) ownership of non-compliance issues, exception justifications, mitigation controls, and risk documentation
• Ensure accuracy and timely completion of control testing and remediations
• Collaborate with Security Partners, RISOs and other governance functions to drive remediation of identified security deficiencies
• Ability to compile management reports and presentations on technical risks, controls, and deficiencies Communication & Collaboration
• Strong ability to communicate complex information clearly and effectively
• Good collaboration, relationship-building, and interpersonal skills
• Act as primary liaison with internal, local and regional stakeholders, ensuring quality engagements and clear progress updates
  
  

Additional Information

Our uniqueness is that we celebrate yours. Experian's culture and people are important differentiators. We take our people agenda very seriously and focus on what matters; DEI, work/life balance, development, authenticity, collaboration, wellness, reward & recognition, volunteering. the list goes on. Experian's people first approach is award-winning; World's Best Workplaces 2024 (Fortune Top 25), Great Place To Work in 24 countries, and Glassdoor Best Places to Work 2024 to name a few. Check out Experian Life on social or our Careers Site to understand why.

Experian is proud to be an Equal Opportunity and Affirmative Action employer. Innovation is an important part of Experian's DNA and practices, and our diverse workforce drives our success. Everyone can succeed at Experian and bring their whole self to work, irrespective of their gender, ethnicity, religion, colour, sexuality, physical ability or age. If you have a disability or special need that requires accommodation, please let us know at the earliest opportunity.

Experian Careers - Creating a better tomorrow together

Find out what its like to work for Experian by clicking here

Seniority level

• Seniority level Not Applicable

Employment type

• Employment type Full-time

Job function

• Job function Information Technology

Referrals increase your chances of interviewing at Experian by 2x

Sign in to set job alerts for “Application Security Analyst” roles.

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

#J-18808-Ljbffr

Overview

• Who we’re looking for: An experienced Information Security Manager to lead the implementation and ongoing maturity of our Information Security Management System (ISMS), ensure alignment with ISO 27001:2022, and manage risk across the business.

• The challenge: To own the ISMS documentation and audit programme, coordinate internal and external audits, oversee the risk register, and support internal teams on policy compliance and security awareness.

• Where you’ll work: This role will be based in Cape Town, you'll be part of our global team, collaborating with colleagues and serving customers across the UK, USA, Australia, South Africa, and beyond. Our hybrid approach offers flexibility with regular team connection in our Cape Town office.

The Tillo Difference

We are in the business of rewards and incentives, so we know the importance of giving back. We are committed to providing a workplace where passionate, driven individuals can thrive. We value collaboration, trust, positivity, and a willingness to learn — only by working as a team will we reach our goals.

We’re the market leader in the UK and are active in a number of other markets including USA, Europe, Australia and India.

Role responsibilities

• ISMS Ownership & Audit Readiness

  • Maintain and evolve the ISMS documentation and controls in line with ISO 27001:2022.

  • Coordinate and lead internal audits (quarterly for TZ) and external certification audits.

  • Write up audit findings and risk reports for SLT and the Board.

  • Monitor ISMS KPIs and compliance metrics.

• Risk Management

  • Own the company-wide risk register and associated documentation (excluding the risk framework itself).

  • Support teams in identifying, assessing, and documenting risks.

  • Track and ensure timely implementation of Risk Treatment Plans.

  • Monitor and report on key risk metrics.

• Incident & Corrective Action Management

  • Maintain the incident log, ensuring proper documentation, root cause analysis and closure.

  • Drive corrective actions and improvements from internal/external audits and incidents.

• Security Policy & Training

  • Maintain and develop ISO 27001-compliant security policies (non-Engineering).

  • Coordinate business-wide security awareness training (e.g., KnowBe4).

  • Champion InfoSec awareness and lead monthly security meetings.

• Client & Vendor Security Assurance

  • Complete InfoSec and risk sections of client due diligence questionnaires.

  • Support the development of a Trust Centre to streamline security responses.

What we’re looking for

• 3+ years in an Information Security or Risk Management role with experience in ISO 27001 implementation and audits.

• A strong understanding of risk frameworks, internal controls, and compliance management.

• Experience with audit coordination and ISMS documentation.

• The ability to translate technical and regulatory language into business-friendly advice.

• Working knowledge of privacy, AML, and business continuity requirements.

• Familiarity with InfoSec tooling (e.g., Drata, Vanta, KnowBe4).

• Exceptional communication, reporting and organisational skills.

Benefits

We offer all our employees trust and empower our team to work with flexibility and autonomy. We’re a close-knit team and love working collaboratively, with our hybrid model, our team can come together at our fantastic offices, but also focus in their own space. The Tillo team are a motivated bunch and we all work hard to push Tillo forwards, always innovating. We completely understand the importance of work/life balance and offer a supportive and collaborative working environment with the following benefits:

• 21 days holiday per annum

• Retirement Fund (5%)

• Health insurance contribution

• Employee Incentive Scheme

• Hybrid Working

• Top spec equipment including laptop, mouse, keyboard, monitor

• Anniversary gifts

• Monthly breakfasts, drinks, snacks and events

• Team Learning & Development budget

About Tillo

Tillo makes gift cards, rewards, and incentives simple, efficient, and profitable. Operating in over 37 markets and 25 currencies, Tillo processes billions in gift card transactions through a single, plug-and-go API, powering rewards and incentives for the world’s leading businesses. Backed by Tenzing, Tillo is setting the global standard for digital gift card infrastructure.

Diversity, Equity, and Inclusion Statement We are committed to fostering a diverse and inclusive workplace where everyone feels valued and respected. We welcome applications from individuals of all backgrounds, regardless of age, disability, gender identity, marital status, race, ethnicity, religion or belief, sex, or sexual orientation. If you require any reasonable adjustments during the recruitment process, please let us know, and we will be happy to accommodate your needs.

#J-18808-Ljbffr

Overview

Canonical is recruiting a Security Risk Management Specialist in Cape Town, Western Cape, South Africa.

What you will do

In security risk management we harness industry best practices and drive innovation in security risk assessments and modelling. The security risk management team owns the strategy and practices for identifying, tracking, and reducing Canonical's security risk across the organisation. You will help establish and execute a broad strategic vision for the security risk program and will work cross-functionally with teams across Canonical. The team contributes ideas for Canonical product security, improving the resilience and robustness of Ubuntu customers and users subject to cyber attacks. The team also collaborates with our Organisational Learning and Development team to develop playbooks and facilitate security training.

• Define Canonical's security risk management standards and playbooks
• Analyse and improve Canonical's security risk practices
• Evaluate, select and implement new security requirements, tools and practices
• Grow the presence and thought leadership of Canonical security risk management practice
• Develop Canonical security risk learning and development materials
• Work with Security leadership to present information and influence change
• Participate in developing key risk indicators, provide inputs to the development of key control indicators, and key performance indicators for various programs
• Apply statistical models to risk frameworks (such as FAIR, sensitivity analysis, and others)
• Participate in risk management, decision-making, and collaborative discussions
• Lead quantified risk assessments and understand the value of qualitative data for improvements to quality and engineering processes
• Interpret internal or external cyber security risk analyses in business terms and recommend a responsible course of action
• Develop templates and materials to help with self-service risk management actions
• Monitor and identify opportunities to improve the effectiveness of risk management processes
• Launch campaigns to perform security assessments and help mitigate security risks across the company
• Build evaluation methods and performance indicators to measure efficiency of security functions and capabilities

What we are looking for

• An exceptional academic track record
• Undergraduate degree in Computer Science or STEM, or a compelling narrative about your alternative path
• Drive and a track record of going above-and-beyond expectations
• Deep personal motivation to be at the forefront of technology security
• Leadership and management ability
• Excellent business English writing and presentation skills
• Problem-solver with excellent communication skills, a deep technical understanding of security assessments and risk management
• Expertise in threat modelling and risk management frameworks
• Broad knowledge of how to operationalize the management of security risk
• Experience in Secure Development Lifecycle and Security by Design methodology

What we offer

• Distributed work environment with twice-yearly team sprints in person
• Personal learning and development budget of USD 2,000 per year
• Annual compensation review
• Recognition rewards
• Annual holiday leave
• Maternity and paternity leave
• Employee Assistance Programme
• Opportunity to travel to new locations to meet colleagues
• Priority Pass, and travel upgrades for long haul company events

About Canonical

Canonical is a pioneering tech firm at the forefront of the global move to open source. As the company that publishes Ubuntu, one of the most important open source projects and the platform for AI, IoT and the cloud, we are changing the world on a daily basis. We recruit on a global basis and set a very high standard for people joining the company. We expect excellence — in order to succeed, we need to be the best at what we do. Canonical has been a remote-first company since its inception in 2004. Working here is a step into the future, and will challenge you to think differently, work smarter, learn new skills, and raise your game.

Canonical is an equal opportunity employer.

We are proud to foster a workplace free from discrimination. Diversity of experience, perspectives, and background create a better work environment and better products. Whatever your identity, we will give your application fair consideration.

Job details

• Seniority level: Entry level
• Employment type: Full-time
• Job function: Finance and Sales
• Industries: Software Development

#J-18808-Ljbffr