60 Security Managers jobs in Johannesburg

Role Overview

As Manager – AI Information Security, you would be responsible for designing and implementing advanced information security frameworks focused on AI systems. The role ensures the protection of sensitive data, compliance with regulations, and integration of security into AI development workflows. You'll collaborate with AI/ML engineering and data science teams to embed security practices and manage incidents, vulnerabilities, and third-party risks.

Key Responsibilities

• Develop AI-specific information security strategies, policies, and governance frameworks.
• Embed risk management best practices and update organisation’s security posture with emerging threat intelligence.
• Implement AI incident response frameworks in line with organisation's information security standards.
• Guide AI/ML engineers and data scientists on secure coding, threat modeling, and secure data workflows.
• Ensure compliance with global data privacy laws and evolving security regulations.
• Lead training initiatives to increase security awareness among AI teams.
• Oversee deployment and optimization of security monitoring tools for continuous AI ecosystem surveillance.
• Manage penetration testing, threat & vulnerability assessments, and drive resilience programs.
• Report security metrics, incidents, and compliance activities to senior leadership and AI Department.
• Align security processes with audit, ethics, and compliance standards.
• Coordinate third-party security assessments on AI tools and platforms.

Qualifications & Experience

• Education: Bachelor’s degree in Computer Science, IT, Cybersecurity, or related field. Information Security certifications are preferred.
• Experience:
  • Minimum of 4+ years in information or cybersecurity roles.
  • Demonstrated experience securing AI/ML-driven environments, ideally within telecom or similar sectors.
  • Proficiency in managing security incidents, risk assessments, vulnerabilities, and compliance audits.
• Skills:
  • Expertise in cybersecurity frameworks, AI/ML security, data privacy, and cloud platforms.
  • Proficient in vulnerability scanning, penetration testing, and incident response methodologies.
  • Strong stakeholder engagement and communication capabilities.

#J-18808-Ljbffr

Role Overview:

As Manager – AI Information Security, you would be responsible for designing and implementing advanced information security frameworks focused on AI systems. The role ensures the protection of sensitive data, compliance with regulations, and integration of security into AI development workflows. You'll collaborate with AI/ML engineering and data science teams to embed security practices and manage incidents, vulnerabilities, and third-party risks.

Key Responsibilities:

• Develop AI-specific information security strategies, policies, and governance frameworks.
• Embed risk management best practices and update organisation’s security posture with emerging threat intelligence.
• Implement AI incident response frameworks in line with organisation's information security standards.
• Guide AI/ML engineers and data scientists on secure coding, threat modeling, and secure data workflows.
• Ensure compliance with global data privacy laws and evolving security regulations.
• Lead training initiatives to increase security awareness among AI teams.
• Oversee deployment and optimization of security monitoring tools for continuous AI ecosystem surveillance.
• Manage penetration testing, threat & vulnerability assessments, and drive resilience programs.
• Report security metrics, incidents, and compliance activities to senior leadership and AI Department.
• Align security processes with audit, ethics, and compliance standards.
• Coordinate third-party security assessments on AI tools and platforms.
  
  

Qualifications & Experience:

• Education: Bachelor’s degree in Computer Science, IT, Cybersecurity, or related field. Information Security certifications are preferred.

• Experience:
  • Minimum of 4+ years in information or cybersecurity roles.
  • Demonstrated experience securing AI/ML-driven environments, ideally within telecom or similar sectors.
  • Proficiency in managing security incidents, risk assessments, vulnerabilities, and compliance audits.

• Skills:
  • Expertise in cybersecurity frameworks, AI/ML security, data privacy, and cloud platforms.
  • Proficient in vulnerability scanning, penetration testing, and incident response methodologies.
  • Strong stakeholder engagement and communication capabilities.

Role Overview As Manager – AI Information Security, you would be responsible for designing and implementing advanced information security frameworks focused on AI systems. The role ensures the protection of sensitive data, compliance with regulations, and integration of security into AI development workflows. You'll collaborate with AI/ML engineering and data science teams to embed security practices and manage incidents, vulnerabilities, and third-party risks. Key Responsibilities Develop AI-specific information security strategies, policies, and governance frameworks. Embed risk management best practices and update organisation’s security posture with emerging threat intelligence. Implement AI incident response frameworks in line with organisation's information security standards. Guide AI/ML engineers and data scientists on secure coding, threat modeling, and secure data workflows. Ensure compliance with global data privacy laws and evolving security regulations. Lead training initiatives to increase security awareness among AI teams. Oversee deployment and optimization of security monitoring tools for continuous AI ecosystem surveillance. Manage penetration testing, threat & vulnerability assessments, and drive resilience programs. Report security metrics, incidents, and compliance activities to senior leadership and AI Department. Align security processes with audit, ethics, and compliance standards. Coordinate third-party security assessments on AI tools and platforms. Qualifications & Experience Education: Bachelor’s degree in Computer Science, IT, Cybersecurity, or related field. Information Security certifications are preferred. Experience: Minimum of 4+ years in information or cybersecurity roles. Demonstrated experience securing AI/ML-driven environments, ideally within telecom or similar sectors. Proficiency in managing security incidents, risk assessments, vulnerabilities, and compliance audits. Skills: Expertise in cybersecurity frameworks, AI/ML security, data privacy, and cloud platforms. Proficient in vulnerability scanning, penetration testing, and incident response methodologies. Strong stakeholder engagement and communication capabilities. #J-18808-Ljbffr

Role Overview As Manager – AI Information Security, you would be responsible for designing and implementing advanced information security frameworks focused on AI systems. The role ensures the protection of sensitive data, compliance with regulations, and integration of security into AI development workflows. You'll collaborate with AI/ML engineering and data science teams to embed security practices and manage incidents, vulnerabilities, and third-party risks. Key Responsibilities Develop AI-specific information security strategies, policies, and governance frameworks. Embed risk management best practices and update organisation’s security posture with emerging threat intelligence. Implement AI incident response frameworks in line with organisation's information security standards. Guide AI/ML engineers and data scientists on secure coding, threat modeling, and secure data workflows. Ensure compliance with global data privacy laws and evolving security regulations. Lead training initiatives to increase security awareness among AI teams. Oversee deployment and optimization of security monitoring tools for continuous AI ecosystem surveillance. Manage penetration testing, threat & vulnerability assessments, and drive resilience programs. Report security metrics, incidents, and compliance activities to senior leadership and AI Department. Align security processes with audit, ethics, and compliance standards. Coordinate third-party security assessments on AI tools and platforms. Qualifications & Experience Education: Bachelor’s degree in Computer Science, IT, Cybersecurity, or related field. Information Security certifications are preferred. Experience: Minimum of 4+ years in information or cybersecurity roles. Demonstrated experience securing AI/ML-driven environments, ideally within telecom or similar sectors. Proficiency in managing security incidents, risk assessments, vulnerabilities, and compliance audits. Skills: Expertise in cybersecurity frameworks, AI/ML security, data privacy, and cloud platforms. Proficient in vulnerability scanning, penetration testing, and incident response methodologies. Strong stakeholder engagement and communication capabilities. #J-18808-Ljbffr

Director: Information Security (P5) (Information & Communication Systems: Management Information Systems)

Advert reference: uj_

Advert status: Online

Apply by: 21 February 2025

Position Summary

Job category: Education and Training

Campus: Auckland Park Kingsway Campus

Contract: Permanent

Remuneration: Market Related

EE position: EE

Introduction

The University of Johannesburg (UJ) is a vibrant and cosmopolitan university, anchored in Africa and driven by a powerful strategy focused on attaining global excellence and stature (GES). With an emphasis on independent thinking, sustainable development, and strategic partnerships, UJ is an international university of choice. The University is guided by the Vice-Chancellor’s vision of “Positioning UJ in the Fourth Industrial Revolution (4IR) for societal impact in the context of the changing social, political, and economic fortunes of Africa”.

Reporting to the Chief Information Officer within the Information and Communications Systems (ICS) Department, the Director of Information Security Management will be responsible for developing and implementing security strategies, policies and procedures to protect the organisation's data, systems and technology infrastructure from cyber threats and vulnerabilities. Upon joining the Department, you will:

• Be situated at the Auckland Park Kingsway Campus, but not excluded from supporting all campuses.
• Fulfil management, leadership, technical and administrative roles in the Department.

Responsibilities:

If you join the Department, you will:

• Establish an Information Security Management and Protection Framework for developing and implementing an effective enterprise-wide Information Security Governance and Strategy Programme.
• Define a Cybersecurity strategy and operating model aligned with UJ business objectives with a clear, tracked and measurable cybersecurity plan.
• Assume responsibility for UJ's information security and compliance programme, building and leading a high-performing cybersecurity and compliance team and advisory consultancy to business and IT domain leaders.
• Manage the day-to-day activities, including policies, procedures, training and communication regarding the Information Governance Programme.
• Perform regular IT Security Maturity Assessments for the respective UJ IT areas, including people, processes and technologies.
• Lead the security documentation process to ensure progress and auditability.
• Lead the implementation of a secure system development life cycle.
• Develop, implement and maintain IT security policies, procedures, standards and practices to ensure conformance with generally accepted practices and mandatory legislation / regulations.
• Conduct information assets security risk assessment.
• Lead the implementation and monitoring of information and data quality standards, policies and procedures.
• Oversee the selection, deployment and validation of IT Information security controls to ensure that security and compliance requirements are met.
• Ensure that information security threats are identified, detected, responded to, recovered from and followed up on.
• Ensure security programmes compliancy with relevant laws, regulations and policies to minimise or eliminate risk and audit findings.
• Integrate an Information and Cyber Security Risk Management Framework.
• Present regular reports to UJ executives and auditors on the cybersecurity status of the organisation.
• Collaborate with key stakeholders to proactively identify local issues and areas of risk that impact data quality, availability, and confidentiality. Implement preventive measures and remedial action when required.
• Conduct security audits to identify gaps and implement controls to mitigate risks.

Minimum Qualifications:

• Degree or any relevant qualification (NQF 8).
• 5 to 8 years' of management experience in an Information Security Management.
• Information security, project management and IT service management experience.
• Outsourced services and management of commercial partners.
• Managing strategic change in a dynamic operating environment.
• Translating broad business needs and understanding the key drivers of enterprise applications.
• Risk assessment and mitigation risk-related industry-standard qualifications such as CISA, CISM or CISSP.

Competencies and Behavioural Attributes:

Skills:

• Good interpersonal and communication skills (verbal and written).
• Ability to maintain sound human relations and transfer skills and knowledge.
• Strong decision making and budget control skills.
• Strong Risk management and Cyber security awareness.
• IT Policies and Procedures.
• Collaborating with business managers to determine and deliver value adding IT solutions.
• Ability to manage a multi technology technical support team.
• Knowledge of the latest Information security technologies.
• Firewall standards and protocols.
• Project Management.

Enquiries:

Enquiries regarding the job content: Ms Maletsema Phofu on Tel:

Your application, comprising of a detailed Curriculum Vitae as well as the names and full contact details (including telephone numbers and e-mail addresses) of at least three traceable and credible referees must be uploaded before or on the closing date of the advertised post. Please also attach the following: a copy of your highest academic qualification, proof of registration with professional bodies you might belong to and if applying for an academic position, a list of accredited research output and/ or a portfolio of your creative output.

Please note that the University is obligated, in terms of recent amendments to the Criminal Law (Sexual Offences and Related Matters) Amendment Act 2021 (Act 13 of 2021) , to assess all prospective employees (including applicants) against the National Register for Sex Offenders (NRSO) . The outcome of such an assessment may have an impact upon possible employment with the University.

For more information, please review the following link: Justice/Criminal/NRSO .

Candidates may be subjected to appropriate psychometric testing and other selection instruments.

In conjunction to merit on the basis of qualifications, experience and proven achievements the University of Johannesburg is committed to providing equal employment opportunities for persons with disabilities and those individuals from the historically disadvantaged groups. As necessitated by operational requirements the University reserves the right not to make an appointment to positions advertised. If you have not received a response from the University within 8 weeks of the closing date, you should assume that your application has been unsuccessful.

#J-18808-Ljbffr

Director: Information Security (P5) (Information & Communication Systems: Management Information Systems) Advert reference: uj_ Advert status: Online Apply by: 21 February 2025 Position Summary Job category: Education and Training Campus: Auckland Park Kingsway Campus Contract: Permanent Remuneration: Market Related EE position: EE Introduction The University of Johannesburg (UJ) is a vibrant and cosmopolitan university, anchored in Africa and driven by a powerful strategy focused on attaining global excellence and stature (GES). With an emphasis on independent thinking, sustainable development, and strategic partnerships, UJ is an international university of choice. The University is guided by the Vice-Chancellor’s vision of “Positioning UJ in the Fourth Industrial Revolution (4 IR) for societal impact in the context of the changing social, political, and economic fortunes of Africa”. Reporting to the Chief Information Officer within the Information and Communications Systems (ICS) Department, the Director of Information Security Management will be responsible for developing and implementing security strategies, policies and procedures to protect the organisation's data, systems and technology infrastructure from cyber threats and vulnerabilities. Upon joining the Department, you will: Be situated at the Auckland Park Kingsway Campus, but not excluded from supporting all campuses. Fulfil management, leadership, technical and administrative roles in the Department. Responsibilities: If you join the Department, you will: Establish an Information Security Management and Protection Framework for developing and implementing an effective enterprise-wide Information Security Governance and Strategy Programme. Define a Cybersecurity strategy and operating model aligned with UJ business objectives with a clear, tracked and measurable cybersecurity plan. Assume responsibility for UJ's information security and compliance programme, building and leading a high-performing cybersecurity and compliance team and advisory consultancy to business and IT domain leaders. Manage the day-to-day activities, including policies, procedures, training and communication regarding the Information Governance Programme. Perform regular IT Security Maturity Assessments for the respective UJ IT areas, including people, processes and technologies. Lead the security documentation process to ensure progress and auditability. Lead the implementation of a secure system development life cycle. Develop, implement and maintain IT security policies, procedures, standards and practices to ensure conformance with generally accepted practices and mandatory legislation / regulations. Conduct information assets security risk assessment. Lead the implementation and monitoring of information and data quality standards, policies and procedures. Oversee the selection, deployment and validation of IT Information security controls to ensure that security and compliance requirements are met. Ensure that information security threats are identified, detected, responded to, recovered from and followed up on. Ensure security programmes compliancy with relevant laws, regulations and policies to minimise or eliminate risk and audit findings. Integrate an Information and Cyber Security Risk Management Framework. Present regular reports to UJ executives and auditors on the cybersecurity status of the organisation. Collaborate with key stakeholders to proactively identify local issues and areas of risk that impact data quality, availability, and confidentiality. Implement preventive measures and remedial action when required. Conduct security audits to identify gaps and implement controls to mitigate risks. Minimum Qualifications: Degree or any relevant qualification (NQF 8). 5 to 8 years' of management experience in an Information Security Management. Information security, project management and IT service management experience. Outsourced services and management of commercial partners. Managing strategic change in a dynamic operating environment. Translating broad business needs and understanding the key drivers of enterprise applications. Risk assessment and mitigation risk-related industry-standard qualifications such as CISA, CISM or CISSP. Competencies and Behavioural Attributes: Skills: Good interpersonal and communication skills (verbal and written). Ability to maintain sound human relations and transfer skills and knowledge. Strong decision making and budget control skills. Strong Risk management and Cyber security awareness. IT Policies and Procedures. Collaborating with business managers to determine and deliver value adding IT solutions. Ability to manage a multi technology technical support team. Knowledge of the latest Information security technologies. Firewall standards and protocols. Project Management. Enquiries: Enquiries regarding the job content: Ms Maletsema Phofu on Tel: Your application, comprising of a detailed Curriculum Vitae as well as the names and full contact details (including telephone numbers and e-mail addresses) of at least three traceable and credible referees must be uploaded before or on the closing date of the advertised post. Please also attach the following: a copy of your highest academic qualification, proof of registration with professional bodies you might belong to and if applying for an academic position, a list of accredited research output and/ or a portfolio of your creative output. Please note that the University is obligated, in terms of recent amendments to the Criminal Law (Sexual Offences and Related Matters) Amendment Act 2021 (Act 13 of 2021) , to assess all prospective employees (including applicants) against the National Register for Sex Offenders (NRSO) . The outcome of such an assessment may have an impact upon possible employment with the University. For more information, please review the following link: Justice/Criminal/NRSO . Candidates may be subjected to appropriate psychometric testing and other selection instruments. In conjunction to merit on the basis of qualifications, experience and proven achievements the University of Johannesburg is committed to providing equal employment opportunities for persons with disabilities and those individuals from the historically disadvantaged groups. As necessitated by operational requirements the University reserves the right not to make an appointment to positions advertised. If you have not received a response from the University within 8 weeks of the closing date, you should assume that your application has been unsuccessful. #J-18808-Ljbffr

Director: Information Security (P5) (Information & Communication Systems: Management Information Systems) Advert reference: uj_ Advert status: Online Apply by: 21 February 2025 Position Summary Job category: Education and Training Campus: Auckland Park Kingsway Campus Contract: Permanent Remuneration: Market Related EE position: EE Introduction The University of Johannesburg (UJ) is a vibrant and cosmopolitan university, anchored in Africa and driven by a powerful strategy focused on attaining global excellence and stature (GES). With an emphasis on independent thinking, sustainable development, and strategic partnerships, UJ is an international university of choice. The University is guided by the Vice-Chancellor’s vision of “Positioning UJ in the Fourth Industrial Revolution (4 IR) for societal impact in the context of the changing social, political, and economic fortunes of Africa”. Reporting to the Chief Information Officer within the Information and Communications Systems (ICS) Department, the Director of Information Security Management will be responsible for developing and implementing security strategies, policies and procedures to protect the organisation's data, systems and technology infrastructure from cyber threats and vulnerabilities. Upon joining the Department, you will: Be situated at the Auckland Park Kingsway Campus, but not excluded from supporting all campuses. Fulfil management, leadership, technical and administrative roles in the Department. Responsibilities: If you join the Department, you will: Establish an Information Security Management and Protection Framework for developing and implementing an effective enterprise-wide Information Security Governance and Strategy Programme. Define a Cybersecurity strategy and operating model aligned with UJ business objectives with a clear, tracked and measurable cybersecurity plan. Assume responsibility for UJ's information security and compliance programme, building and leading a high-performing cybersecurity and compliance team and advisory consultancy to business and IT domain leaders. Manage the day-to-day activities, including policies, procedures, training and communication regarding the Information Governance Programme. Perform regular IT Security Maturity Assessments for the respective UJ IT areas, including people, processes and technologies. Lead the security documentation process to ensure progress and auditability. Lead the implementation of a secure system development life cycle. Develop, implement and maintain IT security policies, procedures, standards and practices to ensure conformance with generally accepted practices and mandatory legislation / regulations. Conduct information assets security risk assessment. Lead the implementation and monitoring of information and data quality standards, policies and procedures. Oversee the selection, deployment and validation of IT Information security controls to ensure that security and compliance requirements are met. Ensure that information security threats are identified, detected, responded to, recovered from and followed up on. Ensure security programmes compliancy with relevant laws, regulations and policies to minimise or eliminate risk and audit findings. Integrate an Information and Cyber Security Risk Management Framework. Present regular reports to UJ executives and auditors on the cybersecurity status of the organisation. Collaborate with key stakeholders to proactively identify local issues and areas of risk that impact data quality, availability, and confidentiality. Implement preventive measures and remedial action when required. Conduct security audits to identify gaps and implement controls to mitigate risks. Minimum Qualifications: Degree or any relevant qualification (NQF 8). 5 to 8 years' of management experience in an Information Security Management. Information security, project management and IT service management experience. Outsourced services and management of commercial partners. Managing strategic change in a dynamic operating environment. Translating broad business needs and understanding the key drivers of enterprise applications. Risk assessment and mitigation risk-related industry-standard qualifications such as CISA, CISM or CISSP. Competencies and Behavioural Attributes: Skills: Good interpersonal and communication skills (verbal and written). Ability to maintain sound human relations and transfer skills and knowledge. Strong decision making and budget control skills. Strong Risk management and Cyber security awareness. IT Policies and Procedures. Collaborating with business managers to determine and deliver value adding IT solutions. Ability to manage a multi technology technical support team. Knowledge of the latest Information security technologies. Firewall standards and protocols. Project Management. Enquiries: Enquiries regarding the job content: Ms Maletsema Phofu on Tel: Your application, comprising of a detailed Curriculum Vitae as well as the names and full contact details (including telephone numbers and e-mail addresses) of at least three traceable and credible referees must be uploaded before or on the closing date of the advertised post. Please also attach the following: a copy of your highest academic qualification, proof of registration with professional bodies you might belong to and if applying for an academic position, a list of accredited research output and/ or a portfolio of your creative output. Please note that the University is obligated, in terms of recent amendments to the Criminal Law (Sexual Offences and Related Matters) Amendment Act 2021 (Act 13 of 2021) , to assess all prospective employees (including applicants) against the National Register for Sex Offenders (NRSO) . The outcome of such an assessment may have an impact upon possible employment with the University. For more information, please review the following link: Justice/Criminal/NRSO . Candidates may be subjected to appropriate psychometric testing and other selection instruments. In conjunction to merit on the basis of qualifications, experience and proven achievements the University of Johannesburg is committed to providing equal employment opportunities for persons with disabilities and those individuals from the historically disadvantaged groups. As necessitated by operational requirements the University reserves the right not to make an appointment to positions advertised. If you have not received a response from the University within 8 weeks of the closing date, you should assume that your application has been unsuccessful. #J-18808-Ljbffr

Description

The main purpose of this position is to provide leadership and strategic direction as well as manage the provision of security integrity management services within the SARB Group. This includes the provision and oversight of security investigations, security personnel vetting, project security, due diligence and integrity management.

• Oversee the functions of the division (i.e. security investigations, security personnel vetting, project security, due diligence and integrity management) to ensure effective delivery.
• Provide input into the departmental strategy and policy in line with the South African Reserve Banks (SARB) strategy, and communicate and clarify the vision and strategic goals of the department to own team.
• Develop and implement policies for the division in line with the departmental strategy.
• Develop and implement the divisional operational plan to ensure strategic and operational objectives are achieved.
• Ensure compliance with policy, procedures and audit findings to mitigate risk in the division.
• Oversee the management of all personnel and resources allocated to the division.
• Create a performance culture in the division, define performance expectations and conduct effective performance management of direct reports.
• Oversee the prioritisation of work and resource utilisation.
• Oversee the divisional costs, ensuring alignment with related functions and the organisational value chain.
• Oversee and authorise the provision of management information for the decision-making purposes.
• Collaborate with senior leadership to develop and enforce security policies and procedures that align with organisational goals and industry best practices.
• Provide expert guidance on security matters to project teams and stakeholders, ensuring that security considerations are integrated into project planning and execution.
• Develop and provide reports on due diligence and personnel risk to senior management and relevant committees.

Requirements

an Honours degree/Postgraduate Diploma (NQF8) in Internal Audit, Risk Management, Social Science (Psychology/Sociology/Criminology) or an equivalent qualification;

a minimum of 10 years experience in security and/or security risk management with at least five years in a senior management position; and sound knowledge and experience in areas such as security investigations, personnel security vetting, project security, due diligence and integrity management, and stakeholder engagement.

The following would be an added advantage:

• Successfully completed a Senior Management Development Programme
• leading change
• strategic thinking
• Building and maintaining trust
• Developing and empowering others
• Fostering diversity and inclusion
• Leading teams through effective communication and collaboration
• Managing complexity and ambiguity
• Building and maintaining relationships
• Drive for results; and sound judgement and decision-making skills.

Join Interfile—South Africa’s leading Electronic Bill Presentment & Payment (EBPP) fintech—where we design, build, and run large-scale digital services used by millions, partnering with top banks, major corporates, and government. You’ll work on modern architectures across both new builds and enhancements in a culture that prizes innovation, seamless integration, and exceptional delivery. We’re customer-obsessed and known for helping organizations modernise. Our Fourways office—right across from Montecasino—offers a modern workspace with a Vitality-certified gym, canteen, and great chill areas.

Purpose of the role:

Lead and continuously improve our information security posture across on-prem and cloud—covering platforms, hardware, networks, and data centres. You’ll drive vulnerability remediation through both automation and hands-on work, ensure compliance with POPIA, and design, implement, and uplift security standards and frameworks (e.g., ISO 27001/27002, NIST CSF 2.0). You’ll also own risk management and incident response while championing a security-first culture across the business.

Responsibilities:

• Security Assessment & Management
  • Conduct regular security assessments across infrastructure, applications, and data environments.
  • Implement and manage SAST and DAST tools and processes.
  • Track, report, and drive remediation of vulnerabilities and security issues.
• Security Posture & Reporting
  • Develop and maintain dashboards and reports that clearly communicate the organization’s security posture.
  • Define and track KPIs for security posture, remediation velocity, and compliance.
  • Collaborate with internal teams to ensure visibility and accountability for remediation efforts.
• Automation & Remediation
  • Design and implement automated security controls and remediation workflows.
  • Work with DevOps and IT teams to integrate security into CI/CD pipelines.
• Compliance & Regulatory Alignment
  • Ensure alignment with POPIA and other applicable data protection regulations.
  • Support audits and compliance reporting requirements.
  • Work with legal and compliance teams to ensure data handling aligns with privacy laws.
• Standards & Frameworks
  • Contribute to the design and rollout of security standards such as ISO 20027.
  • Align security practices with NIST CSF 2.0 and other relevant frameworks.
• Risk Management
  • Conduct risk assessments and maintain a security risk register.
  • Collaborate with business units to understand and mitigate security risks tied to operations and products.
• Incident Response & Forensics
  • Develop and maintain incident response plans.
  • Lead investigations into security breaches and coordinate post-incident reviews.
• Security Awareness & Training
  • Design and deliver security awareness programs for staff.
  • Promote a security-first culture across technical and non-technical teams.
• Third-Party & Vendor Security
  • Assess and manage security risks related to vendors, partners, and third-party services.
  • Ensure contracts and SLAs include appropriate security clauses.
• Secure Architecture & Design
  • Participate in solution architecture reviews to ensure security is embedded from the start.
• Advise on secure design patterns and threat modeling.

Requirements (Essential):

• Bachelor’s degree in Information Security, Computer Science, or related field.
• At least one security certification: CISSP, CISM, CEH, CompTIA Security+, ISO 27001 Lead Implementer (or similar).
• 5+ years in an information security role (or similar).
• Proven security experience across infrastructure, applications, and data environments.
• Hands-on with SAST/DAST tools (e.g., SonarQube, OWASP ZAP, Burp Suite).
• Strong vulnerability management and remediation workflow expertise.
• Familiarity with automation/scripting (e.g., Python, PowerShell) and CI/CD tooling.
• Working knowledge of POPIA and other data-protection regulations.
• Experience with security frameworks (e.g., NIST CSF, ISO 27001/27002).
• Ability to communicate technical risks and remediation plans to non-technical stakeholders.

Nice to Have (Desirable)

• Proactive, detail-oriented, strong sense of ownership.
• Comfortable collaborating across multiple teams and disciplines.
• Passion for security, compliance, and continuous improvement.
• Multiple or advanced security certifications.

#J-18808-Ljbffr