44 Threat Intelligence jobs in South Africa

M-KOPA's Threat Intelligence team sits within the Security department and identifies and assesses threats against our products, business and personnel. The team has taken a unique approach to Threat Intelligence by developing a custom analysis platform instead of depending on standard tools — Recorded Futures. By consuming several intelligence sources, we aim to provide minute-by-minute information to our Fraud, Application Security and Managerial teams using Azure Microservices. Your role is acting as a developer, primarily Python, for the Threat Intelligence team with elements of Threat Hunting in the mix. It's not only about building automated tools to scour the Internet but also about identifying new threats to monitor. It is a fully Remote role within the following time zone (UTC -1 / UTC+3), and you will report to the Senior Threat Intelligence Researcher. Additionally, you will work closely with the Application Security and Global Fraud teams to develop intelligence-gathering systems to distribute significant findings appropriately.

You're excited about this opportunity because;

• You will create, build and enhance a bespoke Threat Intelligence platform, exceeding the capabilities of 99% of Threat Intelligence teams.
• You will identify new threats against M-KOPA, our products and our employees.
• You will get to learn about development best practices, Continuous Integration and Continuous Development processes.
• You will become familiar with the latest hardware hacking, web applications hacking and malware attacks.
• You will receive and analyze cyber threat alerts from various sources and communicate them to the appropriate team members.
• You will perform cyber defense trend analysis, assist team members with determining their cybersecurity requirements, and establish reporting mechanisms.
• You will develop and deliver written and oral mobile threat alerts, scheduled internal notifications, case studies, and after-action reports to several stakeholders.
• You will coordinate and communicate across multiple stakeholder groups.
• You will monitor external data sources to maintain an up-to-date understanding of cyber actors and threats and provide recommendations on prioritizing cyber threats and prevention / mitigation measures.
• You will review and evaluate incoming intelligence reports, information, collection plans, and programs.

We're excited about you because you have experience with;

• Moderate experience writing Python programs or knowledge of Python development.
• Any experience with Microsoft Azure or cloud microservice architectures.
• Some familiarity with modern development practices, Continuous Integration and Continuous Development.
• Ability to read Zulu to a proficient level.
• Any knowledge of Threat Intelligence principles.
• Windows and Linux command line knowledge.

Benefits - What's in it for you!

• You will be involved, and participate in, our Application and Information Security Red Teaming operations.
• Have the opportunity to travel internationally to attend conferences and training courses.
• Annual Learning and Development Fund - You have an annual $1,200 allowance to spend on learning and development (that is, between 1 January and 31 December). For your first year at M-KOPA, this allowance is pro-rated depending on the month that you start.
• Home Office Set Up - Having the best IT equipment tools in the world doesn't make sense if you do not have a proper setup to work with. For this reason, M-KOPA will pre-approve the following items for a total budget of $1,000 that you can use at any time after signing the offer letter with M-KOPA.
• On site retreats with wider tech team, plus trips to operational markets.

M-KOPA is an equal opportunity and affirmative action employer committed to assembling a diverse, broadly trained staff. Women, minorities, and people with disabilities are strongly encouraged to apply. M-KOPA explicitly prohibits the use of Forced or Child Labour and respects the rights of its employees to agree to terms and conditions of employment voluntarily, without coercion, and freely terminate their employment on appropriate notice. M-KOPA shall ensure that its Employees are of legal working age and shall comply with local laws for youth employment or student work, such as internships or apprenticeships. M-KOPA does not collect / charge any money as a pre-employment or post-employment requirement. This means that we never ask for ‘recruitment fees’, ‘processing fees’, ‘interview fees’, or any other kind of money in exchange for offer letters or interviews at any time during the hiring process.

Company Description

Standard Bank Group is a leading Africa-focused financial services group and an innovative player on the global stage. We offer a variety of career-enhancing opportunities and the chance to work alongside talented, motivated professionals. Our clients range from individuals to businesses of all sizes, high net worth families, and large multinational corporates and institutions. We are passionate about creating growth in Africa, bringing meaningful value to our clients and communities, and creating a sense of purpose for our employees.

Job Description

To implement the Group Cyber Resilience strategy by securing platforms, ecosystems, and third-party integrations; protecting sensitive data, applications, and infrastructure from infiltration or misuse; guiding security capabilities in client segments and solutions. Facilitate security services ensuring policies, standards, and controls are embedded to prevent losses and ensure regulatory compliance. Educate employees about their InfoSec responsibilities.

• Alert responsible stakeholders of non-compliance with Cyber Resilience Policies and Standards, and collaborate on remediation plans and solutions.
• Assess information security maturity scores, guide implementation for awareness and prioritization, and monitor compliance with standards.
• Collaborate with feature teams, product owners, architecture, IT, vendors, and other stakeholders to investigate risk controls.
• Work with threat intelligence, cybersecurity, security engineering, and other risk functions to develop and maintain a holistic security strategy and remediation plans.
• Communicate and raise awareness of policies within business, technology, and risk communities.

Qualifications

• Degree in Business, Commerce, Information Technology, or Risk Management (minimum)
• Post Graduate Degree in Business, Commerce, or Information Technology (preferred)

Experience Required: Cyber Security

• 5-7 years in an information security or audit role within banking or financial services. Experience with multi-vendor, outsourced, and multi-system IT environments.
• 5-7 years of knowledge and experience with implementing and managing information security policies and frameworks in a corporate environment. Management experience with diverse teams.
• 5-7 years of strong IT understanding, insights into digital and platform operating models, and current cybersecurity trends and solutions.

Behavioural Competencies:

• Adopting Practical Approaches
• Articulating Information
• Checking Things
• Directing People
• Examining Information

Technical Competencies:

• Benefits Management
• Information Security
• Internal & External IT Environment
• IT Risk Management
• Knowledge of Banking & Financial Services

South Africa

Apply Now and Redefine Digital Payments with Us!

Why EFT Corporation

At EFT Corporation, we don’t just enable payments, we empower possibilities. With over 26 years of experience, we’re Africa’s leading payment solutions provider, working with over 100 financial institutions to deliver cutting-edge technology that drives financial inclusion and transforms lives. Operating in dynamic markets across Africa and beyond, our team of 300+ experts spans Mauritius, Ghana, Kenya, South Africa, Zambia, Zimbabwe, and India. We’re on a mission to shape the future of payments across the continent through innovation, collaboration, and a shared vision of progress.

Why You'll Love Working Here:

• Purpose-Driven Culture : Make an impact in transforming lives through secure and innovative payment solutions.
• Global Collaboration : Work alongside diverse, talented teams from across the globe.
• Continuous Growth : Expand your skills with mentorship, knowledge sharing, and cutting-edge technologies.
• Inclusive Environment : We value and celebrate diversity, fostering a workplace where everyone thrives.

Your Role

• As an Information Security Officer , your job purpose is to be held accountable in respect to assisting the Senior Security and Infrastructure Engineer and the Senior DevOps Engineers in the following:
  • Assisting in maintaining the safety and security of the organisation’s systems and network database to prevent unauthorized access and avoid data breaches.
  • Maintaining the organisation’s systems and networks.
  • Assisting in overseeing the entire software development process, from planning and development to deployment and maintenance.
  • This role requires expertise in both software development and operations, as well as an understanding of the DevOps methodology.
  • This includes CI/CD, Infrastructure management (AWS), Automation, Monitoring, logging and metrics, Collaboration and Security.
  • The role also requires a significant focus on PCI compliance and support and collaboration with the Security and Infrastructure team is required.
• You will be responsible for owning the Futurex HSM and Thales HSM device management which includes:
  • Yearly Key management/replacement ceremonies.
  • PCI compliance as it relates to the HSM.
• Assisting with new security compliance:
  • ISO27001.
  • PCI+PIN.

What You’ll Do Maintain Operational Systems, Networks and Security:

• Facilitate annual PCI audits.
• Linux Operating systems are security patched in a timely manner. If patching will affect customers, arrange with operations support, and follow the correct change control process.
• Maintain Elastic SIEM.
• Respond to and investigate SIEM alerts.
• Respond to operational system alerts and/or operational queries across the entire technology stack (Production and QA system issues, infrastructure issues, Databaseissues, Network issues, Security and Firewall issues and any 3rd party or customer integration issues) as they occur.
• Manage / Deploy system tooling that may be beneficial to the business.
• Research, POC and deploy new open source or when applicable closed source tooling that is beneficial to the business systems or processes. This can be in supporting Applications, Monitoring, Logging, SIEM, AI/machine Learning, Fraud Detection, Operational Support applications, Authentication systems, BI / Data Analytics, networks, Security or compliance.
• Create ad hoc Python scripts / Applications to perform various repetitive tasks.
• Ensure that AWS environments and services are architectured and configured in a secure and redundant manner including all security services from AWS.
• Maintain AWS services including but not limited to: VPC, EC2, ECS, ECS Fargate, ECR, Guard Duty, Cloudwatch, Cloudtrail, Security groups, VPC Routing, Site to Site VPNs, Application Load balancers / network load balancers, Web application firewalls,etc.
• Architect, support and maintain connectivity between 3rd parties, Banking partners, integrators and on prem datacentres.
• Ensure best practice security measures are implemented.
• Ensure best practices regarding system isolation and scope reduction.
• Provide support to field engineers on HSMs and key management.
• Maintain internal HSMs and key management procedures.
• Provide support to the product and SLDC teams – this includes consulting on design, finding compliant solutions for customer issues, and filling out cyber risk assessments for customers or tenders.

• Maintain/Improve (PC14) PCI.
• Stretch: ISO 27001.
• GDPR.

• Ensure Security, Infrastructure & Procedures (with supporting team) are comprehensive and kept up to date.Security Tooling:
• Ensure SSO, Intrusion detection, SIEM, Antivirus, Patch Management and PGP are implanted as per the polices.
• Stimulation / adoption of user-driven security culture (give security a brand within the org and educate).

• To increase efficiency and reduce errors for both security and infrastructure management.

• To reduce costs (optimize) without sacrificing performance and security.

• Ensure that weekly vulnerability scans results are tracked, and vulnerabilities are remediated within set severity timeframes weekly.
• Review all daily and weekly BAU PCI Items for signoff monthly.
• Ensure weekly Internal and External Scans were completed.
• Perform data analysis reporting monthly.
• Maintain a strong security posture within the card holder environment.
• Work with 3rd party to ensure PCI Certification Audit is completed and passed on time.
• Review Security Commitment to third parties.

• Bachelor’s degree in Computer Science or related field.
• 3 years’ relevant experience.
• Experience within the payment / banking sector.
• Experience working with PCI Audits / Security in DevOps, Linux, Mysql, Cloud (AWS).
• Network experience (particularly cloud based / virtual).

• PCI Audits / Security / Processes.
• Linux, Mysql, and Cloud (AWS).
• Experience with automation tools like CloudFormation, Ansible, Puppet, Chef, etc.
• CI/CD tooling eg. Bitbucket pipelines, Jenkins, etc.
• Scripting languages: Bash, Python, etc.
• Cloud knowledge, specifically AWS.
• Containerisation: Docker, Kubernetes, AWS ECS, etc.
• Logging Frameworks: ELK stack, cloudwatch, etc.
• Cloud-based virtual networking eg VPC, subnets, ALB, NLB, WAF, Peering, Transit Gateways, VPN gateways, etc.
• SIEM experience – Elastic, Splunk, etc.
• Monitoring and Alerting Framework: Zabbix, Nagios, etc.

• Ability to learn new technologies at pace.
• Problem solving.
• Ability to work within a high stress & flux environment.
• Ability to foster & cultivate relationships with internal & external stakeholders.
• Ability to work autonomously as well as part of a team.
• Assertiveness – communicating feelings and beliefs; being non-offensive.
• Detail & deadline oriented.
• Analytical & critical thinking.

Our Values

• Purposeful Impact : Every action drives meaningful change.
• Client-Centric Excellence : We succeed when our clients do.
• Integrity : Doing the right thing, always.
• Teamwork : Together, we achieve the extraordinary.

Why Now?

Be part of a pioneering force in digital payments, leading transformative projects across continents. At EFT Corporation, you’re not just joining a company—you’re joining a movement.

Ready to redefine the future of payments with us?

Apply now and let’s create the extraordinary together!

EFT Corporation is an Equal Opportunity Employer. Diversity drives our success, and we welcome passionate individuals from all walks of life to join our team.

EFT Corporation does not accept unsolicited resumes from search firms/recruiters. EFT Corporation will not pay any fees to search firms/recruiters if a search firm/recruiter submits a candidate unless an agreement has been entered into concerning the specific open position(s). Search firms/recruiters offering resumes to EFT Corporation on an unsolicited basis shall be deemed to accept this condition, regardless of any other provision to the contrary.

Job title: Information Security Architect

Contract duration: Start with 6 months

First preference: EEE candidates

Location: JHB

The Head of Security Architecture for the organization is responsible for designing, implementing, and maintaining robust security architectures that protect sensitive data in compliance with regulations such as POPIA, GDPR. This role is critical in safeguarding the confidentiality, integrity, and availability of electronic health records (EHR), patient and employee information, medical devices, and cloud-based healthcare services. The role will focus on designing and developing security architecture that aligns business and corporate security strategy. The role will collaboratively direct Security Architects, IT, and Engineers to design and build security controls and solutions compliant with approved enterprise architecture frameworks and standards across business and digital.

Key Responsibilities:

• Design and develop complex and comprehensive security architectures for our systems, applications, and infrastructure, considering both current and future needs.
• Collaborates with stakeholders, including developers, engineers, and project managers, to integrate security requirements into the system design and development lifecycle.
• Provides guidance and expertise in secure coding practices, network security, identity and access management, data protection, and other security domains.
• Model threats and risks, designing the controls necessary to mitigate them, on both an organizational and technical level – thinking like an attacker, understanding and anticipating the moves and tactics that a hacker might use to attack systems.
• Follow the architecture analysis process, which consists of research, validation, and evaluation of all new initiatives, with phase gate reviews presented to all stakeholders during key forums, including current trends such as AI and LLMS.
• Evaluates and selects security technologies, tools, and frameworks to support the organization’s security.
• Define portfolio vision and reusable security patterns aligned with the EA strategy.
• Lead architecture reviews for high-risk projects, driving recommendations to resolution.
• Advise on security controls for hybrid and cloud platforms, balancing usability, cost, and compliance.
• Defines and applies security policies, standards, and procedures to ensure compliance with industry regulations and best practices.
• Leads incident response activities, including identification, containment, eradication, and recovery, in coordination with the incident response team.
• Experience with Cloud Security platform vendors and technologies such as Azure and AWS.
• Manage security architects and mentor engineers, developers, and vendors.

What will you bring?

• Risk-based decision-making - expert in ISO 27001 / NIST / CIS controls, able to quantify and articulate risk, then select proportionate, cost-effective controls.
• Pen-testing & threat-modelling - scoping, overseeing, and translating results into enforceable patterns and backlog items.
• Influential communication - proven ability to engage C-suite and delivery stakeholders alike, adapting style to gain agreement and drive secure-by-design culture.
• Teamwork and Energy – work across different functional and business teams with effective collaboration.
• Technical depth - hands-on knowledge of cloud security, IAM, container & API security, network segmentation, encryption, and DevSecOps toolchains; capable of explaining the exploitability of complex vulnerabilities. Zero trust design thinking.
• Mentoring & governance - experience in line-managing or coaching security architects/engineers and running architecture assurance or design-review boards.
• Secure-system design leadership - demonstrable track record creating or validating architectures for large-scale, high-risk services using recognised frameworks (SABSA, TOGAF).

Requirements / Skills and Competence

• Tertiary qualification in Computer Science, Engineering, or related field (preferred)
• Minimum of 5-10 years of experience in Security Architecture.
• CISSP, CISA, CISM, or other relevant security-related designation(s) preferred.
• Certifications in CISSP-ISSAP, TOGAF, or SABSA, cloud architecture (Microsoft, AWS, GCP)
• Experience in identifying gaps in existing architectures.
• Understanding of security infrastructure in Public and Private Cloud, e.g., virtual network infrastructure, hybrid IaaS/PaaS/SaaS solutions.
• Experience in designing security architectures to mitigate threats and sound knowledge of security strategies and technologies.
• Direct the Project and Security teams with the guidance to build policies, standards, risks, and controls frameworks supporting operational requirements for the business.
• Good experience in security architecture design in Cloud and on-prem.
• Design and implementation of IOT, endpoint protection, and secure IAM.
• Understanding of authentication and authorisation technologies (SAML, LDAP, PKI, etc.) and other IAM technologies
• Understanding of the implementation, operation, and maintenance of SIEM, boundary protection technologies (firewalls, mail gateways), Antivirus, and AD security products
• Knowledge of web application architectures and threat modelling.

The KPMG Africa Information Security Specialist is responsible for ensuring the confidentiality, integrity, and availability of all systems across KPMG Africa offices (South Africa, Botswana, Mauritius, Mozambique, Namibia, Zambia, Zimbabwe, Nigeria, Ghana, Kenya, Uganda, Tanzania, and Rwanda). The role involves actively managing and monitoring information security systems to detect, respond to, and remediate security risks and threats across the infrastructure.

4. Position Specifications

Educational Requirements (minimum necessary to perform the job):

• Professional / Tertiary qualification

Other Requirements:

Experience (minimum necessary):

Desired Qualifications and Experience:

• 3-5 years' experience in Information Technology Support or Information Security, including Microsoft Azure
• Industry-recognized certifications such as A+, N+, Security+, CySA+, and Cloud Security certifications like:

o Microsoft Certified: Security Operations Analyst Associate

o Microsoft Certified: Information Protection and Compliance Administrator Associate

o Microsoft Certified: Security, Compliance, and Identity Fundamentals

o Microsoft Certified: Identity & Access Management

o Microsoft Certified: Azure Security Engineer

• Professional certifications such as CISM, CISSP, ECIH are preferred but not required
• Strong knowledge of information security and cloud security concepts
• Experience in identifying, analyzing, and reporting on security risks and incidents
• Experience with security tools such as Qualys, Microsoft Defender Endpoint, Microsoft Sentinel, etc.
• Ability to evaluate vulnerabilities, develop mitigation strategies, and implement remediation
• Strong knowledge of operating systems, Microsoft Servers, Active Directory, and network protocols and technologies

5. Core Competencies:

• Attention to detail and accurate documentation
• Analytical skills to interpret information
• Ability to work independently and in a team
• Organizational and prioritization skills under pressure

6. Key Responsibilities & KPIs

Main Responsibilities:

• Monitoring incident response channels
• Executing the Information Security Incident Management Process and escalating high-priority issues
• Tracking and escalating open incidents
• Producing weekly and quarterly reports for the CISO on incident status and trends

Security Systems Configuration and Management:

• Daily monitoring of security systems to ensure proper functioning
• Configuration and management of security tools such as vulnerability, privileged access, and log management systems
• Reconciliation of assets to ensure coverage of security systems
• Reporting and issue resolution support for operational teams

Patch Management Monitoring:

• Monitoring patch management performance and identifying risks
• Addressing challenges to compliance

Threat and Event Monitoring:

• Detecting and escalating security threats and events

Vulnerability Management:

• Monitoring vulnerabilities daily
• Monthly asset reconciliation
• Managing vulnerability remediation with owners
• Supporting penetration testing activities

Supporting NITSO projects and other initiatives as required.

Job Purpose

Responsible for the installation, configuration, monitoring, and administration of information security systems for the Municipality.

Key Responsibility Areas

• Maintain, control, and operate the server and application security systems and infrastructure.
• Implement IT security systems and fault management support procedures for assigned systems.
• Monitor IT systems.
• Analyze logs to proactively enhance the Municipality's security posture.
• Monitor the security posture of IT systems, advise on weaknesses, and recommend improvements.

Competencies

• Advice and Guidance
• Operations
• User Support
• Business and IS&T Planning
• Interpersonal Relationships
• Communication
• Action and Outcome Orientation
• Resilience
• Cognitive Ability
• Learning Orientation

Essential Requirements

• Diploma (NQF Level 6) in an ICT-related field and an Information Security certificate.
• Valid motor vehicle driving license.
• 3 years relevant experience.

Preferred Requirements

• Degree (NQF Level 7) in an ICT-related field and an Information Security certificate.
• 4 years relevant experience.

Our client, a leading financial services firm, is seeking an Information Security Consultant to join their team on a permanent basis.

• Security Auditing
• Responsible for Security tools monitoring
• Network experience (TCP/IP, Firewalls, IPS, NAC)
• Operating System management and Hardening
• Anti-Virus System management and Configuration
• Logical Access Management
• Vulnerability Management

• Matric and an Information Technology diploma or degree qualification
• 4+ years experience in the field

Salary: Market Related

Job title: Information Security Architect

Contract duration: Start with 6 months

First preference: EEE candidates

Location: JHB

The Head of Security Architecture for the organization is responsible for designing, implementing, and maintaining robust security architectures that protect sensitive data in compliance with regulations such as POPIA, GDPR. This role is critical in safeguarding the confidentiality, integrity, and availability of electronic health records (EHR), patient and employee information, medical devices, and cloud-based healthcare services. The role will focus on designing and developing security architecture that aligns business and corporate security strategy. The role will collaboratively direct Security Architects, IT, and Engineers to design and build security controls and solutions compliant with approved enterprise architecture frameworks and standards across business and digital.

Key Responsibilities:

• Design and develop complex and comprehensive security architectures for our systems, applications, and infrastructure, considering both current and future needs.
• Collaborates with stakeholders, including developers, engineers, and project managers, to integrate security requirements into the system design and development lifecycle.
• Provides guidance and expertise in secure coding practices, network security, identity and access management, data protection, and other security domains.
• Model threats and risks, designing the controls necessary to mitigate them, on both an organizational and technical level – thinking like an attacker, understanding and anticipating the moves and tactics that a hacker might use to attack systems.
• Follow the architecture analysis process, which consists of research, validation, and evaluation of all new initiatives, with phase gate reviews presented to all stakeholders during key forums, including current trends such as AI and LLMS.
• Evaluates and selects security technologies, tools, and frameworks to support the organization’s security.
• Define portfolio vision and reusable security patterns aligned with the EA strategy.
• Lead architecture reviews for high-risk projects, driving recommendations to resolution.
• Advise on security controls for hybrid and cloud platforms, balancing usability, cost, and compliance.
• Defines and applies security policies, standards, and procedures to ensure compliance with industry regulations and best practices.
• Leads incident response activities, including identification, containment, eradication, and recovery, in coordination with the incident response team.
• Experience with Cloud Security platform vendors and technologies such as Azure and AWS.
• Manage security architects and mentor engineers, developers, and vendors.

What will you bring?

• Risk-based decision-making - expert in ISO 27001 / NIST / CIS controls, able to quantify and articulate risk, then select proportionate, cost-effective controls.
• Pen-testing & threat-modelling - scoping, overseeing, and translating results into enforceable patterns and backlog items.
• Influential communication - proven ability to engage C-suite and delivery stakeholders alike, adapting style to gain agreement and drive secure-by-design culture.
• Teamwork and Energy – work across different functional and business teams with effective collaboration.
• Technical depth - hands-on knowledge of cloud security, IAM, container & API security, network segmentation, encryption, and DevSecOps toolchains; capable of explaining the exploitability of complex vulnerabilities. Zero trust design thinking.
• Mentoring & governance - experience in line-managing or coaching security architects/engineers and running architecture assurance or design-review boards.
• Secure-system design leadership - demonstrable track record creating or validating architectures for large-scale, high-risk services using recognised frameworks (SABSA, TOGAF).

Requirements / Skills and Competence

• Tertiary qualification in Computer Science, Engineering, or related field (preferred)
• Minimum of 5-10 years of experience in Security Architecture.
• CISSP, CISA, CISM, or other relevant security-related designation(s) preferred.
• Certifications in CISSP-ISSAP, TOGAF, or SABSA, cloud architecture (Microsoft, AWS, GCP)
• Experience in identifying gaps in existing architectures.
• Understanding of security infrastructure in Public and Private Cloud, e.g., virtual network infrastructure, hybrid IaaS/PaaS/SaaS solutions.
• Experience in designing security architectures to mitigate threats and sound knowledge of security strategies and technologies.
• Direct the Project and Security teams with the guidance to build policies, standards, risks, and controls frameworks supporting operational requirements for the business.
• Good experience in security architecture design in Cloud and on-prem.
• Design and implementation of IOT, endpoint protection, and secure IAM.
• Understanding of authentication and authorisation technologies (SAML, LDAP, PKI, etc.) and other IAM technologies
• Understanding of the implementation, operation, and maintenance of SIEM, boundary protection technologies (firewalls, mail gateways), Antivirus, and AD security products
• Knowledge of web application architectures and threat modelling.

Managed Talent Solutions is looking for a seasoned Chief Information Security Officer (CISO) for one of their client based in Centurion to lead enterprise-wide cyber security efforts. In this strategic leadership role, the successful candidate will be responsible for driving the Group’s information security strategy, ensuring the protection of the company’s digital assets, systems and data. The Chief Information Security Officer will play a critical part in upholding regulatory compliance, managing cyber risk, and strengthening the company's reputation as a trusted service provider.

Qualifications / Requirements:

• Matric plus, Degree in Information Technology, Business Administration, or related field.
• 7+ years of experience in cybersecurity, risk management, and IT leadership .
• 7 years in a senior information security management role .
• Professional Certifications: CISSP, CISM, CISA, CCSP , or equivalent.
• Deep understanding of security frameworks: ISO 27001, PCI-DSS, NIST, SSAE 18.
• Strong background in security tools and technologies (IAM, IDS/IPS, DLP, etc.).
• Ability to lead complex projects in a matrixed, multi-stakeholder environment.
• Proven experience in vendor and contract security negotiations.
• Strong leadership, communication, and analytical skills.
• Strategic and innovative thinking
• Leadership and influence
• Risk and compliance acumen
• Project and resource management
• Exceptional stakeholder communication
• Report writing and dashboard presentation
• Coaching and mentoring for performance

Responsibilities include:

• Develop and execute the company’s information security strategy aligned with business goals and digital innovation.
• Serve as a trusted advisor to executives, balancing innovation and cyber risk.
• Drive secure adoption of technologies including cloud, AI, and data analytics.
• Identify and mitigate cybersecurity threats (e.g., ransomware, data breaches, insider threats).
• Lead security assessments, technology deployments and compliance audits.
• Collaborate with ICT, PMO and Group Risk to manage enterprise-wide security initiatives.
• Ensure compliance with POPIA, GDPR, ISO 27001 and industry standards (NIST, PCI-DSS, CIS).
• Minimise legal, reputational and financial risk through proactive governance.
• Develop and enforce the company’s Cyber Incident Response Plan (CIRP).
• Oversee disaster recovery and continuity planning.
• Lead security audits, assessments, and real-time threat investigations.
• Implement training programs to build cybersecurity awareness across all departments.
• Foster a culture of shared responsibility and high performance within the security function.