REF # 1712217



IT Security Officer (ISO)

Enquire / Apply


A dynamic financial services group seeks the expertise of a highly skilled Information Security Officer (ISO) to take charge of the governance of all aspects of the physical and logical security of information assets while ensuring the utmost confidentiality & keeping the IT environment secure. You must possess Matric/Grade 12, a Degree in either Computer Science/Informatics/Auditing or an Engineering tertiary qualification, be CISSP certified & a minimum of 5 years’ experience in the following: Enterprise Information Security Architecture related roles including establishing and maintenance & skilled in BS27000, COBIT, SDLC methodologies and ITIL.



Develop & manage an Information Security Programme –

Design and lead an enterprise wide Information Security programme to identify, assess and mitigate risks.

Write, implement and maintain security policies and procedures.

Establish an effective reporting and escalation process.

Appraise and guide the executive team on all aspects of Information Security, including trends, threats and vulnerabilities.

Assess the impact of business process changes, architecture changes, technology changes and application changes on the Information Security controls.


Leads Solution Development & Maintenance –

Lead / oversee and work with Service Providers on system upgrade strategies, lead the architecture, design, implementation, and maintenance of complex solutions.

Identify, screen and evaluate new solution opportunities to address business requirements.

Work with leadership and service providers to ensure timely introduction and withdrawal of project and products in line with company business plan and strategy.

Share knowledge of technology risks and opportunities.


Implement the Information Security Strategy –

Develop and implement the Information Security strategy and governance framework which is consistent with Group Information Security objectives and industry best practices.

Proactively work with IT management to implement and integrate information security procedures, standards and controls into the day to day operations.


Manages Information Security Technologies –

Manage Information Security technologies including identity and access management, penetration testing, identity theft, denial of service (DoS) attacks, hacking techniques, access list management, user authentication, data encryption, vulnerability scanning, intrusion detection, email scanning, web content filtering, virus management and security testing.

Keep abreast of developments in the areas of legal, regulatory, corporate requirements, technological developments and best practices in the Information Security field.


Risk Management –

Work closely with auditors, and drive the necessary remediation of Information Security findings.

Assist in identifying and mitigating information security related risks.

Conduct risk assessments on third parties to ensure compliance of Information Security standards.

Assess cloud vendors and provide input on security within cloud environments.

Advise and participate in the business continuity and disaster recovery plans.


Application Security – Automation –

Define the Information Security requirements for SDLC.

Facilitate Information Security code reviews.

Drive security automation into the DevOps processes.


Operational Security –

Drive the vulnerability and patch management programme.

Coordinate technical Information Security assessments and penetration tests, as well as, drive remediation.

Ensure Information Security awareness training is implemented within the organisation.

Manage the information security products and support vendors.

Act as a key approver in the context of change management, specifically with regards to all changes requiring Information Security oversight.


Security Architecture –

Review, provide input, and approve solution designs from an Information Security perspective.

Define and drive security architecture.



Qualifications/Certifications –

National Senior Certificate / Grade 12

BCom Degree in either Computer Science / Informatics / Auditing or an Engineering tertiary qualification.

CISSP (Certified Information Systems Security Professional).


Experience/Skills –

5-8 Years’ experience in Information Technology.

5 Years’ experience:

Enterprise Information Security Architecture related roles and experience in technical analysis, vulnerability scanning and information security assessments.
Knowledge of BS27000, COBIT, SDLC methodologies and ITIL.

Establishment and maintenance of Information Security Architecture.

Technical implementation of the required information security controls.

3-5 Years’ experience in leading and managing information security discipline.
Advantageous –

B Degree plus certificates in OSCP, CISM, CISA.

Postgraduate Diploma / Advanced Diploma / Degree in IT.


While we would really like to respond to every application, should you not be contacted for this position within 10 working days please consider your application unsuccessful.



When applying for jobs, ensure that you have the minimum job requirements. Only SA Citizens will be considered for this role. If you are not in the mentioned location of any of the jobs, please note your relocation plans in all applications for jobs and correspondence. Please e-mail a word copy of your CV to and mention the reference numbers of the jobs.

Degree, Permanent

Apply for this vacancy:

Attach CV