Information Security Manager
uMhlanga, South Africa
iKhokhaAccept payments securely with iKhokha's card machines and payment solutions. Join now for low pricing and superior service. Grow your business today!
iKhokha is one of the fastest-growing fintech companies in Africa. As you'd expect, our pace is fast-moving and ever-changing. We like it that way.
Our office is a high performance environment where we push each other to challenge the status quo. If that doesn’t appeal to you, you probably shouldn’t work here.
We're on the lookout for an experienced Information Security Maestro to join our crew. Your mission? To shield our digital kingdom, create ingenious security strategies, and be the guardian of our data realm.
Purpose of the Role:
To actively protect the organization’s assets, data, cryptographic tools (including encryption keys) and information systems from threats. These threats could compromise essential operational data, IT infrastructure, compliance posture and sensitive merchant or employee data.
Also, continually achieving various attestation of compliance (AoC) from regulatory authorities, including but not limited to the Payment Card Industry (PCI) and VISA, while maintaining best practice in accordance with regulatory authorities such as but not limited to the POPI Act.
The Deal Breakers:
- 7+ years’ experience as an ISO
- 7+ years’ experience in PCI Data security standards
- 7+ years’ experience in PCI PIN and Key encryption and management of keys
- 3+ years’ experience in POPIA compliance
What does the role entail? (Areas of responsibilities):
- Manage, monitor, and report on the Network Operation Centre (NOC).
- Manage, monitor, and report on the Security Operation Centre (SOC).
- Heads major investigations and responses to critical events that impact the organisation.
- Manage the selection, testing, deployment and maintenance of security related software products and tools.
- Software Change Request (SCR) and Network Change Request (NCR) approval.
- Develop, implement, and amend process, procedures, and policies to ensure correct and secure usage of all Information Security systems.
Compliance and Best practice Requirements
- Assess risk and conduct root cause analysis to recommend, implement and/or design new features and functionalities to support payments & information security compliance initiatives.
- Manage implementation of any new payments & information security compliance requirements for existing or new needs.
- Manage all evidence collection activities relating to payments & information security compliance.
- Coordinate with all business units and the enterprise to obtain and validate evidence required for payments & information security compliance and assessments.
- Incrementally improve the evidence collection process and streamline evidence collection procedures.
- Regularly communicate PCI DSS, PCI PIN, PCI MPOC and POPI requirements and the status of PCI DSS, PCI PIN, PCI MPOC and POPI compliance to relating business units and Exco.
- Communicate regularly with assessors and adjust the payments & security compliance program as needed.
- Coordinates with company and vendor SMEs to ensure adherence to program requirements.
- Manage relationship of payments & security compliance needs in conjunction with needs of the Product team.
- Challenge and validates assessment decisions from both internal business units as well as external partners/vendors.
- Build and manage an ongoing Cybersecurity awareness training program to cater for various business units’ compliance requirements.
- Develop, implement, and amend process, procedures, and policies to ensure compliance and best practice is reached and maintained.
- Develop, implement, and amend policies to ensure the physical safety of all visitors, employees, and customers.
- Safeguarding of property and assets of the organization (i.e., equipment, stock, building, storage)
- Monitor the correct implementation of the organization's security equipment and protocols - Alarm system, CCTV, access control, access rights and time zones, arming and dis-arming of alarm system, alarm activations and armed responses.
- Simulate security breaches to test the infrastructure, policies and procedures and provide remedies for any shortfalls.
- Manage the selection, testing, deployment and maintenance of security hardware and software products as well as outsourced arrangements.
- Take appropriate actions to ensure staff are properly trained on security and security systems and informed on compliance requirements while being well equipped to manage potential issues or breaches.
- Managing custodian of Microsoft 365 (encompassing online services such as Outlook.com, OneDrive, SharePoint, Microsoft Teams, other Microsoft programs).
- Manage the selection, testing, deployment, and maintenance of Information Technologies related software products and tools.
- Develop, implement, and amend policies, processes, and procedures to enable business needs and to ensure Information Technology systems and tools are handled and used in a compliant/ best practice manner.
- Approve user access rights to Information technologies related software products, tools, services, and sensitive data.
- Network Change Request (NCR) and Software Change Request (SCR) approval.
- Manage relationship with outsourced and in-house IT team members.
- Assist with High level outsourced and in-house IT team member’s ticketing queries.
- Certified ISO/IEC 27001 Lead Implementer
- ISO 31000:18 Corruption & Fraud Risk Management
- Security Expert certification NSE 1 and 2
- Certified Information Security System Professional (CISSP) certification would be advantageous.
- Certified PayShield Systems Engineer would be advantageous.
Perks of joining the Tribe?
- You get to work in a high growth company. Sink your teeth into meaningful work with tangible results you are accountable for.
- Hybrid, remote and in office work models.
- Remuneration & Benefits. We offer company contributions to Medical Aid and a group risk scheme.
- Visionary leadership.
- Study leave.
- Access to on demand learning and development.
- A friendly, collaborative culture and a team of all-round-lekker humans (it’s true, we surveyed our employees and they told us so).
- If you find yourself at HQ, coffee on tap and a selection of hot beverages provided by our onsite Barista.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
More jobs like this
Home based - Americas, … Home based - Americas, EMEA Full TimeExecutive Executive-levelUSD 29K - 55K * USD 29K+ *
Security Operations Team ManagerAgile Cloud Computer Science Governance Incident response ISO 27001 +11
Career development Parental leave Salary bonus Team events Travel
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Senior Information Security Analyst jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Information Security Officer jobs
- Open Chief Information Security Officer jobs
- Open Security Operations Engineer jobs
- Open Ingénieur DevSecops H/F jobs
- Open Staff Security Engineer jobs
- Open Analyste CERT / Incident Responder junior (H/F) jobs
- Open Senior Security Architect jobs
- Open Analyste CERT / Incident Responder senior (H/F) jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Consultant jobs
- Open Senior Security Analyst jobs
- Open o365 Security Architect jobs
- Open Principal Security Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Staff Product Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Electronic Warfare Advanced Tactical Trainer jobs
- Open Security Researcher jobs
- Open Product Security Engineer jobs
- Open Application security-related jobs
- Open GCP-related jobs
- Open Governance-related jobs
- Open Risk assessment-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open Analytics-related jobs
- Open ISO 27001-related jobs
- Open CISM-related jobs
- Open IAM-related jobs
- Open SaaS-related jobs
- Open Threat intelligence-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open Java-related jobs
- Open DevOps-related jobs
- Open Kubernetes-related jobs
- Open Security assessment-related jobs
- Open DoD-related jobs
- Open APIs-related jobs
- Open Forensics-related jobs
- Open Splunk-related jobs
- Open EDR-related jobs