JobsZA
Back to all jobs

Information Technology Security Lead

Masthead (Pty) Ltd

Other, Western Cape

Salary not listedFull-time · Posted Yesterday

IT roles span help desk, support, networking and software development, and remain one of SA's most in-demand and best-paid skill areas.

This listing does not state a salary. As a guide, it roles in South Africa typically pay R18 000 to R65 000 a month (indicative).

Job description

At Masthead (Pty) Ltd, our passion is keeping businesses in business. As a national supplier of practice management and business development services, and compliance monitoring of FAIS, FICA, POPI, and NCR, Masthead assists Independent Financial Advisors, corporate FSPs and other business sectors throughout South Africa so they can stay in business, improve productivity and prosper. We know this can only be achieved through the calibre of people we employ – people who are client focused, set themselves high standards of delivery and have a willingness to go the extra mile.

POSITION SUMMARY

We are seeking an experienced Information Technology Security Lead to provide direction, coordination, and hands-on delivery support across the organisation’s information security strategy, roadmap, governance, operational security activities and security improvement initiatives. This role is suited to a security professional with strong experience in governance, risk, compliance, audit, security frameworks, and regulated environments, who can translate requirements into practical action, embed security best practices, and drive initiatives through to completion.

The successful candidate will work closely with business and technology teams to strengthen the organisation’s security posture, improve control maturity, support ISO 27001-aligned certification and compliance activities, manage day-to-day security matters, upskill the IT support team, deliver security awareness initiatives, and provide regular updates to senior leadership.

This is a full-time, hybrid role offering the flexibility to work remotely for part of the week while collaborating with the team from our head office in Mowbray, Cape Town on designated office days. During your first six months, you'll be based in the office full-time to support your onboarding, build relationships with the team, and gain a strong understanding of our business before transitioning to our hybrid work model.

MINIMUM REQUIREMENTS – QUALIFICATIONS & EXPERIENCE

Qualifications

  • Relevant tertiary qualification in Information Security, Cybersecurity, Information Systems, Computer Science, or Technology Risk / Governance.

Preferred Certifications

  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • Certified in Risk and Information Systems Control (CRISC)
  • ISO 27001 Lead Implementer
  • Microsoft / Azure security certifications such as AZ-500, SC-200, or SC-300

Experience

  • 5–8 years’ experience in information security, GRC, security governance, cyber risk, technology risk, compliance, or related roles.
  • Proven experience in regulated or compliance-led environments, ideally in financial services, fintech, or similarly regulated sectors.

Strong experience in

  • Security governance, control frameworks, framework alignment, remediation planning, audit support, compliance reporting, policy and standards development, and security initiative delivery.
  • Building, maintaining, and driving security roadmaps, implementation plans, and action trackers.
  • Delivering security awareness training, workshops, communications, or user-facing security guidance.
  • Good working knowledge of POPIA and privacy-related security safeguards.
  • Exposure to Azure cloud security and/or on-premises infrastructure security controls.
  • Strong stakeholder engagement skills with the ability to influence and coordinate cross-functional teams.
  • Experience working in ISO 27001-aligned environments or supporting certification activities is highly advantageous.

DUTIES AND RESPONSIBILITIES

Security and Governance

  • Define, maintain, and help drive the organisation’s information security strategy, roadmap, and priority initiatives.
  • Provide direction on the adoption, implementation, and continuous improvement of security best practices, standards, and controls across the organisation.
  • Lead and coordinate security initiatives, remediation programmes, and control improvement activities through to completion.

ISO 27001 & Compliance

  • Coordinate ISO 27001-aligned certification readiness activities, including control alignment, evidence gathering, audit preparation, remediation tracking, and ongoing compliance improvement.
  • Develop, maintain, and implement information security policies, standards, procedures, and control frameworks.
  • Translate security, regulatory, and framework requirements into practical implementation plans and embed them into day-to-day operations.
  • Manage and support day-to-day security operational requests, incidents, and helpdesk-related security matters, including investigation, coordination, resolution, and closure.

Risk Management & Assurance

  • Conduct security risk assessments, control reviews, gap analyses, and remediation planning across systems, processes, and business activities.
  • Support compliance with POPIA, privacy controls, and broader information governance obligations.
  • Provide practical support and guidance across Azure cloud and on-premises infrastructure security where required.

Awareness, Training & Stakeholder Engagement

  • Support, guide, and upskill the IT support team on security and compliance-related matters to help deliver and sustain security initiatives.
  • Develop and deliver security awareness communications, training material, workshops, and targeted education sessions.

Operational Security Support

  • Communicate with staff on security-related matters, including awareness topics, policy updates, security alerts, incidents, and required actions where appropriate.
  • Support internal and external audit, assurance, and regulatory review activities, including documentation, evidence gathering, control narratives, and remediation follow-up.

Reporting & Leadership Support

  • Provide senior leadership with regular updates on day-to-day security matters, initiative progress, risk status, roadmap delivery, and control maturity.

COMPETENCIES AND SKILLS

Technical / Functional Skills

  • Security Governance & Frameworks
  • ISO 27001 / ISO 27002
  • NIST Cybersecurity Framework
  • COBIT advantageous
  • Policy, standards, control design, implementation, certification readiness, and maturity improvement

Regulatory / Compliance

  • POPIA and information security safeguards
  • PAIA awareness and information governance alignment
  • Audit and assurance support
  • Financial-sector regulatory awareness, including familiarity with FSCA expectations in IT governance and cyber resilience, would be beneficial

Cloud / Infrastructure Security

  • Azure security fundamentals
  • Identity and access management
  • Secure configuration, hardening, and baseline control implementation
  • Security monitoring and control oversight in hybrid and on-premises environments

Delivery & Operational Security

  • Initiative tracking and coordination
  • Security roadmap development and reporting
  • Operational security issue management and closure
  • Stakeholder management and cross-functional delivery support

Awareness, Training & Communication

  • Security awareness programmes and workshops
  • Training delivery and user education
  • Staff communication on security-related matters

Security Tooling

  • Experience with common enterprise security tooling across endpoint protection, identity and access management, vulnerability management, email security, monitoring/logging, ticketing, and cloud security platforms would be advantageous.

Key Behavioural Competencies

  • Strong analytical and problem-solving ability
  • Excellent communication and presentation skills
  • High attention to detail and quality
  • Ability to work independently and take ownership
  • Strong planning, organisation, and coordination skills
  • Ability to influence stakeholders across all levels of the organisation
  • Results-driven with a continuous improvement mindset
  • Professional integrity and sound judgement

Work Location: In per

Good to know

What does this it job pay?

This listing does not state a salary. As a guide, it roles in South Africa typically pay R18 000 to R65 000 a month (indicative).

Do I need experience for it jobs in Other?

This it role may ask for some experience or a relevant qualification. Read the listing for the specifics before you apply.

How do I apply for this job?

Tap "Apply on Indeed" to open the original listing, where you can read the full description and apply directly. JobsZA never charges you to apply, and you should never pay money to get a job.

Found on Indeed · Posted Yesterday

More it and similar jobs in Other

Millwright Rietvlei - Gauteng

CK Africa Talent

Other, Today

R33K/mo

Wine Barista

Confidential

Other, Yesterday

R8.5K - R8.5K/mo

Human Resources Manager

Confidential

Other, GautengYesterday

R50K - R50K/mo

Team Leader Insurance Bryanston

Belmar Personnel

Other, Yesterday

R18K - R20K/mo

Get jobs on WhatsApp (free)

New jobs every morning. No spam.

Follow on WhatsApp