Role Purpose

The successful candidate will play a critical role in protecting the organisation’s systems, data, and infrastructure by designing, implementing, and maintaining robust security controls. The role combines strong technical cybersecurity capability with deep knowledge of compliance and regulatory frameworks to ensure the organisation remains secure, resilient, and audit-ready. You will work closely with infrastructure, cloud, application, risk, and audit teams to embed security across all layers of the technology environment while actively identifying and mitigating threats.

Key Responsibilities

• Design, implement, and maintain cybersecurity controls across on-premise, cloud, and hybrid environments

• Manage and optimise security technologies including SIEM, EDR, firewalls, IDS/IPS, endpoint protection, and vulnerability management tools

• Monitor security environments for threats, anomalies, and suspicious activity, ensuring timely detection and response

• Lead investigation and response to security incidents, including root cause analysis and remediation actions

• Perform regular vulnerability scanning and coordinate penetration testing activities with internal and external parties

• Ensure secure configuration and hardening of servers, networks, endpoints, and cloud workloads

• Support secure architecture design for new systems, applications, and infrastructure projects

• Apply security-by-design principles across all technology implementations and changes

• Ensure compliance with relevant security and regulatory frameworks including ISO 27001, NIST, CIS Controls, POPIA, GDPR, and internal governance standards

• Support internal and external audits by preparing evidence, addressing findings, and tracking remediation activities

• Maintain and improve cybersecurity policies, procedures, and standards

• Conduct risk assessments and support enterprise risk management processes

• Produce regular security reports, dashboards, and risk summaries for technical and executive stakeholders

• Support Identity and Access Management (IAM), including privileged access management and authentication controls

• Contribute to cloud security governance across platforms such as AWS, Azure, or Google Cloud

• Implement and maintain data protection controls including encryption, data classification, and Data Loss Prevention (DLP)

• Support business continuity and disaster recovery planning from a cybersecurity perspective

• Collaborate with SOC teams, MSSPs, and third-party security providers

• Drive security awareness initiatives and contribute to training across the organisation

Qualification and Experience

• Matric (Grade 12) required

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field

• 7+ years’ experience in cybersecurity engineering, security operations, or infrastructure security roles

• Strong hands-on experience with security technologies including SIEM, EDR, firewalls, and vulnerability management tools

• Solid understanding of network security, cloud security, and endpoint protection

• Experience working with compliance frameworks such as ISO 27001, NIST, CIS Controls, POPIA, and GDPR

• Proven experience supporting internal and external audits and broader regulatory compliance requirements

• Experience working with cloud platforms such as AWS, Azure, or Google Cloud

• Strong understanding of Identity and Access Management (IAM), Privileged Access Management (PAM), and Zero Trust security principles CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), CompTIA Security+, CompTIA CySA+ (Cybersecurity Analyst), ISO 27001 Lead Implementer, or ISO 27001 Lead Auditor

• AWS Certified Security – Specialty, Microsoft Certified: Azure Security Engineer Associate, or GIAC Security Certifications (e.g., GSEC, GCIH)