Information Security Manager

Information Security Manager (JB5838)

Location: Midrand, Johannesburg

Salary: R1 000 000 per annum

Employment Type: Permanent

Industry: Financial Services

Our client is an established, South Africa–based financial services organisation operating within a regulated, enterprise-scale environment. The business offers investment, insurance, and wealth-related services, supporting a large national client base through secure, high-availability digital platforms. Technology is central to the organisation’s operations, with IT teams responsible for maintaining and enhancing business-critical systems, data integrity, and information security. The environment is stable, professionally managed, and suited to experienced IT professionals who value structure, accountability, and working on systems with long-term operational impact rather than short-term or experimental projects.

An experienced Information Security Manager is required to lead cybersecurity strategy, governance, and operations across a hybrid on-prem and cloud environment. The role has full accountability for security architecture, SOC oversight, Microsoft security platforms, regulatory compliance, and risk management, while working closely with IT leadership and executive stakeholders.

This is a hands-on leadership role, balancing strategy, governance, and operational execution in a complex enterprise environment.

• Bachelor’s degree in IT, Computer Science, or related field (or equivalent experience)
• 8+ years’ IT Security experience, with at least 5 years in a leadership role
• Strong experience in hybrid cloud security environments
• Deep knowledge of Microsoft 365 E3/E5 security stack
• Proven experience managing SOC operations, SIEM, SOAR, and threat intelligence
• Experience with BYOD security and distributed branch environments
• Strong stakeholder engagement and leadership capability

• CISSP or CISM
• Microsoft Certified: Cybersecurity Architect Expert
• GIAC Security Operations or similar

• Enterprise-focused, structured, and compliance-driven
• Comfortable operating at both strategic and operational levels
• Strong decision-making and problem-solving ability
• Clear communicator with executive presence
• Resilient, deadline-driven, and detail-oriented

• Security Strategy & Governance
  • Define and maintain enterprise-wide cybersecurity strategy aligned with business and regulatory requirements.
  • Establish and enforce security policies, standards, and governance frameworks.
  • Ensure alignment with NIST Cybersecurity Framework and Joint Security Standards.
  • Monitor emerging threats, regulatory changes, and industry best practice.
• Architecture & Identity Security
  • Design secure solutions across hybrid infrastructure, including Azure and on-prem environments.
  • Integrate security into infrastructure and application initiatives.
  • Manage identity and access controls, including Azure AD, MFA, and privileged access.
• Security Operations & SOC Oversight
  • Oversee day-to-day security monitoring, incident response, and threat intelligence.
  • Manage Microsoft security platforms, including Defender, Sentinel, Purview, and Conditional Access.
  • Oversee 24/7 SOC operations, including incident playbooks, escalation, and KPIs (MTTD, MTTR).
• Risk, Compliance & Audit
  • Conduct risk assessments, vulnerability management, and penetration testing.
  • Ensure compliance with POPIA, GDPR, NIST CSF, JSS, and related standards.
  • Maintain risk registers and manage audit remediation activities.
• BYOD & Network Security
  • Define and enforce BYOD security controls, including MDM and DLP.
  • Secure branch and remote networks using firewalls, VPNs, and segmentation.
• Financial & Vendor Management
  • Manage the cybersecurity budget, licensing, tools, and vendors.
  • Track ROI and risk mitigation outcomes.
• Leadership & Awareness
  • Lead and develop a cybersecurity team across operations, engineering, and compliance.
  • Drive organisation-wide security awareness and training initiatives.
  • Provide executive-level reporting on security posture and risk exposure.

Please do not apply using scanned CVs; no supporting documentation is required at this point. This will be requested later.

Kontak Recruitment Disclaimer:

Equal opportunity: All backgrounds are welcome, with no bias. All are considered based on requirements.

Job specifics: Requirements mirror advertisement, duties may adjust for client needs.

Fair process: Fair assessment, only shortlisted candidates contacted due to volume.

Privacy: Data processed as per Privacy Policy. By applying, you agree to data handling. We safeguard applicant info.

Candidate verification: Candidates selected by the client are verified. False info may disqualify or end employment with the client.

Offer clarity: The Advert is not a binding offer. Written offers based on pre-employment conditions.

No direct link: Advert is not tied to Kontak Recruitment. We assist in the employment process ONLY.

Applicant Responsibility: Upon applying, confirmation of receipt for a specific advert is given. If no confirmation is received, you must verify with Kontak Recruitment.