About the position
ENVIRONMENT:
A secure e-Signature platform based in Cape Town is seeking a Security & Compliance Manager who is responsible for owning and operating the company’s information security and compliance posture. This includes implementing and maintaining ISO/IEC 27001, handling customer security reviews, managing audits, and ensuring security controls are practical, effective, and aligned with a modern cloud-native SaaS environment.
This is a hands-on role, suited to someone comfortable working closely with engineering, product, and leadership.
DUTIES:
Information Security Management (ISO 27001)
- Own the ISO/IEC 27001 ISMS, including:
- Risk assessments and treatment plans
- Policies, procedures, and control implementation
- Statement of Applicability (SoA)
- Lead initial ISO 27001 implementation and ongoing certification maintenance
- Plan and run internal audits and management reviews
- Coordinate and manage external certification and surveillance audits
Customer & Partner Security Reviews
- Act as the primary point of contact for:
- Customer security questionnaires
- Vendor risk assessments
- Due diligence reviews (enterprise & financial services clients)
- Prepare and maintain standard security responses (ISO, SOC-style answers, cloud security posture)
- Support enterprise sales by explaining security controls clearly and confidently
Security Governance & Controls
- Maintain and improve:
- Security policies (access control, incident response, vendor management, etc.)
- Asset management and data classification
- Supplier and third-party risk management
- Ensure security controls are practical and proportionate, not bureaucratic
- Track and manage security risks and exceptions
Audit, Monitoring & Evidence
- Maintain audit-ready evidence for:
- Access controls
- Change management
- Incident handling
- Backups, logging, and monitoring
- Work with engineering to ensure evidence is automated where possible
- Monitor compliance drift and follow up on corrective actions
Incident & Vulnerability Management
- Own the security incident response process
- Coordinate incident handling, root cause analysis, and corrective actions
- Track vulnerabilities and remediation status (with engineering)
Awareness & Enablement
- Run lightweight security awareness training for staff
- Help teams understand why controls exist, not just enforce them
- Embed security into day-to-day operations without slowing delivery
REQUIREMENTS:
Essential
- 3–7 years’ experience in information security, compliance, or GRC
- Hands-on experience with ISO/IEC 27001 (implementation or maintenance)
- Experience supporting external audits
- Ability to translate security requirements into practical controls
- Comfortable working with cloud environments (e.g. Google Cloud, AWS, Azure)
- Strong written communication skills (policies, audit responses, customer answers)
Desirable
- SaaS or fintech / financial services experience
- Familiarity with:
- SOC 2 concepts
- NIST or CIS Controls
- Cloud-native security tooling
- Experience responding to enterprise security questionnaires
- Background working in small or scaling companies
ATTRIBUTES:
- Pragmatic and solutions-oriented
- Comfortable pushing back on unnecessary bureaucracy
- Confident working independently with minimal supervision
- Able to work across technical and non-technical teams
- Calm and methodical under audit or incident pressure
Desired Skills:
- Communication
- Implementation
- Maintenance
About The Employer:
A secure e-Signature platform based in Cape Town is seeking a Security & Compliance Manager
