Security & Compliance Manager

ENVIRONMENT:

A secure e-Signature platform based in Cape Town is seeking a Security & Compliance Manager who is responsible for owning and operating the company’s information security and compliance posture. This includes implementing and maintaining ISO/IEC 27001, handling customer security reviews, managing audits, and ensuring security controls are practical, effective, and aligned with a modern cloud-native SaaS environment.

This is a hands-on role, suited to someone comfortable working closely with engineering, product, and leadership.

DUTIES:

Information Security Management (ISO 27001)

• Own the ISO/IEC 27001 ISMS, including:
  • Risk assessments and treatment plans
  • Policies, procedures, and control implementation
  • Statement of Applicability (SoA)
• Lead initial ISO 27001 implementation and ongoing certification maintenance
• Plan and run internal audits and management reviews
• Coordinate and manage external certification and surveillance audits

Customer & Partner Security Reviews

• Act as the primary point of contact for:
  • Customer security questionnaires
  • Vendor risk assessments
  • Due diligence reviews (enterprise & financial services clients)
• Prepare and maintain standard security responses (ISO, SOC-style answers, cloud security posture)
• Support enterprise sales by explaining security controls clearly and confidently

Security Governance & Controls

• Maintain and improve:
  • Security policies (access control, incident response, vendor management, etc.)
  • Asset management and data classification
  • Supplier and third-party risk management
• Ensure security controls are practical and proportionate, not bureaucratic
• Track and manage security risks and exceptions

Audit, Monitoring & Evidence

• Maintain audit-ready evidence for:
  • Access controls
  • Change management
  • Incident handling
  • Backups, logging, and monitoring
• Work with engineering to ensure evidence is automated where possible
• Monitor compliance drift and follow up on corrective actions

Incident & Vulnerability Management

• Own the security incident response process
• Coordinate incident handling, root cause analysis, and corrective actions
• Track vulnerabilities and remediation status (with engineering)

Awareness & Enablement

• Run lightweight security awareness training for staff
• Help teams understand why controls exist, not just enforce them
• Embed security into day-to-day operations without slowing delivery

REQUIREMENTS:

Essential

• 3–7 years’ experience in information security, compliance, or GRC
• Hands-on experience with ISO/IEC 27001 (implementation or maintenance)
• Experience supporting external audits
• Ability to translate security requirements into practical controls
• Comfortable working with cloud environments (e.g. Google Cloud, AWS, Azure)
• Strong written communication skills (policies, audit responses, customer answers)

Desirable

• SaaS or fintech / financial services experience
• Familiarity with:
  • SOC 2 concepts
  • NIST or CIS Controls
  • Cloud-native security tooling
• Experience responding to enterprise security questionnaires
• Background working in small or scaling companies

ATTRIBUTES:

• Pragmatic and solutions-oriented
• Comfortable pushing back on unnecessary bureaucracy
• Confident working independently with minimal supervision
• Able to work across technical and non-technical teams
• Calm and methodical under audit or incident pressure