Join Interfile—South Africa’s leading Electronic Bill Presentment & Payment (EBPP) fintech—where we design, build, and run large-scale digital services used by millions, partnering with top banks, major corporates, and government. You’ll work on modern architectures across both new builds and enhancements in a culture that prizes innovation, seamless integration, and exceptional delivery. We’re customer-obsessed and known for helping organizations modernise. Our Fourways office—right across from Montecasino—offers a modern workspace with a Vitality-certified gym, canteen, and great chill areas.

Purpose of the role:
Lead and continuously improve our information security posture across on-prem and cloud—covering platforms, hardware, networks, and data centres. You’ll drive vulnerability remediation through both automation and hands-on work, ensure compliance with POPIA, and design, implement, and uplift security standards and frameworks (e.g., ISO 27001/27002, NIST CSF 2.0). You’ll also own risk management and incident response while championing a security-first culture across the business..

Responsibilities:
Security Assessment & Management

• Conduct regular security assessments across infrastructure, applications, and data environments.
• Implement and manage SAST and DAST tools and processes.
• Track, report, and drive remediation of vulnerabilities and security issues.

Security Posture & Reporting

• Develop and maintain dashboards and reports that clearly communicate the organization’s security posture.
• Define and track KPIs for security posture, remediation velocity, and compliance.
• Collaborate with internal teams to ensure visibility and accountability for remediation efforts.

Automation & Remediation

• Design and implement automated security controls and remediation workflows.
• Work with DevOps and IT teams to integrate security into CI/CD pipelines.

Compliance & Regulatory Alignment

• Ensure alignment with POPIA and other applicable data protection regulations.
• Support audits and compliance reporting requirements.
• Work with legal and compliance teams to ensure data handling aligns with privacy laws.

Standards & Frameworks

• Contribute to the design and rollout of security standards such as ISO 20027.
• Align security practices with NIST CSF 2.0 and other relevant frameworks.

Risk Management

• Conduct risk assessments and maintain a security risk register.
• Collaborate with business units to understand and mitigate security risks tied to operations and products.

Incident Response & Forensics

• Develop and maintain incident response plans.
• Lead investigations into security breaches and coordinate post-incident reviews.

Security Awareness & Training

• Design and deliver security awareness programs for staff.
• Promote a security-first culture across technical and non-technical teams.

Third-Party & Vendor Security

• Assess and manage security risks related to vendors, partners, and third-party services.
• Ensure contracts and SLAs include appropriate security clauses.

Secure Architecture & Design

• Participate in solution architecture reviews to ensure security is embedded from the start.

Advise on secure design patterns and threat modeling.
 

Requirements (Essential):

• Bachelor’s degree in Information Security, Computer Science, or related field.

• At least one security certification: CISSP, CISM, CEH, CompTIA Security+, ISO 27001 Lead Implementer (or similar).

• 5+ years in an information security role (or similar).

• Proven security experience across infrastructure, applications, and data environments.

• Hands-on with SAST/DAST tools (e.g., SonarQube, OWASP ZAP, Burp Suite).

• Strong vulnerability management and remediation workflow expertise.

• Familiarity with automation/scripting (e.g., Python, PowerShell) and CI/CD tooling.

• Working knowledge of POPIA and other data-protection regulations.

• Experience with security frameworks (e.g., NIST CSF, ISO 27001/27002).

• Ability to communicate technical risks and remediation plans to non-technical stakeholders.

Nice to Have (Desirable)

• Proactive, detail-oriented, strong sense of ownership.

• Comfortable collaborating across multiple teams and disciplines.

• Passion for security, compliance, and continuous improvement.

• Multiple or advanced security certifications.