Security & Compliance Manager

ENVIRONMENT:

A secure e-Signature platform based in Cape Town is seeking a Security & Compliance Manager who is responsible for owning and operating the company’s information security and compliance posture. This includes implementing and maintaining ISO/IEC 27001, handling customer security reviews, managing audits, and ensuring security controls are practical, effective, and aligned with a modern cloud-native SaaS environment.

This is a hands-on role, suited to someone comfortable working closely with engineering, product, and leadership.

DUTIES:

Information Security Management (ISO 27001)

• Own the ISO/IEC 27001 ISMS, including:
  • Risk assessments and treatment plans
  • Policies, procedures, and control implementation
  • Statement of Applicability (SoA)
• Lead initial ISO 27001 implementation and ongoing certification maintenance
• Plan and run internal audits and management reviews
• Coordinate and manage external certification and surveillance audits

Customer & Partner Security Reviews

• Act as the primary point of contact for:
  • Customer security questionnaires
  • Vendor risk assessments
  • Due diligence reviews (enterprise & financial services clients)
• Prepare and maintain standard security responses (ISO, SOC-style answers, cloud security posture)
• Support enterprise sales by explaining security controls clearly and confidently

Security Governance & Controls

• Maintain and improve:
  • Security policies (access control, incident response, vendor management, etc.)
  • Asset management and data classification
  • Supplier and third-party risk management
• Ensure security controls are practical and proportionate, not bureaucratic
• Track and manage security risks and exceptions

Audit, Monitoring & Evidence

• Maintain audit-ready evidence for:
  • Access controls
  • Change management
  • Incident handling
  • Backups, logging, and monitoring
• Work with engineering to ensure evidence is automated where possible
• Monitor compliance drift and follow up on corrective actions

Incident & Vulnerability Management

• Own the security incident response process
• Coordinate incident handling, root cause analysis, and corrective actions
• Track vulnerabilities and remediation status (with engineering)

Awareness & Enablement

• Run lightweight security awareness training for staff
• Help teams understand why controls exist, not just enforce them
• Embed security into day-to-day operations without slowing delivery

REQUIREMENTS:

Essential

• 3–7 years’ experience in information security, compliance, or GRC
• Hands-on experience with ISO/IEC 27001 (implementation
  
  https://www.jobplacements.com/Jobs/S/Security--Compliance-Manager-1255020-Job-Search-01-23-2026-02-00-16-AM.asp?sid=gumtree