Job Description

Join Interfile--South Africa's leading Electronic Bill Presentment & Payment (EBPP) fintech--where we design, build, and run large-scale digital services used by millions, partnering with top banks, major corporates, and government. You'll work on modern architectures across both new builds and enhancements in a culture that prizes innovation, seamless integration, and exceptional delivery. We're customer-obsessed and known for helping organizations modernise. Our Fourways office--right across from Montecasino--offers a modern workspace with a Vitality-certified gym, canteen, and great chill areas.



Purpose of the role:

Lead and continuously improve our information security posture across on-prem and cloud--covering platforms, hardware, networks, and data centres. You'll drive vulnerability remediation through both automation and hands-on work, ensure compliance with POPIA, and design, implement, and uplift security standards and frameworks (e.g., ISO 27001/27002, NIST CSF 2.0). You'll also own risk management and incident response while championing a security-first culture across the business..



Responsibilities:

Security Assessment & ManagementConduct regular security assessments across infrastructure, applications, and data environments. Implement and manage SAST and DAST tools and processes. Track, report, and drive remediation of vulnerabilities and security issues.

Security Posture & ReportingDevelop and maintain dashboards and reports that clearly communicate the organization's security posture. Define and track KPIs for security posture, remediation velocity, and compliance. Collaborate with internal teams to ensure visibility and accountability for remediation efforts.

Automation & RemediationDesign and implement automated security controls and remediation workflows. Work with DevOps and IT teams to integrate security into CI/CD pipelines.

Compliance & Regulatory AlignmentEnsure alignment with POPIA and other applicable data protection regulations. Support audits and compliance reporting requirements. Work with legal and compliance teams to ensure data handling aligns with privacy laws.

Standards & FrameworksContribute to the design and rollout of security standards such as ISO 20027. Align security practices with NIST CSF 2.0 and other relevant frameworks.

Risk ManagementConduct risk assessments and maintain a security risk register. Collaborate with business units to understand and mitigate security risks tied to operations and products.

Incident Response & ForensicsDevelop and maintain incident response plans. Lead investigations into security breaches and coordinate post-incident reviews.

Security Awareness & TrainingDesign and deliver security awareness programs for staff. Promote a security-first culture across technical and non-technical teams.

Third-Party & Vendor SecurityAssess and manage security risks related to vendors, partners, and third-party services. Ensure contracts and SLAs include appropriate security clauses.

Secure Architecture & DesignParticipate in solution architecture reviews to ensure security is embedded from the start.

Advise on secure design patterns and threat modeling.

Requirements (Essential):Bachelor's degree in Information Security, Computer Science, or related field. At least one security certification: CISSP, CISM, CEH, CompTIA Security+, ISO 27001 Lead Implementer (or similar). 5+ years in an information security role (or similar). Proven security experience across infrastructure, applications, and data environments. Hands-on with SAST/DAST tools (e.g., SonarQube, OWASP ZAP, Burp Suite). Strong vulnerability management and remediation workflow expertise. Familiarity with automation/scripting (e.g., Python, PowerShell) and CI/CD tooling. Working knowledge of POPIA and other data-protection regulations. Experience with security frameworks (e.g., NIST CSF, ISO 27001/27002). Ability to communicate technical risks and remediation plans to non-technical stakeholders.

Nice to Have (Desirable)Proactive, detail-oriented, strong sense of ownership. Comfortable collaborating across multiple teams and disciplines. Passion for security, compliance, and continuous improvement. * Multiple or advanced security certifications.