Job Description

Who we're looking for:

An experienced Information Security Manager to lead the implementation and ongoing maturity of our Information Security Management System (ISMS), ensure alignment with ISO 27001:2022, and manage risk across the business.

The challenge:

To own the ISMS documentation and audit programme, coordinate internal and external audits, oversee the risk register, and support internal teams on policy compliance and security awareness.

Where you'll work:

This role will be based in Cape Town, you'll be part of our global team, collaborating with colleagues and serving customers across the UK, USA, Australia, South Africa, and beyond. Our hybrid approach offers flexibility with regular team connection in our Cape Town office.

The Tillo Difference

We're in the business of rewards and incentives, so we know a thing or two about the importance of giving back. We can't grow as a business without growing as individuals, so we are committed to providing a workplace where passionate, driven individuals can thrive. We value collaboration, trust, positivity, and a willingness to learn - only by working as a team will we reach our goals.


We're the market leader in the UK and are active in a number of other markets including USA, Europe, Australia and India.

This role will be responsible for:

ISMS Ownership & Audit Readiness

+ Maintain and evolve the ISMS documentation and controls in line with ISO 27001:2022.
+ Coordinate and lead internal audits (quarterly for TZ) and external certification audits.
+ Write up audit findings and risk reports for SLT and the Board.
+ Monitor ISMS KPIs and compliance metrics .

Risk Management

+ Own the company-wide risk register and associated documentation (excluding the risk framework itself).
+ Support teams in identifying, assessing, and documenting risks.
+ Track and ensure timely implementation of Risk Treatment Plans.
+ Monitor and report on key risk metrics.

Incident & Corrective Action Management

+ Maintain the incident log, ensuring proper documentation, root cause analysis and closure.
+ Drive corrective actions and improvements from internal/external audits and incidents.

Security Policy & Training

+ Maintain and develop ISO 27001-compliant security policies (non-Engineering).
+ Coordinate business-wide security awareness training (e.g., KnowBe4).
+ Champion InfoSec awareness and lead monthly security meetings.

Client & Vendor Security Assurance

+ Complete InfoSec and risk sections of client due diligence questionnaires.
+ Support the development of a Trust Centre to streamline security responses.

What we're looking for

3+ years in an Information Security or Risk Management role with experience in ISO 27001 implementation and audits. A strong understanding of risk frameworks, internal controls, and compliance management. Experience with audit coordination and ISMS documentation. The ability to translate technical and regulatory language into business-friendly advice. Working knowledge of privacy, AML, and business continuity requirements. Familiarity with InfoSec tooling (e.g., Drata, Vanta, KnowBe4). Exceptional communication, reporting and organisational skills.

Benefits

We offer all our employees trust and empower our team to work with flexibility and autonomy. We're a close-knit team and love working collaboratively, with our hybrid model, our team can come together at our fantastic offices, but also focus in their own space. The Tillo team are a motivated bunch and we all work hard to push Tillo forwards, always innovating. We completely understand the importance of work/life balance and offer a supportive and collaborative working environment with the following benefits:

21 days holiday per annum Retirement Fund (5%) Health insurance contribution Employee Incentive Scheme Hybrid Working Top spec equipment including laptop, mouse, keyboard, monitor Anniversary gifts Monthly breakfasts, drinks, snacks and events Team Learning & Development budget

About Tillo

---------------


Tillo makes gift cards, rewards, and incentives simple, efficient, and profitable. Operating in over 37 markets and 25 currencies, Tillo processes billions in gift card transactions through a single, plug-and-go API, powering rewards and incentives for the world's leading businesses.



Backed by Tenzing, Tillo is setting the global standard for digital gift card infrastructure.

Diversity, Equity, and Inclusion Statement

We are committed to fostering a diverse and inclusive workplace where everyone feels valued and respected. We welcome applications from individuals of all backgrounds, regardless of age, disability, gender identity, marital status, race, ethnicity, religion or belief, sex, or sexual orientation.



If you require any reasonable adjustments during the recruitment process, please let us know, and we will be happy to accommodate your needs.