Job Description

ENVIRONMENT:
A secure e-Signature platform based in Cape Town is seeking a Security & Compliance Manager who is responsible for owning and operating the company's information security and compliance posture. This includes implementing and maintaining ISO/IEC 27001, handling customer security reviews, managing audits, and ensuring security controls are practical, effective, and aligned with a modern cloud-native SaaS environment.
This is a hands-on role, suited to someone comfortable working closely with engineering, product, and leadership.
DUTIES:
Information Security Management (ISO 27001)

• Own the ISO/IEC 27001 ISMS, including:

• Risk assessments and treatment plans
• Policies, procedures, and control implementation
• Statement of Applicability (SoA)
• Lead initial ISO 27001 implementation and ongoing certification maintenance
• Plan and run internal audits and management reviews
• Coordinate and manage external certification and surveillance audits

Customer & Partner Security Reviews

• Act as the primary point of contact for:

• Customer security questionnaires
• Vendor risk assessments
• Due diligence reviews (enterprise & financial services clients)
• Prepare and maintain standard security responses (ISO, SOC-style answers, cloud security posture)
• Support enterprise sales by explaining security controls clearly and confidently

Security Governance & Controls

• Maintain and improve:

• Security policies (access control, incident response, vendor management, etc.)
• Asset management and data classification
• Supplier and third-party risk management
• Ensure security controls are practical and proportionate, not bureaucratic
• Track and manage security risks and exceptions

Audit, Monitoring & Evidence

• Maintain audit-ready evidence for:

• Access controls
• Change management
• Incident handling
• Backups, logging, and monitoring
• Work with engineering to ensure evidence is automated where possible
• Monitor compliance drift and follow up on corrective actions

Incident & Vulnerability Management

• Own the security incident response process
• Coordinate incident handling, root cause analysis, and corrective actions
• Track vulnerabilities and remediation status (with engineering)

Awareness & Enablement

• Run lightweight security awareness training for staff
• Help teams understand why controls exist, not just enforce them
• Embed security into day-to-day operations without slowing delivery

REQUIREMENTS:
Essential

• 3-7 years' experience in information security, compliance, or GRC
• Hands-on experience with ISO/IEC 27001 (implementation or maintenance)
• Experience supporting external audits
• Ability to translate security requirements into practical controls
• Comfortable working with cloud environments (e.g. Google Cloud, AWS, Azure)
• Strong written communication skills (policies, audit responses, customer answers)

Desirable

• SaaS or fintech / financial services experience
• Familiarity with:

• SOC 2 concepts
• NIST or CIS Controls
• Cloud-native security tooling
• Experience responding to enterprise security questionnaires
• Background working in small or scaling companies

ATTRIBUTES:

• Pragmatic and solutions-oriented
• Comfortable pushing back on unnecessary bureaucracy
• Confident working independently with minimal supervision
• Able to work across technical and non-technical teams
• Calm and methodical under audit or incident pressure

Skills Required