IT Security Manager (Compliance & Risk)

ExecutivePlacements.com

Recruiter

Top Vitae

Job Ref

370949

Date posted

Tuesday, July 7, 2026

Location

Gqeberha, South Africa

SUMMARY

POSITION INFO

The IT Security Manager is responsible for leading and supporting information security governance, risk management, compliance, and security assurance activities across the organization. Security Governance

  • Develop, maintain, and improve information security policies, standards, procedures, and guidelines.
  • Drive adoption of security governance practices across the organization.
  • Partner with business and technology stakeholders to ensure security requirements are included in business processes and initiatives.
  • Provide subject matter expertise on information security governance matters. Risk Management
  • Lead the identification, assessment, treatment, monitoring, and reporting of information security risks.
  • Maintain and support the enterprise security risk register.
  • Track remediation plans and ensure security risks are managed within approved timelines.
  • Facilitate recurring security risk assessments across business functions and technology environments. Compliance and Audit Support
  • Coordinate internal and external information security assessments and audit activities.
  • Support security requirements related to contractual, regulatory, customer, and industry obligations.
  • Manage audit findings, corrective action plans, evidence coordination, and remediation tracking.
  • Prepare management reports and metrics related to compliance and security program effectiveness. Security Awareness and Training
  • Develop and support security awareness and training activities.
  • Promote practical security behavior across the organization.
  • Provide guidance to employees, management, and stakeholders on security responsibilities. Third-Party and Vendor Security
  • Support third-party security risk management activities.
  • Perform security reviews of vendors, service providers, and business partners.
  • Track vendor security risks and coordinate remediation where required. Security Program Management
  • Support planning and execution of security initiatives, projects, and strategic objectives.
  • Measure and report on information security prog
  • Identify opportunities to improve security governance processes and reduce operational friction.
  • Act as a central point of coordination and escalation for governance, risk, compliance, and security assurance matters. OUT OF SCOPE:
  • Security Operations Center management.
  • Security incident response execution or technical investigation ownership.
  • Security engineering, architecture, or tool administration.
  • Endpoint detection and response platform ownership.
  • Vulnerability scanning operations and patch execution.
  • Identity and access management platform administration.
  • Network security operations or firewall administration. SECONDARY RESPONSIBILITIES:
  • Participate in strategic security projects and security improvement initiatives.
  • Support business continuity and disaster recovery governance activities where required.
  • Assist with security-related customer, partner, and vendor questionnaires.
  • Support annual policy reviews, documentation updates, and security reporting activities.
  • Research emerging security risks, regulatory expectations, and industry practices relevant to the business.
  • Contribute to continuous improvement of security governance workflows and stakeholder engagement. QUALIFICATIONS:
  • 5+ years of experience in information security, cybersecurity, risk management, governance, compliance, audit, or a related field.
  • Strong understanding of information security principles, governance practices, and risk management processes.
  • Experience coordinating security audits, assessments, findings, and remediation activities.
  • Experience developing, maintaining, or supporting security policies, standards, procedures, and awareness programs.
  • Strong written and verbal communication skills.
  • Demonstrated ability to influence stakeholders across multiple business functions and regions.
  • Strong analytical, organizational, and problem-solving skills.
  • Ability to manage multiple priorities and deliver outcomes in a matrixed global environment. EDUCATION AND EXPERIENCE :
  • Bachelor's degree in Information Security, Cybersecurity, Information Technology, Risk Management, Business Administration, or a related discipline is preferred.
  • An equivalent combination of education, professional certification, and relevant experience may be considered.
  • Professional certification such as CISSP, CISM, CRISC, CGRC, ISO 27001 Lead Implementer, or equivalent. Should you not receive any response within two weeks of applying, please consider your application unsuccessful.