Information Security Manager at Kontak Recruitment

• An experienced Information Security Manager is required to lead cybersecurity strategy, governance, and operations across a hybrid on-prem and cloud environment. The role has full accountability for security architecture, SOC oversight, Microsoft security platforms, regulatory compliance, and risk management, while working closely with IT leadership and executive stakeholders.
• This is a hands-on leadership role, balancing strategy, governance, and operational execution in a complex enterprise environment.

Minimum Requirements:

• Bachelor’s degree in IT, Computer Science, or related field (or equivalent experience)
• 8+ years’ IT Security experience, with at least 5 years in a leadership role
• Strong experience in hybrid cloud security environments
• Deep knowledge of Microsoft 365 E3/E5 security stack
• Proven experience managing SOC operations, SIEM, SOAR, and threat intelligence
• Experience with BYOD security and distributed branch environments
• Strong stakeholder engagement and leadership capability

Certifications (highly advantageous):

• CISSP or CISM
• Microsoft Certified: Cybersecurity Architect Expert
• GIAC Security Operations or similar

Ideal Candidate Profile

• Enterprise-focused, structured, and compliance-driven
• Comfortable operating at both strategic and operational levels
• Strong decision-making and problem-solving ability
• Clear communicator with executive presence
• Resilient, deadline-driven, and detail-oriented

Key Responsibilities:
Security Strategy & Governance

• Define and maintain enterprise-wide cybersecurity strategy aligned with business and regulatory requirements.
• Establish and enforce security policies, standards, and governance frameworks.
• Ensure alignment with NIST Cybersecurity Framework and Joint Security Standards.
• Monitor emerging threats, regulatory changes, and industry best practice.

Architecture & Identity Security

• Design secure solutions across hybrid infrastructure, including Azure and on-prem environments.
• Integrate security into infrastructure and application initiatives.
• Manage identity and access controls, including Azure AD, MFA, and privileged access.

Security Operations & SOC Oversight

• Oversee day-to-day security monitoring, incident response, and threat intelligence.
• Manage Microsoft security platforms, including Defender, Sentinel, Purview, and Conditional Access.
• Oversee 24/7 SOC operations, including incident playbooks, escalation, and KPIs (MTTD, MTTR).

Risk, Compliance & Audit

• Conduct risk assessments, vulnerability management, and penetration testing.
• Ensure compliance with POPIA, GDPR, NIST CSF, JSS, and related standards.
• Maintain risk registers and manage audit remediation activities.

BYOD & Network Security

• Define and enforce BYOD security controls, including MDM and DLP.
• Secure branch and remote networks using firewalls, VPNs, and segmentation.

Financial & Vendor Management

• Manage the cybersecurity budget, licensing, tools, and vendors.
• Track ROI and risk mitigation outcomes.

Leadership & Awareness

• Lead and develop a cybersecurity team across operations, engineering, and compliance.
• Drive organisation-wide security awareness and training initiatives.
• Provide executive-level reporting on security posture and risk exposure.