Security & Compliance Manager at Datafin Recruitment

ENVIRONMENT:

• A secure e-Signature platform based in Cape Town is seeking a Security & Compliance Manager who is responsible for owning and operating the company’s information security and compliance posture.
• This includes implementing and maintaining ISO/IEC 27001, handling customer security reviews, managing audits, and ensuring security controls are practical, effective, and aligned with a modern cloud-native SaaS environment.
• This is a hands-on role, suited to someone comfortable working closely with engineering, product, and leadership.

DUTIES:

Information Security Management (ISO 27001)

Own the ISO/IEC 27001 ISMS, including:

• Risk assessments and treatment plans
• Policies, procedures, and control implementation
• Statement of Applicability (SoA)
• Lead initial ISO 27001 implementation and ongoing certification maintenance
• Plan and run internal audits and management reviews
• Coordinate and manage external certification and surveillance audits

Customer & Partner Security Reviews

Act as the primary point of contact for:

• Customer security questionnaires
• Vendor risk assessments
• Due diligence reviews (enterprise & financial services clients)
• Prepare and maintain standard security responses (ISO, SOC-style answers, cloud security posture)
• Support enterprise sales by explaining security controls clearly and confidently

Security Governance & Controls

Maintain and improve:

• Security policies (access control, incident response, vendor management, etc.)
• Asset management and data classification
• Supplier and third-party risk management
• Ensure security controls are practical and proportionate, not bureaucratic
• Track and manage security risks and exceptions

Audit, Monitoring & Evidence

Maintain audit-ready evidence for:

• Access controls
• Change management
• Incident handling
• Backups, logging, and monitoring
• Work with engineering to ensure evidence is automated where possible
• Monitor compliance drift and follow up on corrective actions

Incident & Vulnerability Management

• Own the security incident response process
• Coordinate incident handling, root cause analysis, and corrective actions
• Track vulnerabilities and remediation status (with engineering)

Awareness & Enablement

• Run lightweight security awareness training for staff
• Help teams understand why controls exist, not just enforce them
• Embed security into day-to-day operations without slowing delivery

REQUIREMENTS:

Essential

• 3–7 years’ experience in information security, compliance, or GRC
• Hands-on experience with ISO/IEC 27001 (implementation or maintenance)
• Experience supporting external audits
• Ability to translate security requirements into practical controls
• Comfortable working with cloud environments (e.g. Google Cloud, AWS, Azure)
• Strong written communication skills (policies, audit responses, customer answers)

Desirable

• SaaS or fintech / financial services experience

Familiarity with:

• SOC 2 concepts
• NIST or CIS Controls
• Cloud-native security tooling
• Experience responding to enterprise security questionnaires
• Background working in small or scaling companies

ATTRIBUTES:

• Pragmatic and solutions-oriented
• Comfortable pushing back on unnecessary bureaucracy
• Confident working independently with minimal supervision
• Able to work across technical and non-technical teams
• Calm and methodical under audit or incident pressure