Information Security Officer

Rondebosch, South Africa | Posted on 10/01/2024
We are a proudly South African-based company that provides fast and secure payment processing solutions to businesses and financial institutions across 17 countries in Africa. As a one-stop, omnichannel payment solutions partner, Ecentric brings businesses the very best payment processing software & services for in-person payments, online payments, as well as for efficient back-office administration and reconciliation.

Launched in 1998, Ecentric is characterised by innovation and a strong culture of excellence. Twenty-five years ago, the founders identified the need for a payments partner that serves more than one retailer, across more than one payment channel. Fast forward to today, Ecentric now processes 20% of South Africa's card transactions (trusted by two thirds of South Africa's leading retailers), we bring credibility built on quality and serves as a payments partner to 65% of JSE listed retailers - serving their in-store, online, mobile and omnichannel payments requirements.

Job DescriptionIntroduction

Our team offers comprehensive experience and expertise across the South African (and beyond) payment gateways landscape. To guarantee the best service, we handle all the one-to-many payment relationships on behalf of our clients so they may focus their energy on growing their business.

As leaders in payment compliance and security, our clients can have the peace of mind that their payment processing needs are met efficiently with absolute security.

Position Overview Ecentric Payment Systems is seeking an experienced Information Security Officer to join our team. Reporting directly to the Head of Operations, you will play a pivotal role in safeguarding our organisation's data and IT infrastructure.

This position offers a hybrid work model, allowing you to work both remotely and from our offices in Cape Town or Centurion. You will leverage your expertise to develop, implement, and maintain robust security protocols, ensuring compliance with PCI DSS and PCI P2PE standards. We are looking for a dedicated individual with a proactive approach to cybersecurity and the ability to collaborate effectively across teams. Join us in protecting our systems and driving secure innovation.

Roles and Responsibilities Security Policy Development: Establish and maintain security standards, policies, and procedures to safeguard data and IT infrastructure.
Risk and Threat Management: Identify, assess, and mitigate risks to information systems. Investigate and resolve security incidents, including breaches.
Compliance and Auditing: Ensure compliance with PCI DSS and PCI P2PE standards, coordinating audits and preparing for recertifications.
Vulnerability and Penetration Testing: Perform regular vulnerability assessments, reviewing results of internal and external tests, and ensure corrective actions are taken promptly.
Data Protection and Classification: Implement and maintain data classification guidelines and procedures to protect sensitive information.
Security Awareness and Training: Develop and lead security awareness programs, ensuring employees understand and follow security protocols.
Consultation and Reporting: Provide internal security consulting to other departments and regularly report on security risks, incidents, and performance to IT Operations.
RequirementsWe encourage all applicants to carefully review the required skills, competencies, and education levels outlined in the job description. This ensures that we can focus on candidates with the right qualifications, leading to a more efficient and accurate evaluation of your application. Your attention to these details is greatly appreciated!

Qualification and Certification: Critical:

IT-related Diploma/Degree (3 years) – A foundational qualification in Information Technology, Computer Science, or a related field.
Systems Security Certified Practitioner (SSCP) – A key certification for professionals responsible for the operational aspects of security, including implementation and monitoring.
Advantageous:

Certified Information Systems Security Professional (CISSP) – A globally recognized certification demonstrating deep knowledge of cybersecurity and experience in managing security programs.
Certified Information Security Manager (CISM) – A certification that focuses on managing and governing enterprise information security programs.
Years of Experience (post qualification)

Professional Expertise Critical:

Information Security & Risk Management Proven experience in developing, implementing, and maintaining security policies.
Expertise in identifying, assessing, and mitigating security risks.
PCI DSS and PCI P2PE Compliance Hands-on experience managing compliance and audit processes for PCI DSS and PCI P2PE standards.
Incident Response & Vulnerability Management Practical experience in managing security incidents and conducting vulnerability assessments, including implementing corrective actions.
Audit Coordination Expertise in coordinating internal and external security audits, ensuring compliance with relevant standards.
Data Protection & Classification Proven experience in implementing data protection measures, including secure handling of sensitive information.
Experience managing and leading security teams, focusing on performance, communication, and accountability.
Advantageous:

Security Awareness & Training
Experience in developing and delivering cybersecurity awareness programs.
Payment Processing Security
Knowledge of security practices within payment processing environments.
Governance & Security Project Management
Familiarity with IT governance principles and experience managing security improvement projects.
Key Management Processes
Understanding of key management systems and related security controls.
To ensure your application can be fully considered, it is essential to complete the SAPIA assessment, which will be emailed to you immediately after submitting your application. We kindly request that you complete the assessment within the next 3 days to proceed with the short-listing process.

We appreciate your prompt attention to this and look forward to reviewing your complete application!

Our Culture & Philosophy We go beyond being just an employer - we are a long-term career growth partner in South Africa's payments industry. Here, we unleash our employees' potential, embrace innovation, and shape the future of the payments industry.

As such, we are committed to providing a comprehensive and competitive benefits package designed to support our employee's well-being, foster personal and professional growth, and enhance their overall quality of life. Our employee benefits program is tailored to meet the diverse needs of our workforce, recognizing that each individual plays a vital role in driving our company forward.

From retirement planning to professional development and work-life balance initiatives, Ecentric is dedicated to empowering our employees to thrive both inside and outside the workplace. We understand that happy, healthy employees are the key to a thriving organization, and our benefits program reflects our ongoing commitment to supporting our most valuable asset – our people.

Competitive salary structure including:
Pension fund;
Disability Benefit;
Dread disease;
Funeral Cover.
Hybrid and flexible working arrangements are offered, with some exceptions.
Conveniently located in the "Great Westerford Building" on the Corner of Dean Street and Main Road with access to:
Dean Street Arcade and Newlands Quarters with a variety of Restaurants and Coffee Shops.

#J-18808-Ljbffr