Information Security Officer at PayFast

About the team

• Our Information Security team is tasked with enabling business growth safely by continually reducing our attack surface,
• generating situational awareness for senior management of the risk we face and developing a standardised and compliant information security policy
• framework that outlines and explains how we protect our customers and our organisation.
• This is a fantastic opportunity to join a energetic team, with a passion for Information Security within the Fintech and payment card industry, as part of a wider team of teams across the group. 

About you

• You’d love working with us if you’re a fun, sharp and self-motivated person who has a passion for people and can keep tabs on multiple moving parts in your job. Someone who has outstanding interpersonal and communication skills and is passionate about finding the cream of the crop.

You’ll fit in perfectly with our culture if you:

• Get energised by a fast-paced environment
• Cherish a good work-life balance
• Are adaptable and don’t mind a bit of chaos now and again
• Regard collaboration as an essential part of getting the job done
• Pride yourself as being a self-starter who doesn’t lack motivation
• Don’t need to be micromanaged
• Take feedback well and use it for self-improvement
• Welcome change and new ideas
• Value the importance of diversity
• Take ownership, team player, able to empathize with people. (Both internal and external)
• Are customer focused and should be able to work under pressure(s) and should have an easy-going attitude with ability to
• Are self-motivated and ability to manage the workloads.
• Are able to support investigations, audit requirements internally and take ownership of the issue until closure.
• Have and take the initiative to manage the daily tasks without any supervision

What you'll be doing

• Assist with overall responsibility and ownership of the Information Security function to provide necessary support and guidance to DPO and NI group.
• Bring an engineering approach to Information security, compliance, governance, and technical implementation.
• Continuously develop and improve the security posture and framework to meet industry best practice, regulation, and frameworks.
• Accountable for reporting and communication to relevant stakeholders about the level of compliance to the ISMS framework.
• Co-ordinate all information security-related audits such as PCI DSS, ISO 27001 and ISAE 3402/SOC2 in terms of Service Organization Controls.
• Consult, and support the data privacy requirements for the Group relating to the POPIA, PAIA and GDPR regulation.
• Assist to Implement ongoing compliance of Information Security standards in coordination with various departments that are impacted.
• Own PCI/DSS assurance processes, procedures and tasks across the group
• Plan and collate key metrics that will provide a realistic view of the compliance state of the IT environment to all stakeholders.
• Assist to co-ordinate the Information Security compliance program to ensure that staff are trained with regards to their security and data privacy obligations

What you'll need

• Minimum Bachelor’s Degree or higher from a recognized university
• Following Information Security and Compliance certifications: CISSP, SSCP and CISM
• Very Good command of English language (Listening, Speaking, Reading, and Writing) or equivalent to Upper Intermediate level.
• Minimum 6+ years’ experience in Information Security / Compliance / Payment Processing Domains.
• 3+ years’ experience in PCI-DSS, ISO 27001 compliance
• Experience in managing end-to-end PCI-DSS program.
• Experience in ISMS of an organization
• Preferred to be certified in CISM, CISSP and SSCP or equivalent Security certifications.
• Knowledge of Payments Processing and financial applications/systems
• Knowledge in Audit, Compliance, and Information Security.