Information Security Officer, Midrand

About the Company: Dots Africa is one of South Africa's leading background screening firms, dedicated to ensuring that businesses hire with confidence. With cutting‑edge technology and rigorous processes, we offer our clients unparalleled insights into potential hires. Our mission is to foster trust, security, and transparency in professional relationships, ensuring a safer business environment for all.

Who You'll Be Joining? You’ll become an integral member of our expanding Technology team, working alongside other tech professionals. Our team thrives on collaboration, innovation, and mutual respect. We bring enthusiasm to solving problems and pride ourselves on delivering exceptional client experiences in a supportive and dynamic setting.

This is a hands‑on role requiring sound judgment, strong ownership, and the ability to operate calmly across technical, administrative, and user‑facing responsibilities.

What Do We Offer?

Competitive Compensation: Market‑leading salary, aligned to experience.

Benefits Package: Generous paid time off, and a wellness program to help you strike the right work‑life balance.

Growth Opportunities: Commitment to professional development, regular performance reviews, and opportunities to grow within the company.

Dynamic Work Environment: State‑of‑the‑art workspace, regular team‑building activities, and an atmosphere that promotes creativity and innovation.

About You (Candidate) We are looking for an Information Security Officer to take ownership of our security posture and help shape how security operates across the organisation.

This role suits someone who enjoys building and improving systems rather than simply maintaining them. You will define security strategy, manage risk and compliance obligations, and work directly with engineering and operations to ensure security controls are practical and effective.

You will start as an individual contributor but will have the opportunity to grow the security function as the company scales. You will have real ownership of security across the organisation, working closely with engineering, IT, and leadership to continuously improve how we protect systems and data.

This role requires someone who can balance governance with practical implementation. Policies and frameworks matter, but they must translate into real security improvements across systems and processes. We want someone who is curious, proactive, and willing to get involved wherever security touches the business.

You document what you do, follow process, and leave systems better than you found them.

What You'll Be Responsible For: Security Strategy&Leadership

Develop and maintain the organisation’s information security strategy and roadmap

Identify and prioritise security risks and ensure appropriate mitigation plans exist

Provide security guidance to leadership and influence key technology and business decisions

Establish a culture where security is practical, understood, and embedded into daily work

Governance, Risk&Compliance

Own the organisation’s security governance framework

Develop, review and maintain security policies, standards and procedures

Conduct risk assessments and maintain the security risk register

Support compliance with relevant security and data protection frameworks and regulations

Coordinate internal and external security audits when required

Ensure appropriate protection of personally identifiable information (PII) and other sensitive data processed by the organisation.

Security Architecture&Controls

Work with engineering and infrastructure teams to ensure secure design and implementation

Evaluate and implement security controls appropriate for our environment

Monitor and improve the organisation’s security posture across systems and processes

Assist with threat modelling and security reviews for new systems and features

Own and continuously improve the organisation’s SIEM and security monitoring capability, including alerting, detection logic, and incident visibility.

Work with engineering teams to embed secure development practices into the software development lifecycle, including code security, dependency management and security testing.

Incident Management

Lead the response to security incidents

Investigate potential security events and coordinate remediation

Improve incident detection and response processes over time

Security Awareness

Promote practical security awareness across the company

Help teams understand how security fits into their work, rather than treating it as a separate process

Security Function Development

Establish processes and tools needed to operate a mature security function

Contribute to vendor security reviews and third‑party risk assessments

As the company grows, help shape and potentially build the security team

What Are We Looking For? We are looking for someone who:

Takes initiative and does not wait for problems to be assigned

Enjoys solving problems and learning new things quickly

Values practical security outcomes over theoretical perfection

Is comfortable working across technical and business domains

Communicates openly, collaborates with teams, and remains engaged in the day‑to‑day security posture of the organisation.

Is comfortable working in an environment where security must be practical, pragmatic, and integrated into engineering and operations

Wants to build something meaningful rather than just maintain a checklist

Experience&Skills You may already be an Information Security Officer, or a senior security professional ready to step into the role.

Experience that will be valuable:

Experience implementing or managing security frameworks such as ISO/IEC 27001, SOC 2, or NIST Cybersecurity Framework

Experience working in regulated environments handling sensitive personal information will be advantageous.

Security risk management and threat modelling

Incident response and security monitoring

Security policy development and governance

Working closely with engineering or DevOps teams

Strong understanding of cloud security principles and architectures

Hands‑on experience with identity and access management (IAM) and modern identity platforms such as Keycloak

Experience securing cloud environments such as Microsoft Azure

Familiarity with identity and device management platforms such as Microsoft Intune, Microsoft Purview

Qualifications&Professional Certifications A relevant qualification in Information Security, Cybersecurity, Computer Science, or a related field is beneficial.

Professional security certifications are highly valued for this role. Examples include:

CISSP

CISM

ISO 27001 Lead Implementer or ISO 27001 Lead Auditor

CCSP

Azure Security Engineer Associate

Equivalent certifications or demonstrable experience may also be considered.

We value people who are curious, practical, and willing to continuously learn. If you enjoy solving problems, improving systems, and making security work in the real world, we would like to hear from you.

#J-18808-Ljbffr