Information Security Officer

Dots Africa is one of South Africa's leading background screening firms, dedicated to ensuring that businesses hire with confidence. With cutting edge technology and rigorous processes, we offer our clients unparalleled insights into potential hires. Our mission is to foster trust, security, and transparency in professional relationships, ensuring a safer business environment for all.

You'll become an integral member of our expanding Technology team, working alongside other tech professionals. Our team thrives on collaboration, innovation, and mutual respect. We bring enthusiasm to solving problems and pride ourselves on delivering exceptional client experiences in a supportive and dynamic setting.

This is a hands on role requiring sound judgment, strong ownership, and the ability to operate calmly across technical, administrative, and user facing responsibilities.

• Competitive Compensation: Market leading salary, aligned to experience.
• Benefits Package: Generous paid time off, and a wellness program to help you strike the right work life balance.
• Growth Opportunities: Commitment to professional development, regular performance reviews, and opportunities to grow within the company.
• Dynamic Work Environment: State of the art workspace, regular team building activities, and an atmosphere that promotes creativity and innovation.

We are looking for an Information Security Officer to take ownership of our security posture and help shape how security operates across the organisation.

This role suits someone who enjoys building and improving systems rather than simply maintaining them. You will define security strategy, manage risk and compliance obligations, and work directly with engineering and operations to ensure security controls are practical and effective.

You will start as an individual contributor but will have the opportunity to grow the security function as the company scales. You will have real ownership of security across the organisation, working closely with engineering, IT, and leadership to continuously improve how we protect systems and data.

This role requires someone who can balance governance with practical implementation. Policies and frameworks matter, but they must translate into real security improvements across systems and processes. We want someone who is curious, proactive, and willing to get involved wherever security touches the business.

You document what you do, follow process, and leave systems better than you found them.

• Develop and maintain the organisation's information security strategy and roadmap
• Identify and prioritise security risks and ensure appropriate mitigation plans exist
• Provide security guidance to leadership and influence key technology and business decisions
• Establish a culture where security is practical, understood, and embedded into daily work

• Own the organisation's security governance framework
• Develop, review and maintain security policies, standards and procedures
• Conduct risk assessments and maintain the security risk register
• Support compliance with relevant security and data protection frameworks and regulations
• Coordinate internal and external security audits when required
• Ensure appropriate protection of personally identifiable information (PII) and other sensitive data processed by the organisation.

• Work with engineering and infrastructure teams to ensure secure design and implementation
• Evaluate and implement security controls appropriate for our environment
• Monitor and improve the organisation's security posture across systems and processes
• Assist with threat modelling and security reviews for new systems and features
• Own and continuously improve the organisation's SIEM and security monitoring capability, including alerting, detection logic, and incident visibility.
• Work with engineering teams to embed secure development practices into the software development lifecycle, including code security, dependency management and security testing.

• Lead the response to security incidents
• Investigate potential security events and coordinate remediation
• Improve incident detection and response processes over time

• Promote practical security awareness across the company
• Help teams understand how security fits into their work, rather than treating it as a separate process

• Establish processes and tools needed to operate a mature security function
• Contribute to vendor security reviews and third party risk assessments
• As the company grows, help shape and potentially build the security team

We are looking for someone who:

• Takes initiative and does not wait for problems to be assigned
• Enjoys solving problems and learning new things quickly
• Values practical security outcomes over theoretical perfection
• Is comfortable working across technical and business domains
• Communicates openly, collaborates with teams, and remains engaged in the day to day security posture of the organisation.
• Is comfortable working in an environment where security must be practical, pragmatic, and integrated into engineering and operations
• Wants to build something meaningful rather than just maintain a checklist

You may already be an Information Security Officer, or a senior security professional ready to step into the role.

Experience that will be valuable:

• Experience implementing or managing security frameworks such as ISO/IEC 27001, SOC 2, or NIST Cybersecurity Framework
• Experience working in regulated environments handling sensitive personal information will be advantageous.
• Security risk management and threat modelling
• Incident response and security monitoring
• Security policy development and governance
• Working closely with engineering or DevOps teams
• Strong understanding of cloud security principles and architectures
• Hands on experience with identity and access management (IAM) and modern identity platforms such as Keycloak
• Experience securing cloud environments such as Microsoft Azure
• Familiarity with identity and device management platforms such as Microsoft Intune, Microsoft Purview

A relevant qualification in Information Security, Cybersecurity, Computer Science, or a related field is beneficial.

Professional security certifications are highly valued for this role. Examples include:

• CISSP
• CISM
• ISO 27001 Lead Implementer or ISO 27001 Lead Auditor
• CCSP
• Azure Security Engineer Associate

Equivalent certifications or demonstrable experience may also be considered.

We value people who are curious, practical, and willing to continuously learn. If you enjoy solving problems, improving systems, and making security work in the real world, we would like to hear from you.