Information Security & Compliance Officer

Are you passionate about cybersecurity, threat detection, and protecting critical business systems? Join our IT team as an Information Security & Compliance Officer in Plattekloof and take ownership of safeguarding Herotel’s digital environment across our national footprint.

The key purpose of this role is to drive the operational delivery of our information security programme, ensuring strong cyber defence, regulatory compliance, and risk management while actively monitoring, detecting, and responding to security threats in real time.

• Monitor systems, networks, and security dashboards for suspicious activity, anomalies, and emerging threats
• Investigate, triage, and respond to security incidents and escalations in real time, including root cause analysis and documentation
• Maintain and manage endpoint protection platforms, SIEM systems, and broader security tooling
• Develop, implement, and maintain incident response plans to ensure effective handling of security events
• Lead real-time incident management to minimise business impact and ensure service continuity
• Conduct regular vulnerability scans and security assessments across infrastructure and applications
• Support and execute annual penetration testing activities and track remediation actions
• Collaborate with IT and infrastructure teams to remediate vulnerabilities and strengthen system security
• Review, harden, and continuously improve server, network, and cloud security configurations
• Support security architecture improvements across on-premise and cloud environments (Azure, AWS, GCP)
• Maintain and enforce POPIA compliance policies, procedures, and governance frameworks
• Manage POPIA-related requests, incidents, data subject access requests, and breach notifications
• Support the Information Officer in meeting POPIA statutory obligations and regulatory engagements
• Conduct data protection impact assessments for new systems, vendors, and integrations
• Maintain security risk registers, incident logs, and vulnerability tracking documentation
  
  Monitor access and authentication logs for suspicious or unauthorised activity
• Ensure ongoing alignment with IT governance and security best practices

• 5–7 years’ hands‑on experience in cybersecurity, information security, or IT security engineering roles
• Strong experience in security monitoring, incident response, and vulnerability management
• Proven experience working with SIEM systems, SOC tooling, and endpoint protection platforms
• Solid understanding of IT governance, risk management, and compliance frameworks
• Practical experience with POPIA compliance and data protection requirements
• Exposure to cloud environments such as Azure, AWS, or GCP and associated security controls
• Strong understanding of networking fundamentals (TCP/IP, DNS, DHCP) and Windows environments
• Experience with Entra  / Azure AD and identity and access management principles
• Familiarity with threat frameworks such as MITRE ATT&CK
• Knowledge of firewall management, security architecture, and defensive security principles
• Scripting ability (BASH or Python) advantageous
• ISP or telecoms environment experience advantageous
• Strong analytical and problem‑solving skills with attention to detail
• Ability to manage multiple priorities in a fast‑paced, high‑availability environment
• Strong communication skills and ability to engage across technical and non-technical teams
• Relevant degree or diploma in IT, Computer Science, Cybersecurity, or related field
• Certifications advantageous (e.g. CISM, CISSP, CEH, CompTIA Security+, ISO 27001 Lead Implementer/Auditor)

• Exposure to a dynamic workplace
• A chance to grow your skills through our internal academy
• A friendly, team‑driven environment
• Group Risk Benefits
• Medical Benefits
• Health and Lifestyle Programme(s)

• Please ensure that the information you provide in your application is true, accurate, and correct.
• Preference will be given to candidates from Designated Groups, as defined by the Employment Equity Act and in line with Herotel’s Employment Equity Plan.
• By submitting an application, you consent to the processing of your personal information in accordance with POPIA for recruitment purposes. For more details on how we handle personal information, please refer to our Privacy Policy on our website.
• If you do not hear from us within 14 days, please consider your application unsuccessful.