Senior Security Consultant

Description:

Role Purpose

The Senior Security Consultant will provide strategic and technical leadership in assessing, strengthening, and transforming the organisation’s ICT security posture. The role focuses on governance, risk, and security-by-design to ensure alignment with recognised national and international security standards.

Key Responsibilities

• Lead the review of the current ICT security landscape, including policies, controls, architecture, and risk exposure, against standards such as ISO 27001 and the NIST Cybersecurity Framework.
• Identify and assess security gaps, vulnerabilities, and compliance risks across infrastructure, applications, and operational environments.
• Provide expert advisory services on ICT security governance, ensuring alignment with POPIA, ISO 27001, NIST, and DPSA ICT Security Guidelines.
• Define security principles, roles, and control frameworks to be embedded within the Target Operating Model, promoting a security-by-design approach across people, processes, and technology.
• Recommend prioritised remediation initiatives and contribute to the ICT transformation roadmap to enhance security maturity and organisational resilience.

• Engage with senior stakeholders to provide strategic guidance, risk insights, and decision support on ICT security matters.

Required Skills and Experience

• Extensive experience in ICT security, cyber risk management, or information security consulting.
• Strong knowledge of ISO 27001, NIST Cybersecurity Framework, and relevant regulatory requirements (e.g. POPIA).
• Proven ability to assess enterprise ICT environments and develop practical, standards-aligned security recommendations.
• Experience operating at a senior advisory or consulting level, including engagement with executive and governance structures.

Qualifications (Preferred)

• Degree in Information Security, Computer Science, Information Systems, or a related field.
• Relevant certifications such as CISSP, CISM, CISA, or ISO 27001 Lead Implementer/Lead Auditor.

Additional Beneficial Experience

• Evaluate emerging technologies (e.g. AI, SDN, blockchain) and recommend innovation opportunities, including high-level use cases and proof-of-value options, to enhance security, agility, and efficiency.
• Provide strategic advice on relevant technology trends to support secure, resilient, and future-ready electoral systems.

Requirements:

• Lead the review of the current ICT security landscape, including policies, controls, architecture, and risk exposure, against standards such as ISO 27001 and the NIST Cybersecurity Framework.
• Identify and assess security gaps, vulnerabilities, and compliance risks across infrastructure, applications, and operational environments.
• Provide expert advisory services on ICT security governance, ensuring alignment with POPIA, ISO 27001, NIST, and DPSA ICT Security Guidelines.
• Define security principles, roles, and control frameworks to be embedded within the Target Operating Model, promoting a security-by-design approach across people, processes, and technology.
• Recommend prioritised remediation initiatives and contribute to the ICT transformation roadmap to enhance security maturity and organisational resilience.

• Engage with senior stakeholders to provide strategic guidance, risk insights, and decision support on ICT security matters.

• Extensive experience in ICT security, cyber risk management, or information security consulting.
• Strong knowledge of ISO 27001, NIST Cybersecurity Framework, and relevant regulatory requirements (e.g. POPIA).
• Proven ability to assess enterprise ICT environments and develop practical, standards-aligned security recommendations.
• Experience operating at a senior advisory or consulting level, including engagement with executive and governance structures.

• Degree in Information Security, Computer Science, Information Systems, or a related field.
• Relevant certifications such as CISSP, CISM, CISA, or ISO 27001 Lead Implementer/Lead Auditor.

• Evaluate emerging technologies (e.g. AI, SDN, blockchain) and recommend innovation opportunities, including high-level use cases and proof-of-value options, to enhance security, agility, and efficiency.
• Provide strategic advice on relevant technology trends to support secure, resilient, and future-ready electoral systems.