Information Security Manager - Cape Town
Ready to take ownership of cybersecurity at a leading rewards and incentives innovator? At Tillo, we're not just building a business; we're cultivating a secure and trusted environment for our global clients. If you're passionate about information security, thrive on challenges, and want to make a real impact, this is your opportunity. 🚀
We are looking for an experienced Information Security Manager to champion our Information Security Management System (ISMS), ensure we exceed the requirements of ISO 27001:2022, and proactively manage risk across our rapidly growing business. This is a critical role where you'll be the driving force behind maintaining and improving our security posture.
Your Mission:
As our Information Security Manager, you will:
Be the ISMS Guardian: Own the ISMS, including documentation and our rigorous audit program.
Orchestrate Audits: Coordinate both internal and external audits, ensuring seamless execution.
Master of Risk: Oversee the company-wide risk register, providing guidance and support to internal teams.
Policy Advocate: Support teams on policy compliance and drive a culture of security awareness.
What You'll Be Doing:
ISMS Ownership & Audit Readiness:
Maintain and evolve the ISMS documentation and controls in line with ISO 27001:2022.
Coordinate and lead internal audits (quarterly for TZ) and external certification audits.
Write up audit findings and risk reports for SLT and the Board.
Monitor ISMS KPIs and compliance metrics.
Risk Management:
Own the company-wide risk register and associated documentation (excluding the risk framework itself).
Support teams in identifying, assessing, and documenting risks.
Track and ensure timely implementation of Risk Treatment Plans.
Monitor and report on key risk metrics.
Incident & Corrective Action Management:
Maintain the incident log, ensuring proper documentation, root cause analysis and closure.
Drive corrective actions and improvements from internal/external audits and incidents.
Security Policy & Training:
Maintain and develop ISO 27001-compliant security policies (non-Engineering).
Coordinate business-wide security awareness training (e.g., KnowBe4).
Champion InfoSec awareness and lead monthly security meetings.
Client & Vendor Security Assurance:
Complete InfoSec and risk sections of client due diligence questionnaires.
Support the development of a Trust Centre to streamline security responses.
What You'll Bring to the Table:
3+ years of experience in an Information Security or Risk Management role, with a proven track record in ISO 27001 implementation and audits.
A deep understanding of risk frameworks, internal controls, and compliance management.
Hands-on experience with audit coordination and meticulous ISMS documentation.
Exceptional communication skills, with the ability to translate complex technical and regulatory jargon into clear, business-friendly advice.
Working knowledge of privacy, AML, and business continuity requirements.
Familiarity with InfoSec tooling (e.g., Drata, Vanta, KnowBe4).
Exceptional communication, reporting and organisational skills.
Life at Tillo:
This role is based in our vibrant Cape Town office. You’ll be part of our global team, collaborating with colleagues and serving customers across the UK, USA, Australia, South Africa, and beyond. We offer a hybrid approach, providing the flexibility to work from home with regular team connection in our Cape Town hub. 🏢
At Tillo, we believe in empowering our team with flexibility and autonomy. We’re a close-knit, collaborative group who thrive on innovation. We understand the importance of work/life balance and offer a supportive and collaborative working environment with the following benefits:
21 days holiday per annum
Retirement Fund (5%)
Health insurance contribution
Employee Incentive Scheme
Hybrid Working
Top spec equipment including laptop, mouse, keyboard, monitor
Anniversary gifts
Monthly breakfasts, drinks, snacks and events
Team Learning & Development budget
About Tillo:
The Tillo Difference: We're in the business of rewards and incentives, so we know a thing or two about the importance of giving back. We can't grow as a business without growing as individuals, so we are committed to providing a workplace where passionate, driven individuals can thrive. We value collaboration, trust, positivity, and a willingness to learn - only by working as a team will we reach our goals. 🌎
Tillo makes gift cards, rewards, and incentives simple, efficient, and profitable. Operating in over 37 markets and 25 currencies, Tillo processes billions in gift card transactions through a single, plug-and-go API, powering rewards and incentives for the world’s leading businesses.
Backed by Tenzing, Tillo is setting the global standard for digital gift card infrastructure.
Diversity, Equity, and Inclusion Statement:
We are committed to fostering a diverse and inclusive workplace where everyone feels valued and respected. We welcome applications from individuals of all backgrounds, regardless of age, disability, gender identity, marital status, race, ethnicity, religion or belief, sex, or sexual orientation.
If you require any reasonable adjustments during the recruitment process, please let us know, and we will be happy to accommodate your needs.