South Africa

Apply Now and Redefine Digital Payments with Us!

Why EFT Corporation

EFT Corporation is Africa’s leading PCI-compliant payment solutions provider, offering secure, end-to-end services for retail and financial institutions. With over 23 years of experience, we specialise in transaction switching, ATM and POS acquiring, card issuing, internet and mobile banking, and hosting solutions.

We serve over 90 clients across 18 African countries, partnering with several global industry leaders. Headquartered in the UK, EFT Corp has 295 staff members in regional offices across Mauritius, Ghana, Kenya, South Africa, Zambia, Zimbabwe, Botswana, and India, with expansion plans into Rwanda and Tanzania. We aim to redefine digital payments, empowering financial institutions and making a meaningful impact across emerging markets.

Why You'll Love Working Here:

Purpose-Driven Culture: Make an impact in transforming lives through secure and innovative payment solutions.
Global Collaboration: Work alongside diverse, talented teams from across the globe.
Continuous Growth: Expand your skills with mentorship, knowledge sharing, and cutting-edge technologies.
Inclusive Environment: We value and celebrate diversity, fostering a workplace where everyone thrives.

Your Role

As an Information Security Officer, your job purpose is to be held accountable in respect to assisting the Senior Security and Infrastructure Engineer and the Senior DevOps Engineers in the following:
- Assisting in maintaining the safety and security of the organisation’s systems and network database to prevent unauthorized access and avoid data breaches.
- Maintaining the organisation’s systems and networks.
- Assisting in overseeing the entire software development process, from planning and development to deployment and maintenance.
- This role requires expertise in both software development and operations, as well as an understanding of the DevOps methodology.
- This includes CI/CD, Infrastructure management (AWS), Automation, Monitoring, logging and metrics, Collaboration and Security.
- The role also requires a significant focus on PCI compliance and support and collaboration with the Security and Infrastructure team is required.
You will be responsible for owning the Futurex HSM and Thales HSM device management which includes:
- Yearly Key management/replacement ceremonies.
- PCI compliance as it relates to the HSM.
Assisting with new security compliance:
- ISO27001.
- PCI+PIN.

What You’ll Do

Maintain Operational Systems, Networks and Security:

Facilitate annual PCI audits.
Linux Operating systems are security patched in a timely manner. If patching will affect customers, arrange with operations support, and follow the correct change control process.
Maintain Elastic SIEM.
Respond to and investigate SIEM alerts.
Respond to operational system alerts and/or operational queries across the entire technology stack (Production and QA system issues, infrastructure issues, Databaseissues, Network issues, Security and Firewall issues and any 3rd party or customer integration issues) as they occur.
Manage / Deploy system tooling that may be beneficial to the business.
Research, POC and deploy new open source or when applicable closed source tooling that is beneficial to the business systems or processes. This can be in supporting Applications, Monitoring, Logging, SIEM, AI/machine Learning, Fraud Detection, Operational Support applications, Authentication systems, BI / Data Analytics, networks, Security or compliance.
Create ad hoc Python scripts / Applications to perform various repetitive tasks.
Ensure that AWS environments and services are architectured and configured in a secure and redundant manner including all security services from AWS.
Maintain AWS services including but not limited to: VPC, EC2, ECS, ECS Fargate, ECR, Guard Duty, Cloudwatch, Cloudtrail, Security groups, VPC Routing, Site to Site VPNs, Application Load balancers / network load balancers, Web application firewalls,etc.
Architect, support and maintain connectivity between 3rd parties, Banking partners, integrators and on prem datacentres.
Ensure best practice security measures are implemented.
Ensure best practices regarding system isolation and scope reduction.
Provide support to field engineers on HSMs and key management.
Maintain internal HSMs and key management procedures.
Provide support to the product and SLDC teams – this includes consulting on design, finding compliant solutions for customer issues, and filling out cyber risk assessments for customers or tenders.

Regulatory Compliance:

Maintain/Improve (PC14) PCI.
Stretch: ISO 27001.
GDPR.

Policies:

Ensure Security, Infrastructure & Procedures (with supporting team) are comprehensive and kept up to date.Security Tooling:
Ensure SSO, Intrusion detection, SIEM, Antivirus, Patch Management and PGP are implanted as per the polices.
Stimulation / adoption of user-driven security culture (give security a brand within the org and educate).

Automation:

To increase efficiency and reduce errors for both security and infrastructure management.

Cost Efficiency:

To reduce costs (optimize) without sacrificing performance and security.

Perform Security Activities & Reporting:

Ensure that weekly vulnerability scans results are tracked, and vulnerabilities are remediated within set severity timeframes weekly.
Review all daily and weekly BAU PCI Items for signoff monthly.
Ensure weekly Internal and External Scans were completed.
Perform data analysis reporting monthly.
Maintain a strong security posture within the card holder environment.
Work with 3rd party to ensure PCI Certification Audit is completed and passed on time.
Review Security Commitment to third parties.

What We’re Looking For

Qualification & Experience:

Bachelor’s degree in Computer Science or related field.
3 years’ relevant experience.
Experience within the payment / banking sector.
Experience working with PCI Audits / Security in DevOps, Linux, Mysql, Cloud (AWS).
Network experience (particularly cloud based / virtual).

Skills & Knowledge Required:

PCI Audits / Security / Processes.
Linux, Mysql, and Cloud (AWS).
Experience with automation tools like CloudFormation, Ansible, Puppet, Chef, etc.
CI/CD tooling eg. Bitbucket pipelines, Jenkins, etc.
Scripting languages: Bash, Python, etc.
Cloud knowledge, specifically AWS.
Containerisation: Docker, Kubernetes, AWS ECS, etc.
Logging Frameworks: ELK stack, cloudwatch, etc.
Cloud-based virtual networking eg VPC, subnets, ALB, NLB, WAF, Peering, Transit Gateways, VPN gateways, etc.
SIEM experience – Elastic, Splunk, etc.
Monitoring and Alerting Framework: Zabbix, Nagios, etc.

Personal Attributes:

Ability to learn new technologies at pace.
Problem solving.
Ability to work within a high stress & flux environment.
Ability to foster & cultivate relationships with internal & external stakeholders.
Ability to work autonomously as well as part of a team.
Assertiveness – communicating feelings and beliefs; being non-offensive.
Detail & deadline oriented.
Analytical & critical thinking.

Our Values

Purposeful Impact: Every action drives meaningful change.
Client-Centric Excellence: We succeed when our clients do.
Integrity: Doing the right thing, always.
Teamwork: Together, we achieve the extraordinary.

Why Now?

Be part of a pioneering force in digital payments, leading transformative projects across continents. At EFT Corporation, you’re not just joining a company—you’re joining a movement.

Ready to redefine the future of payments with us?

Apply now and let’s create the extraordinary together!

EFT Corporation is an Equal Opportunity Employer. Diversity drives our success, and we welcome passionate individuals from all walks of life to join our team.

EFT Corporation does not accept unsolicited resumes from search firms/recruiters. EFT Corporation will not pay any fees to search firms/recruiters if a search firm/recruiter submits a candidate unless an agreement has been entered into concerning the specific open position(s). Search firms/recruiters offering resumes to EFT Corporation on an unsolicited basis shall be deemed to accept this condition, regardless of any other provision to the contrary.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Products

Payment Processing

eCommerce

EFT Innovation

Hosted Services

Switching

Value adding services

Card & POS

Subsidiaries

eSwitch

Botswitch

EFTPay

Information Security Officer