Role Overview

We are seeking an experienced Cyber Security Consultant to support our client in an advisory role across governance, risk, compliance, privacy, and security operations.

This role is ON-SITE, full time in Somerset West.

This role is suited to a consultant who can bridge the gap between technical cybersecurity issues and business decision-making, helping clients strengthen their security posture, meet regulatory obligations, and build practical, risk-based security programmes.

The successful candidate will manage activities such as cyber maturity, cyber security awareness, ISMS programmes, internal audits, risk management, incident response coordination, compliance guidance, security reporting and strategic security planning.

This is primarily a consulting and advisory role rather than a hands-on engineering or implementation role. The consultant will work closely with the IT Executive head, internal Infrastructure, Barefoot Consulting team and SOC teams to guide best practice, requirements, and remediation priorities.

​

Key Responsibilities

• Act as a cyber security lead (This should change to a supportive role rather than an authoritative role), providing strategic guidance across governance, risk, compliance, and “owning” the security programme.

• Translate technical security issues, risks, and incidents into clear business language for leadership, management, and client stakeholders.

• Lead or support cyber risk assessments, gap assessments, internal audits, and remediation planning against recognised frameworks and standards.

• Maintain and improve security governance documentation, including policies, procedures, risk registers, and compliance-related records.

• Support with ISO 27001, privacy, and broader regulatory compliance activities, including audit preparation and ongoing control improvement.

• Coordinate incident response activities from a consulting perspective, guiding communication, escalation, stakeholder alignment, and post-incident review.

• Prepare and present reports, dashboards, and cyber maturity assessments with clear, actionable recommendations.

• Work closely with internal teams to guide security best practice and help drive successful project outcomes.

• Manage the risk lifecycle including registers, identification, triage suggestions.

​

Skills & Experience

Mandatory Experience

• 2+ years of experience in cybersecurity, information security, GRC, compliance, or related advisory roles, or

• Experience supporting ISMS implementation, risk management, internal audits, or compliance programmes.

• Experience producing professional reports, presenting to stakeholders, and translating technical issues into business impact.

• Ability to interpret security findings and express them clearly in business terms.

• Sound judgement and a practical, risk-based approach to problem-solving.

• Foundational understanding of cloud security, infrastructure, endpoint security, Microsoft 365 security concepts, and managed security services.

• Ability to work independently while also collaborating effectively with internal teams.

​

Desirable Experience

• Experience in managed security services/ engagements, or compliance-driven roles.

• Familiarity with GRC platforms, awareness platforms, Microsoft 365 security and compliance features, and key security concepts.

• Exposure to regulated environments and external certification or assurance audits.

• Experience supporting phishing awareness, policy uplift, and security culture initiatives.

 

Personal Attributes

• Professional and credible with senior stakeholders.

• Commercially aware and able to align security to business outcomes.

• Confident facilitator and communicator.

• Detail-oriented while able to see the broader strategic picture.

• Self-motivated, curious, and committed to continuous learning.

• Calm and structured under pressure, especially during incidents or high-priority engagements.

• Strong written and verbal communication skills.

• Excellent stakeholder management and client engagement capability.

• Strong organisational skills with the ability to manage multiple client priorities.

​​

Qualifications

• Relevant industry certifications in security, governance, privacy, or risk management

• Diploma or Degree in Information Security, Computer Science, Information Systems, Risk, Compliance, or a related field experience

​​

Desirable

• CISSP, CISM or working towards a similar certification

• ISO 27001 Lead Implementer

• Privacy or compliance-related certifications

• Project management certification

​

Contract Details

Location: Somerset West, South Africa

Employment Type: Full-time/Contract

​

Applications

Send your CV and cover letter to recruitment@barefootcyber.com

​

​