Senior Information Security Engineer (South Africa)

About MCO (MyComplianceOffice)

MCO is a global leader dedicated to empowering Financial Services firms to manage compliance programs with ease and efficiency. Our mission is to foster a fair, transparent, and trusted financial environment worldwide by helping organizations meet their regulatory obligations to society.

At the heart of MCO’s offering is our unique, unified platform, which seamlessly integrates compliance monitoring and data into a single, comprehensive view. This holistic approach enables firms to maintain compliance across all internal systems, structures, and processes—ensuring peace of mind in an ever-evolving regulatory landscape.

Headquartered in Dublin, MCO has an international footprint, with offices in London, Singapore, Hyderabad, New York, Chicago, Fort Worth, Switzerland, South Africa, Slovenia, and the UAE. Since our founding in 2008, we have evolved from a specialist provider of “best of breed” employee compliance solutions to a pioneer in integrated compliance technology.

In recent years, MCO has rapidly expanded its product suite by tripling investment in internal development and acquiring four innovative companies: Pythagoras, Fairwords, Schwab Compliance Technologies and Governor Software. These strategic moves have strengthened our capabilities in regulatory governance, third‑party management, and communications compliance.

Today, our team of over 400 professionals supports more than 1.5 million users in 128 countries. Our diverse customer base includes small businesses, large enterprises, four of the world’s top ten asset managers, twenty of the top seventy‑five global banks, and three of the top five investment banks for global M&A transactions.

Driven by ambition and innovation, MCO is excited to lead the industry forward with our comprehensive suite of integrated compliance solutions—helping clients scale new heights with confidence.

Role Overview

The Senior Information Security Engineer plays a critical role in securing MyComplianceOffice’s global cloud, network, and endpoint environments. This role will be South Africa based; reporting to the Information Security Manager, with global responsibilities, ensuring alignment with ISO 27001:2022, SOC 2 Type 2, and internal security governance.

Responsibilities

Application Security Testing & Analysis

• Conduct vulnerability scans of the MCO customer-facing environments using internal scanning tools.
• Review and analyze monthly external vulnerability scans created by third-party vendor.
• Analyze scan results, identify root causes, and collaborate with engineering teams to implement effective remediations within established timelines.
• Work with engineering and architecture teams to integrate security testing (Sonarqube) into DevOps workflows.

SIEM/SOAR

• Support all aspects of MCO’s Security Information and Event Management (SIEM) deployment.
• Configure and tune SIEM rules to ensure proper alerting of events in support of the Senior Information Security Analyst.
• Work with the Information Security Manager on continuous improvement of SIEM monitoring capabilities.
• In conjunction with the IT team implement and monitor Microsoft Intune policies to ensure the security of MCO owned endpoints.
• Regular monitoring, in conjunction with the Senior Information Security Analyst, of Sophos Central.
• Ensure continuous improvement of endpoint security by providing feedback to management.
• Provide ongoing troubleshooting and support to develop solutions.

Compliance & Governance

• Maintain continuous ISO 27001:2022 and SOC 2 Type 2 security control alignment under the direction of the Information Security Manager.
• Support ISO 27001 and SOC2 audits through the preparation of artifacts and interviews with the external audit team.
• Report progress and system health through metrics and KPIs; develop and maintain metrics, dashboards, and reports for security KPIs.
• Develop and maintain security design reference architectures and reusable patterns.

Secondary Responsibilities

Network Security (Palo Alto Firewalls)

• Backup Administrator for Palo Alto firewalls, Panorama, and GlobalProtect.
• Maintain segmentation, threat‑prevention, URL filtering, and zero‑trust controls.
• Analyse threat logs, tune rule sets, and support network architecture reviews.

Incident Response

• Participate in threat investigation, containment, eradication, and recovery.
• Perform forensic analysis and assist in incident documentation.

Other

• Backup for Information Security Manager when they are on leave or otherwise unavailable.
• Assist with due diligence activities for customers as needed.
• Participation in the annual risk assessment and ad hoc risk reviews as needed.

Experiences and Skills

• 10+ years of Information Security engineering experience.
• SIEM/SOAR management experience.
• Vulnerability management (conduct, review, remediate, retest).
• Experience with cloud providers (Oracle, AWS, M365) and in securing cloud workloads.
• Scripting skills (PowerShell, Python, Bash) to automate security tasks.
• Experience with ISO 27001:2022 Certification, and SOC2 Attestations.
• Firewall management experience (Palo Alto preferred).
• Strong verbal and written English language communication skills.
• Comfortable speaking to non-technical individuals about MCO’s security program.
• Must work well under minimal supervision.

Nice to Have

• Experience in a regulated industry.
• Experience with Administration of CyberArk Privileged Cloud PAM.
• Familiarity with privacy frameworks such GDPR, CCPA.
• Experience monitoring containerized workloads (Kubernetes, Docker, Etc.).
• Experience with MDM (Microsoft Intune) policy creation and management.
• Experience with Rapid7 IDR and/or Exabeam SIEM.
• Certifications: CISSP, CISM.