Cloud Security & Compliance Engineer

Shape the Future of Service Excellence with Ten! 

Driving Innovation. Building Trust. Redefining Service Excellence.  

Ten is on a mission to become the most trusted service business in the world. We service the most valuable customers of the world’s leading private banks, premium financial services and luxury brands globally including HSBC, Bank of America, and Swisscard. Corporate clients use Ten’s services to acquire, engage and retain affluent, high net worth customers or valued employees. The service drives critical customer metrics, including revenue growth, net promoter score, and supports digital transformation initiatives.   

Millions of individuals worldwide have access to Ten's services across lifestyle, travel, dining and entertainment. They rely on Ten to unlock seamless, curated experiences that enrich their lives.  

We’re profitable, ambitious, and scaling fast. As the first B Corp listed on the London Stock Exchange, we’re setting the standard for sustainable growth and technology, AI driven innovation.  

For more information, check out our Welcome to Ten video!  

We are seeking a Cloud Security & Compliance Engineer with strong governance, risk, and compliance (GRC) expertise to support the design, implementation, and management of secure cloud infrastructure. This role ensures compliance with regulatory requirements, especially PCI DSS and SOC 2, while enhancing the resilience and security of our cloud environments.

Key Responsibilities:

Cloud Security Engineering & Operations:

• Monitor and respond to threats: Continuously monitor cloud infrastructures for security alerts and vulnerabilities, conduct risk assessments on vulnerabilities, and ensure that all cloud security alerts are managed.
• Vulnerability Management: Conduct vulnerability assessments, manage vulnerability scanning technologies, facilitate and / or conduct frequent penetration testing activities, ensure timely remediation of all vulnerabilities according to SLA, and ensure all impacted parties are kept current on remediation activities and timelines.
• Security Controls & Tooling: Implement and maintain all cloud security tooling, including but not limited to IAM, network security controls, , data encryption, secrets management, WAFs, FIM, cloud security posture management, SIEM, and IDS/IPS, ensuring that these security tools meet or exceed compliance and internal security control requirements at all times.
• Automation & Monitoring: Develop security automation scripts using Infrastructure as Code (Terraform, CloudFormation), maintain inventories of assets and security protocols, and maintain real-time security monitoring and ensuring that alerting is in place and functioning for all cloud systems.
• Security Architecture & Design: Collaborate with engineering and operations teams to build and maintain secure cloud architectures (AWS essential; Azure considered).
• Incident Management: Coordinate and manage cloud security incidents, ensure incident playbooks are in place and maintained for cloud applications and infrastructure, coordinate forensic investigations, ensure cloud recovery objectives are in place and tested regularly, and facilitate cloud security incident response activities.

GRC & Compliance:

• Security Testing & Simulations: Conduct frequent security incident response tests and social engineering simulations.
• Security Compliance: Support and manage PCI DSS and SOC 2 Type 2 compliance initiatives; act as the primary liaison with auditors, assessors, and internal stakeholders for all cloud applications and infrastructure.
• Security Governance: Develop, maintain, enforce and regularly test the effectiveness of security controls, update and align information security policies and procedures, ensuring alignment to PCI DSS, SOC 2, NIST, and ISO 27001 standards.
• Risk Management: Conduct cloud risk assessments, maintain the cloud security risk register, drive mitigation strategies, reporting cloud risks to the appropriate risk bodies.
• Secure Software Development: Participate in and ensure that the cloud Secure SDLC aligns to Ten Group’s compliance obligations, internal policies , and ensure SAST and DAST alerts are responded to as required, ensure staff are trained and knowledgeable on secure coding techniques (OWASP), ensure vulnerability assessment and penetration tests are performed as required, and ensure that applications are regularly tested for security flaws.
• 3rd Party Risk Management: Oversee and perform security assessments on suppliers and ensure that cloud due diligence requests from external parties are responded to timeously.
• Training and Awareness: Contribute to cloud security awareness training for technical teams.
• Security Posture Reporting: Prepare security and compliance reports for auditors and senior management.
• Access Reviews: Facilitate cloud firewall reviews and perform regular access reviews for users of all cloud infrastructure and applications.
• Security Posture Monitoring: Ensure cloud infrastructure and applications maintain an acceptable security posture and always remain compliant with client security agreements and local and international laws and regulations.

Requirements:
Essential requirements

• Bachelor's degree in computer science, Information Security, or equivalent experience.
• 5+ years of experience in information security, including experience in cloud security engineering roles.
• Proven experience supporting PCI DSS and/or SOC 2 audits.
• Hands-on experience with AWS and proficient with cloud tools: AWS Security Hub, Azure Security Center, Rapid 7, Forcepoint.
• Skilled in networking (TCP/IP, VPNs, firewalls, DNS, load balancing) and scripting (Python, PowerShell, Bash).
• Experienced in Infrastructure as Code (Terraform, CloudFormation) and container security (Docker, Kubernetes).
• Proficient in SIEM tools (Splunk, Elastic Stack, Azure Sentinel), log analysis, and cloud security assessments.
• Deep understanding of cloud security principles, best practices, and architecture patterns.
• Demonstrated success in developing and maintaining compliance programs.
• Strong communicator with the ability to explain complex security issues to diverse audiences.
• Self-motivated and effective in both independent and collaborative settings

Preferred requirements:

• Certifications: AWS Security Specialty, Azure Security Engineer, or GCP Security Engineer. CISSP, CISM, and CEH

Guidelines for Hybrid/Home Office :

• Located in Cape Town

• Please note that you will be asked to enter into a hybrid working arrangement - at least 2x a week in the office.

• A secure home office at your confirmed address, free from background noise or other distractions.

• You must meet our minimum internet speeds if you want to work in our hybrid model and this will be checked during the recruitment process and again when you join. We also have a great office that you can work from as an alternative.

Benefits:
Our people are at the heart of the business and we have a culture of recognition and reward - both through regular appraisals but also annual Extra Mile Awards where we celebrate those who have gone that extra mile in their role. We also encourage all our staff to incorporate their aspirations and interests into their career at Ten and we are there every step of the way in supporting development.

Rewards designed around you:

• A competitive salary depending on experience.

• Hybrid working. You can combine working from home and working from the office.
• Paid time away from work. Our employees enjoy a competitive paid time off package, including a paid day each year to volunteer time for a good cause that is important to them.
• Paid Sabbaticals. One (1) month paid Sabbatical after every 5 years of Service, without tapping into annual leave.
• Extra Rewards. Lucrative Ten Loyalty Rewards program which includes a bonus and gift to say thank you for being part of Ten.
• Remote Working Holidays - possibilities to Travel and Work anywhere in the world!
• Employee Discounts. Access to lots of great travel and entertainment discounts as our clients’ members would!
• Be part of our global, dynamic, and inclusive Team, with diversity at its core.
• Genuine career opportunities within a dynamic and international company.

Commitment to Diversity

We encourage diverse philosophies, cultures, and experiences. We appreciate diversity and are dedicated to creating an inclusive work environment for our employees. This idea unites the teams at TEN. All aspects of our relationship, including the decision to hire, promote, discipline, or terminate, will be based on merit, competence, performance and business needs.