Johann Pretorius

JOHANN PRETORIUS Pretoria, 0081, South Africa | - |- PROFESSIONAL SUMMARY Information Security leader with 19+ years of progressive IT experience and 7+ years in dedicated cybersecurity governance, compliance, and offensive security. Currently serving as Head of Compliance and Information Security Officer, owning the full Information Security Management System (ISMS) and achieving 100% regulatory compliance across ISO 27001 audits for four consecutive years. Proven ability to build and lead cross-functional security and DevOps teams, implement enterprise risk management frameworks, and integrate security automation into cloud and hybrid environments. Combines deep hands-on technical expertise — from penetration testing to Azure architecture — with strategic governance and executive-level risk reporting. CORE COMPETENCIES Security & Compliance Technical & Cloud Leadership & Governance ISO 27001 ISMS Ownership Azure (VMs, VNets, AD, SQL, DevOps) Cross-Functional Team Leadership HIPAA & SOC Compliance AWS Infrastructure ISMS Steering Committee Chair Risk Management Frameworks CI/CD Pipeline Security Enterprise Risk Reporting Penetration Testing (Manual & Auto) Linux / Windows Server Admin Security Awareness Programmes Vulnerability Assessment VMware / Hyper-V Virtualisation Stakeholder Communication Incident Response & Management GitLab, Docker, Kubernetes Policy Development Security Automation in DevOps Microsoft 365 / Exchange / SharePoint Audit Leadership Network & Web App Security Scripting (Python, PowerShell, Bash) Vendor & Third-Party Risk Mgmt Data Privacy & Protection Pfsense, SonicWALL, Cisco Training & Mentorship Certification Issuing Body Year CISSP (In Progress) ISC2 2026 CPENT — Certified Penetration Testing Professional EC-Council 2023 ECSA — EC-Council Certified Security Analyst EC-Council 2019 CEH — Certified Ethical Hacker EC-Council 2016 Microsoft Specialist: Implementing Microsoft Azure Microsoft 2015 HIRA (Hazard Identification & Risk Assessment) IRCA 2014 Legal Liability IRCA 2014 CCNA — Cisco Certified Network Associate Cisco / TorqueIT 2012 ITIL V3 Foundations Pink Elephant 2011 CERTIFICATIONS MCP, MCSA, MCSE, MCTS Microsoft / TorqueIT 2008 Accredited Platform Specialist HP 2008 IT Certificate: PC Support Engineering Damelin 2004 PROFESSIONAL EXPERIENCE Head of Compliance & Information Security Officer Vertice Software Solutions (formerly PQF Group Services) | January 2018 – Present  Own, maintain, and communicate the full Information Security Management System (ISMS), encompassing policies, standards, processes, and controls to achieve and sustain ISO 27001 certification.  Chair the cross-functional ISMS Steering Committee, serving as the primary point of contact for all information security matters and liaison with external regulatory authorities.   Achieved 100% compliance in regulatory audits ISO 27001 for four consecutive years.  Lead the Security Incident Management Team, overseeing investigation, documentation, root cause analysis, and resolution of all security incidents.  Oversee vulnerability management programmes and conduct both automated and manual penetration testing across the organisation's attack surface.   Supervise cloud and on-premises security implementations across Azure, Linux, and hybrid environments.  Integrated security automation into DevOps workflows, reducing deployment risk and accelerating release timelines while maintaining compliance.  Developed and sustained organisation-wide security awareness and training programmes, measurably improving staff compliance behaviour.   Streamlined audit processes, improving efficiency and reducing preparation time across audit cycles. Established and direct enterprise-wide risk management frameworks integrating ISMS, DevOps, and security architecture functions. Direct a combined Cyber Security and DevOps team managing Azure environments, server migrations, CI/CD pipelines, Microsoft 365, domain management, and desktop support. Present enterprise risk metrics and programme effectiveness reports to senior leadership and steering committees. Technology stack: Azure (Web Apps, VNets, VMs, Azure SQL, Azure AD, Azure DevOps), AWS, GitLab, VMware, Hyper-V, Microsoft 365, Linux, Docker, Kubernetes, Pfsense, Saltstack, Python, PowerShell, Bash. Security Analyst & DevOps Engineer Qode Healthcare and Group Companies (Became Vertice Software Solutions) | January 2018 – September 2018  Implemented security best practices and standards across Azure cloud and on-premises environments for a healthcare technology company.  Conducted automated and manual penetration testing, delivering detailed vulnerability reports and remediation guidance to stakeholders.  Served as the sole DevOps professional, managing the full Azure environment including Web Apps, VNets, Gateways, VMs, Azure SQL, Azure AD, CI/CD pipelines, and certificate management.    Migrated server infrastructure from AWS to Azure, improving security posture and reducing operational costs. Led comprehensive security audits ensuring compliance with healthcare industry standards including HIPAA. Collaborated cross-functionally to build security awareness across development and operations teams. Technology stack: Azure (full suite), AWS, GitLab, CI/CD (Azure DevOps), Linux, Windows Server-, Office 365, Pfsense, Docker, VMware, Hyper-V, Kubernetes (limited). Network & Infrastructure Architect Neo Africa (outsourced to Broadband Infraco) | June 2016 – December 2017  Mapped existing infrastructure, developed disaster recovery plans, and established security frameworks and governance for a government telecommunications parastatal.  Revamped legacy Active Directory, DNS, DHCP, and file server environments, significantly strengthening security posture.  Planned and implemented server infrastructure and Microsoft licensing strategies for current and future organisational needs.      Deployed Office 365, Skype for Business, and SharePoint Online, improving organisational collaboration. Configured SCCM for software deployment, endpoint protection, reporting, and virtual machine management. Achieved a 20% reduction in operational costs through efficient infrastructure design. Developed comprehensive disaster recovery plans ensuring 99.9% uptime during critical events. Trained permanent staff for ongoing system management post-contract completion. Technology stack: Windows Server-, Exchange 2010, Office 365, Sophos Proxy, SCCM, Active Directory, DNS, DHCP, SharePoint Online, virtualised hosts. Client Services Consultant NetsurIT | February 2015 – May 2016   Delivered on-site and remote IT support across multiple client sites, managing SLAs and optimising service delivery.  Developed proficiency across Server-, Exchange 2007–Office 365, Microsoft Azure infrastructure, Cisco technologies, and hardware support.  Created client support documentation, process frameworks, and facilitated knowledge transfer to support teams. Conducted a take-on audit in the United States for a new international client (August–September 2015), enabling streamlined onboarding and documentation. Site Manager — Sasol Rosebank (Workspace Division) EOH | July 2013 – December 2014  Supervised a team of 22 Field Service Engineers including refresh engineers, lab engineers, area FSEs, and call coordinators.  Achieved an average of 6 calls resolved per engineer per day through workflow optimisation and performance management.  Conducted KPI-based performance evaluations, managed HR protocols, and established Standard Operating Procedures (SOPs) and knowledge base documentation.  Led projects to successful completion on time and within budget constraints. Back Office FCR Team Leader EOH (Sasol) | June 2013 – December 2014   Led a team of 16 engineers and 2 call coordinators handling 150 daily service calls, consistently exceeding SLA targets.   Developed strategies that drastically reduced response times and improved overall service quality. Cultivated a new operational culture following the T-Systems transition, focusing on customer communication best practices and team collaboration. Monitored KPIs to drive team performance and accountability. Site Specialist TSSMS (Sasol Synfuels) | June 2010 – June 2013  Managed Active Directory operations including domain joins, OU management, security permissions, and administrative rights.   Provided remote troubleshooting and software deployment support. Created standard operating procedures and conducted site assessments identifying operational improvement areas. Back Office Support Team Leader (Temporary) TSSMS (Sasol Synfuels) | March 2010 – June 2010  Assumed team leadership when TSSMS secured the Sasol Synfuels support contract, ensuring uninterrupted service delivery.   Set performance targets, managed team attendance, and led initiatives to reduce call volumes. Led a high-performing remote team that consistently exceeded service targets. Back Office Support — Second in Command BCX (outsourced to Sasol Synfuels) | January 2007 – March 2010   Served as second-in-command within the Back Office team, providing leadership, training, and technical guidance.   Streamlined operations resulting in a 30% increase in back office task efficiency. Developed comprehensive Way of Work documentation for training and onboarding. Delivered remote user support including software installation, security permission management, mailbox setup, and domain operations. Customer Support Area Technician BCX (outsourced to Sasol Synfuels) | January 2007 – June 2007  Provided field support including device configuration, VPN/3G setup with IRAS tokens, Outlook configuration, and SCCM client installation.   Delivered exceptional customer support, enhancing satisfaction levels by 30%. Resolved technical issues rapidly, reducing user downtime by 25%. EDUCATION Qualification Institution Year IT Certificate: PC Support Engineering Damelin 2004 LANGUAGES English — Professional proficiency