DEPUTY DIRECTOR: IT RISK REF NO: DD-IT/RISK/2026/06-1P Enterprise-Wide Risk Permanent The purpose of the role is: to provide specialist expertise in the identification, assessment and management of ICT related risks across GPAA.

A relevant three-year National Diploma/Degree or equivalent three-year qualification (at least 360 credits) with six (6) years appropriate proven experience in the Finance environment with three (3) years in management or middle management experience. Computer literacy which includes a good working knowledge of Microsoft Office products. Knowledge of Risk Management Frameworks (COSO, ISO31000 and ISO22301). Knowledge of IT Management & Governance Frameworks (COBIT, PRINCE 2). Knowledge of IT Management and Governance Frameworks (COBIT, PRINCE2). Knowledge of King Code on Corporate Governance. Knowledge of Risk Management Software. Knowledge of Public Service Regulations & other Government prescripts. Knowledge of Public Finance Management Act and Treasury Regulations. Knowledge of Risk Management and Corporate Governance. Analytical skills. Business Ethics. Communication skills both written and verbal. Presentation skills. Planning and organizing skills. Project management skills. Problem-solving skills. Report writing skills. Assertive. Initiative taking analytical mindset. Approachable and innovative. Meticulous. Integrity and honesty. Ability to work under pressure. Ethical behaviour. Independence and initiative-taking. Resilience.

The successful candidate will be responsible for: Provide risk management services to the ICT Chief Directorate. Provide risk training to the GPAA staff. Monitor compliance regarding risk-related matters. Co-facilitate risk awareness programmes with stakeholders. Implement risk awareness programme for the ICT Chief Directorate. Manage centralised risk management software. Provide advice regarding risk-related matters and emerging risks. Develop and implement risk action plans for business units to manage risks effectively. Liaise with external and internal auditors. Develop risk mitigation strategies to manage risk exposure. Provide support for the ICT Risk Champions. Monitor and evaluate the management and functioning of ICT operations. Monitor ICT security and standards with all stakeholders (SITA, Service Providers, etc.). Advice on ICT security requirements specifications. Monitor the maintenance of security breach records. Monitor ICT security compliance in all areas. Monitor disaster prevention and recovery processes and backup. Monitor compliance with all ICT procedures, standards, and policies on procurement of ICT equipment. Assess the reliability of existing ICT controls against the required standards. Monitor the ICT systems and controls to identify potential risks. Evaluate identified ICT risks and escalate where required. Communicate with all stakeholders on a regular basis regarding identified risks. Conduct regular ICT security systems audits. Keep abreast of changes in relevant guidelines and other legislation, to make recommendations regarding governance documents may need to be amended. Ensure maintenance of the risk management software, upgrades, engagement with the service provider and/or ICT stakeholders. Manage the implementation of risk methodologies, policies, processes, and framework within the ICT Chief Directorate. Monitor the implementation of the risk management plan and align with the GPAA’s overall outcomes. Monitor the effectiveness of risk mitigation strategies on an ongoing basis and make recommendations to review and amend where required. Ensure that ICT risks are identified and assessed. Facilitate and monitor the implementation of the risk awareness and training plan. Comply with legislation and adjust strategies, plans and procedures accordingly. Identify gaps in policies and procedures and establish mechanisms to alleviate these. Report back to key internal stakeholders at regular intervals to ensure that strategy is fit for purpose. Exercise delegated countersigning authority on the loss control form. Monitor ICT compliance with risk control measures. Monitor patch management of systems, anti-virus and applications. Monitor the upgrading of IT security anti-virus software. Monitor system logs for breaches of security and initiates remedial actions. Monitor the adherence of security standards by all stakeholders. Attend to ICT related committees and provide the required reports to the relevant structure/s. Track and monitor the ICT risk action plans, compliance with the SLAs and key risk and performance indicators. Oversee the training in the use of risk management tools and techniques. Manage the central risk programme. Provide risk assurance on business process. Provide guidelines for ICT to ensure that the Chief Directorate’s strategy incorporates risk management principles. Proactively monitor and manage identified risks to minimise risk exposure. Ensure the undertaking of ICT risk assessments to determine the GPAA’s risk exposure. Report on risk action plans monthly including for Modernisation. Report on key risk indicators and/or performance indicators as required.

Mapule Mahlangu Tel No: (012) 399 2639 or Shandukani Tshiuda Tel No: (012) 319 1102 [email protected]

To apply visit: https://erecruitment.gpaa.gov.za/

All shortlisted candidates, including the SMS, shall undertake two pre- entry assessments. One will be a practical exercise to determine a candidate’s suitability based on the post’s technical and generic requirements and the other must be an integrity (ethical conduct) assessment. It should be noted that the GPAA does not support the use of Artificial Intelligence (AI) in any of its recruitment and selection processes and will disqualify an application if it picks up the use of AI when completing assessments without acknowledging the source of information. Successful completion of the Nyukela Public Service SMS Pre-entry Programme as endorsed by the National School of Government, available as an online course on https://www.thensg.gov.za/training-course/sms-pre-entry-programme/, prior to finalisation of appointment, is a requirement for all SMS positions. For SMS positions, certain candidates may be required to undergo additional Psychometric Assessments. Applicants must note that pre-employment checks and references will be conducted once they are short-listed and the appointment is also subject to a positive outcome on these checks, which include, but not limited to: security clearance, security vetting, qualification/study verification, citizenship verification, financial/asset record check, previous employment verification and criminal record. Applicants will be required to meet vetting requirements as prescribed by Minimum Information Security Standards in line with the new DPSA Directive effective 01 April 2024. By submitting your application, it also means you consent to the GPAA processing your information for Human Resources Management purposes. It is the applicant’s responsibility to have all their foreign qualifications (this includes O and A level certificates) evaluated by the South African Qualifications Authority (SAQA), at your own expense. Upon appointment, successful candidates will be required to sign a Performance Agreement within 3 months from date of appointment and for candidates whose appointment exceeds 12 calendar months will be appointed on probation for the period of twelve (12) calendar months excluding leave taken as prescribed by Public Service Regulation 68. The status of your application will be visible on the e-Recruitment system. However, if you have not received feedback from the GPAA within 6 months of the closing date, please regard your application as unsuccessful. The candidate must take note: It is the GPAA’s intention to promote equity (race, gender and disability) through the filling of this post(s) with a candidate whose transfer/promotion / appointment will promote representativeness in line with the numerical targets as contained in GPAA’s Employment Equity Plan. Note: The GPAA reserves the right not to fill the below-mentioned posts, withdraw or to put on-hold a position and/or to re-advertise a post. The GPAA is compliant with the requirements of POPIA.

PSV Circular 21 of 2026, Post 21/82