IT · Circular 23 of 2026
Deputy Director: IT Risk
Government Pensions Administration Agency (GPAA)
Overview
Deputy Director overseeing IT risk management, security processes, and standards implementation at GPAA.
Requirements
- A relevant 3-year National Diploma/Degree in Risk Management/Information Technology or equivalent qualification (at least 360 credits).
- Minimum six (6) years appropriate experience in ICT risk/ relevant environment with 3 years in management or middle management experience.
- Computer literacy which includes a good working knowledge of Microsoft Office products.
- Knowledge of Risk Management Frameworks (COSO, ISO31000 and ISO22301).
- Knowledge of IT Management & Governance Frameworks (COBIT, PRINCE 2).
- Knowledge of IT Management and Governance Frameworks (COBIT, PRINCE2).
- Knowledge of Corporate Governance (King IV).
- Knowledge of Barnowl system.
- Knowledge of Public Service Regulations & other Government prescripts.
- Knowledge of Prescribed Regulations, Policies, PFMA, TR.
- Analytical and problem-solving skills.
- Business Ethics.
- Communication skills both written and verbal.
- Presentation skills.
- Planning and organizing skills.
- Problem solving skills. Assertive.
- Approachable and innovative.
- Team player.
Duties
- The successful candidate will be responsible for: Manage the optimal information communication technology security processes.
- Implement IT Security and standards in alliance with all stakeholders (SITA, Service Providers etc.) Develop IT security requirements specifications.
- Monitor the maintenance of security breach records.
- Monitor IT security compliance in all areas.
- Manage disaster prevention and recovery processes and backup.
- Implement all IT procedures, standards and policies on procurement of IT equipment.
- Monitor and evaluate the management and functioning of IT operations.
- Assess the reliability of existing IT controls against the required standards.
- Monitor the IT systems and controls in order to identify potential risks.
- Evaluate identified IT risks and escalate the awareness.
- Communicate with all stakeholders on a regular basis with regard to identified risks.
- Provide awareness sessions to all staff.
- Conduct regular IT security systems audit.
- Develop, maintain and communicate the GPAA IT risk management strategy to maximise awareness and compliance.
- Develop and implement IT risk management strategy that meets organisational objectives and aligns with GPAA’s overall strategy.
- Measure the effectiveness of risk preventative strategies on an ongoing basis and make recommendations to review and amend the strategy appropriately.
- Report back to key internal stakeholders at regular intervals to ensure that strategy is fit for purpose.
- Conduct risk awareness sessions relating to IT.
- Monitor system security and information ownership.
- Monitor patch management of systems, anti-virus and applications.
- Ensure the upgrading of IT security anti-virus software.
- Monitor system logs for breaches of security and initiates remedial actions.
- Monitor the adherence of security standards by all stakeholders.
How to apply
To apply visit: https://erecruitment.gpaa.gov.za/
Enquiries: Mapule Mahlangu Tel No: (012) 399 2639 Enquiries.erecruitment@gpaa.gov.za
Notes
Effective from 19 June 2026, the GPAA now utilises an e-Recruitment System which means all applicants must login/register to apply for positions, we only accept e-Recruitment online applications. The applicant’s profile on the e Recruitment is equivalent to the newly approved Z83, and it is the responsibility of applicants to ensure their profiles are fully completed or their applications will not be considered, as per the DPSA Practice Note. Certain documentation will still be required to be uploaded on the system such as copies of all qualifications including National Senior Certificate/Matric certificate, ID, etc., however these documents need not be certified at point of application, however certification will be required prior to attending the interview. The candidate must agree to the following: Shortlisted candidates must avail themselves for a virtual or in-person panel interview at a date and time determined by the GPAA. Please note: All shortlisted candidates, including the SMS, shall undertake two pre-entry assessments. One will be a practical exercise to determine a candidate’s suitability based on the post’s technical and generic requirements and the other must be an integrity (ethical conduct) assessment. It should be noted that the GPAA does not support the use of Artificial Intelligence (AI) in any of its recruitment and selection processes and will disqualify an application if it picks up the use of AI when completing assessments without acknowledging the source of information. Successful completion of the Nyukela Public Service SMS Pre-entry Programme as endorsed by the National School of Government, available as an online course on https://www.thensg.gov.za/training-course/sms-pre-entry-programme/, prior to finalisation of appointment, is a requirement for all SMS positions. All shortlisted candidates for SMS posts will be subjected to a technical exercise and interview. Following the technical exercise and interview, a maximum of three (3) SMS candidates will undergo psychometric assessments to assess cognitive capabilities, behavioural preferences, emotional intelligence, and integrity. Applicants must note that pre-employment checks and references will be conducted once they are short-listed and the appointment is also subject to a positive outcome on these checks, which include but not limited to: security clearance, security vetting, qualification/study verification, citizenship verification, financial/asset record check, previous employment verification and criminal record. Applicants will be required to meet vetting requirements as prescribed by Minimum Information Security Standards in line with the new DPSA Directive effective 01 April 2024. By submitting your application, it also means you consent to the GPAA processing your information for Human Resources Management purposes. It is the applicant’s responsibility to have all their foreign qualifications (this includes O and A level certificates) evaluated by the South African Qualifications Authority (SAQA), at your own expense. Upon appointment, successful candidates will be required to sign a Performance Agreement within 3 months from date of appointment and for candidates whose appointment exceeds 12 calendar months will be appointed on probation for the period of twelve (12) calendar months excluding leave taken as prescribed by Public Service Regulation 68. The status of your application will be visible on the e-Recruitment system. However, if you have not received feedback from the GPAA within 6 months of the closing date, please regard your application as unsuccessful. The candidate must take note: It is the GPAA’s intention to promote equity (race, gender and disability) through the filling of this post(s) with a candidate whose transfer / promotion / appointment will promote representativeness in line with the numerical targets as contained in GPAA’s Employment Equity Plan. Note: The GPAA reserves the right not to fill the below-mentioned posts, withdraw or to put on-hold a position and/or to re-advertise a post. MANAGEMENT ECHELON
Post 23/81, sourced from the DPSA Circular 23 of 2026. Apply directly to Government Pensions Administration Agency (GPAA) by 17 July 2026 at 12:00 pm (Midday) No late applications will be considered, quoting reference DD/IT-RISK//2026/07-1P. This is an unofficial index; the advert in the circular is authoritative.
- Location
- Pretoria
- Salary
- R932 292 p/a · Level 11
- Closing date
- 17 July 2026 at 12:00 pm (Midday) No late applications will be considered
- Reference
- DD/IT-RISK//2026/07-1P
Apply directly to the department, by the closing date, quoting the reference.