Deputy Director: IT Risk | Government Pensions Administration Agency
| Job Title | Deputy Director: IT Risk | Government Pensions Administration Agency | Pretoria |
| Company | DPSA |
| Job Reference | DD-IT/RISK/2026/06-1P |
| Category | Government |
| Location | Pretoria, ZA |
| Employment Type | Full Time |
| Date Posted | 2026-06-25T16:51 |
| Closing Date | 2026-07-03T18:50 |
| Status | Open for Applications |
| Salary | ZAR 720000 - 932292 per year |
Deputy Director: IT Risk | Government Pensions Administration Agency | Pretoria - Job Description
Introduction
The Government Pensions Administration Agency is seeking a specialist IT Risk professional to lead their enterprise ICT risk management function in Pretoria. If you have a strong background in IT governance, risk frameworks and ICT security, this Deputy Director post offers an excellent platform to apply your expertise in one of South Africa's most important public financial institutions.
About the Company
As Deputy Director: IT Risk, you will provide specialist expertise across the full ICT risk management lifecycle — from identifying and assessing risks to implementing mitigation strategies, monitoring ICT security compliance and reporting to key stakeholders. You will work closely with the ICT Chief Directorate, external and internal auditors, and service providers such as SITA to ensure that the GPAA's technology environment is secure, resilient and properly governed.
This is a technically demanding but also strategically important role. You will not just be identifying risks — you will be shaping how the GPAA manages them through training programmes, risk frameworks, compliance monitoring and continuous improvement of ICT controls. It requires someone who is equally comfortable analysing technical ICT systems and presenting findings to executive management and governance committees
Responsibilities
• Provide risk management services to the ICT Chief Directorate
• Provide risk training to GPAA staff and implement risk awareness programmes
• Monitor ICT security and standards with all stakeholders including SITA and service providers
• Monitor disaster prevention, recovery processes and backups
• Conduct regular ICT security system audits and monitor patch management
• Assess reliability of existing ICT controls against required standards
• Develop and implement risk mitigation strategies and action plans
• Liaise with external and internal auditors
• Manage centralised risk management software
• Monitor ICT compliance with risk control measures, SLAs and key risk indicators
• Report on risk action plans monthly including for Modernisation programmes
• Manage all resources of the unit including performance, development and budget
Required Qualifications
• A relevant three-year National Diploma or Degree or equivalent qualification (at least 360 credits)
• Six years of appropriate proven experience in a finance or risk environment
• Three of those six years must be in management or middle management
• Computer literacy with good knowledge of Microsoft Office products
• Knowledge of: Risk Management Frameworks (COSO, ISO31000, ISO22301), IT Management and Governance Frameworks (COBIT, PRINCE2), King Code on Corporate Governance, Risk Management Software, Public Service Regulations, PFMA, Treasury Regulations
• Skills: Analytical, business ethics, written and verbal communication, presentation, planning and organising, project management, problem-solving, report writing
• Personal attributes: Assertive, initiative-taking, approachable, innovative, meticulous, integrity and honesty, ethical, resilient
How to Apply
• COBIT and ISO31000 knowledge is specifically listed — if you are certified or trained in these frameworks, make this prominent in your profile.
• ICT security experience is a core part of this role. Detail any specific security monitoring, audit or incident response work you have done in previous positions.
• Experience with risk management software such as Barn Owl or similar platforms will be an advantage and should be mentioned specifically.
• Your management experience needs to clearly demonstrate that you have led teams and managed risk programmed, not just participated in them.
• Shortlisted candidates may undergo psychometric assessment in addition to the standard practical exercise and integrity assessment. Prepare across all dimensions of the role