Job Title: Security Risk & Compliance Administrator
Category: Permanent Position
Division: Corporate Services
Reporting: To Senior Manager ICTG
Job Level: Paterson D1
Job Purpose Statement
To ensure the integrity, confidentiality, availability and accessibility of information and systems by authorised users based on appropriated standards and that operational, legal, regulatory and security risks use Information Technology are mitigated in a cost-effective manner in accordance to business requirements and system architecture.
Key Performance Areas
Information Security Governance
- Conduct on-going research into international best-practice with regards to information security and keep abreast of latest security legislation, regulations and alerts
- Identify, assess and define information security risks and develop an on-going information risk assessment program targeting information security matters.
- Manage and communicate development, maintenance, and implementation of DTPC’s Information Security management practice.
- Develop and maintain a Security Management Information System containing information relating to Information Security Management.
- Develop, maintain and enforce information security and supporting policies, procedures, management standards and plans that cover the use and misuse of all IT systems and services.
- Set and maintain information security policies and management standards for all ICT equipment and ensure that it is built into the equipment / systems / networks in order to enforce compliance. This includes:
- Administrative – information risk analysis and management and document management and controls
- Personnel security – access of personnel to sensitive information only where they have appropriate authority and clearance.
- Physical safeguards – assignment of security responsibilities, control access to media and against unauthorised access to workstations and related equipment
- Technical Security – setting of access / passwords and authorization controls.
- Transmission security – setting of standards for access controls, audit trials, event reporting, encryption and integrity controls.
- Convey security-related policies and procedures at DTPC utilizing a variety of communication methods, e.g., Web content, presentations, articles in IT periodicals, product and services demonstrations, e-mail, posters, videos, etc.
- Recommend methods for vulnerability detection and remediation.
- Develop and administer security concepts relevant to the Disaster Recovery Plan and Service Continuation Plan
- Proactively improve security controls, security risk management and the reduction of security risks
- Integrate security aspects within all IT Security Management processes.
- Enforce information security across all sectors of the ICT Operations and associated user domains.
- Institute pre-emptive and reconstructive services in terms of information breaches and issues related to non-conformance to information security.
- Coordinate the development and delivery of awareness and training programme on information security matters for employees, other authorized users.
Management of ICT Security Environment
- Design, implement and maintain.
- Firewall Systems architecture.
- Anti-Virus Systems architecture
- Intrusion Detection Systems architecture
- Encryption Software architecture
- Patch Management architecture.
- Web Content Filtering architecture
- Email Content Filtering architecture.
- Remote Access Architecture (SSL VPN)
- Provide recommendations on new Security products/services.
- Monitor all areas relating to ICT security for policy transgressions and or intrusion attempts.
Information Security Compliance
- Serve as DTPC compliance officer with respect to information security policy.
- Regularly review system activity logs to proactively uncover potential threats to DTPC data and systems, and to ensure that operational and administrative controls are functioning appropriately.
- Review and authorize access requests beyond standard user access, e.g., highly privileged system access, access by external contractors, access requiring tokens, certificates and other forms of enhanced authentication, and “special cases”, i.e., requests or non-standard access privileges.
- Manage operational and incident trends and observations with regard to the evolution and dynamic management of DTPC's security services and capabilities.
- Maintain appropriate security controls, measures and mechanisms for both the physical and logical access control to guard against unauthorised access to information.
- Develop monitoring tools and monitor all usage of digital equipment to ensure compliance to DTPC Policies as well as E-Legal laws.
- Conduct structured periodic audits into information security practices within the operational domains of ICT.
- Conduct on-going monitoring of information security drivers and initiate disaster recovery measures if and when required.
- Identify, advance and recommend risks associated with access to services, information and systems.
- Manage compliance with regards relevant legislation such Protection of Information Act (POPI) No. 04 of 2013; as amended.
- Develop and implement and incidence reporting and response system to address security incidents / breaches and respond to policy violations.
- Evaluate and recommend new information security technologies and countermeasures against threats to information or privacy.
- Manage ICT security application portfolio for utilisation and contract compliance
Communications Management
- Communicate agreed service levels for services defined in the Selling Catalogue.
- Keeps the Senior Manager ICTG informed on the status of high severity incidents.
Qualifications, Knowledge, Skills and Behavioural Competencies Required
- Diploma or equivalent in Information Technology or similar.
- Information Security Manager Certification will be beneficial - ISACA.
- ISO2700 Certification will be beneficial.
- Project Management certification will be beneficial.
- 5 - 7 years of experience within IT security.
- Code EB Driver’s License.
- Knowledge of corporate governance principles.
- Knowledge of risk management concepts, frameworks, and methodology.
- Knowledge of applying models, tools, and methods.
- Knowledge integrating solutions.
- Knowledge of designing modular architecture.
- Knowledge of understanding digital technologies.
- Knowledge of applying Lean startup, Agile and DevOps methods.
- Knowledge ICT governance, COBiT standards, ISO standards and Enterprise Architecture.
- Knowledge of Maintaining Security and Risk management.
- Knowledge of providing technical support.
- High level of computer proficiency (MS Office)
- Judgement and decision making, Industry awareness, Systematic thinking, analysis and problem solving, Organisational commitment, Integrity, Reliability, Stress tolerance, Flexibility, Directing others, Written and oral communication, negotiation, Networking, Developing relationships, Organising, planning and prioritising, Customer, quality and results focused, Technical and professional knowledge / skills.
Closing Date
11 July 2025
Employment Equity
Preference will be given to Black candidates and/or candidates with disabilities, as per DTPC’s Employment Equity Plan.
Recruitment and Selection Process
The process will consist of the following steps:
- Shortlisting of CVs based on minimum requirements of the role.
- 1st Round Panel Interview.
- Psychometric Assessment/s.
- Verification Checks; and
- 2nd Round Panel Interview, if required.
Verification Checks
The following verification checks will be conducted:
- Criminal;
- Credit (position of trust), if relevant to position;
- Qualifications;
- Reference Checks;
- South African citizen;
- Valid driver’s license; and
- Positive verification of current remuneration package.
Remuneration and Benefits
- R652,900 to R979,400 Total Cost to Company.
- Cellphone allowance of R1,189 per month.
- Non-guaranteed performance bonus.
- 22 Working days leave per annum.
Application Forwarding Details
To apply, register on the KZN Provincial online e-Recruitment system at www.kznonline.gov.za/kznjobs and upload your CV.
Alternatively, submit your application and CV to HR@dubetradeport.co.za with the job you are applying for in the subject.
Applicants must use either the online e-recruitment system or email their application and CV directly to the provided email address.
Only shortlisted candidates will be contacted. If you don't hear back from us within 2 months after the closing date, it means that your application was not successful.