Senor Officer: Identity & Access Management

The Road Accident Fund’s mission is to provide appropriate cover to all road users within the borders of South Africa; to rehabilitate and compensate persons injured as a result of motor vehicle accidents in a timely and caring manner; and to actively promote safe use of our roads.

Purpose of the Job: Reporting to the Manager: Cyber Security Operations, the successful incumbent is responsible for managing access to business applications and supporting the broader Identity and Access Management responsibilities.

Key Performance Areas

Identity and Access Management Controls Design and Implementation Support

• Support the management of digital identities and access controls.
• Collaborate in the selection and implementation of Identity and Access Management tools.
• Support in the maintenance of various Identity and Access Management controls much as multi-factor authentication, defining and enforcing access policies, regular audits of access rights, and ensuring principle of least privilege is followed across the organisation.
• Implement authorization of requests and changes related to Identity and Access Management.
• Implementation and maintenance of ICT security solutions.

Business Application Access Management

• Provide access to critical business applications.
• Manage internal control mechanisms specific to business applications, including conducting access reviews, enforcing segregation of duties, and managing privileged access, to guarantee adherence to organizational policies and regulatory requirements.
• Implement and maintain access control measures.
• Ensure compliance with relevant laws and regulations.
• Participating in identifying and assessing risks related to business application access and Identity and Access Management.
• Support the implementation of controls to mitigate identified risk.

Incident response and remediation management

• Support incident response activities for issues related to business application access.
• Assist in investigating, analyzing, and remedying security breaches.

Reporting

• Monitoring and reporting activities for systems and applications.
• Compile reports on Identity and Access Management and business application access security.

Stakeholder management

• Facilitate communication with stakeholders regarding Identity and Access Management and business application access.
• Provide guidance and support to IT operational staff on security processes and controls.

Qualifications and Experience

• Bachelor’s Degree/Advanced Diploma in Information Technology, Cybersecurity, or related field.
• ICT Security Certification (e.g., CISSP, CISA, CRISC) advantageous.
• Certification in public cloud platforms (AWS, Azure) advantageous.
• Relevant 4 years’ experience in an ICT Security related environment.
• Experience in managing access to business applications and supporting Identity and Access Management solutions such as Active Directory, SailPoint, Microsoft, Okta, Omada, AWS IAM.

Technical and Behavioral Competencies Required

• Planning, Organising and Coordinating
• Personal Mastery
• Judgement and Decision Making
• Ethics and Values
• Client Service Orientation
• Proficient in managing access to various business applications.
• Experience with IAM tools and technologies, such as SSO, identity federation, and access management.
• Regulatory Compliance.
• Knowledge of enterprise directory architecture, including directory schema and services.
• Familiarity with administrating authentication technologies (e.g., Active Directory, OpenLDAP, Kerberos).
• Understanding of IAM concepts and lifecycle.
• Planning and organising skills.
• Reporting and presenting skills.

NB: “RAF offers Total Employment Cost packages with no additional contributions from the Employer, successful candidates are required to structure their packages in a manner that will suit their needs”.

The Road Accident Fund subscribes to the principles of employment equity and preference will be given to People with Disabilities.

Applicants who have not received any correspondence from us within six weeks from the closing date can consider themselves unsuccessful

Security Vetting shall be conducted on all prospective employees

It is the applicants’ responsibility to have foreign qualification evaluated by the South African Qualification Authority (SAQA) and to provide proof of such evaluation.