Principal Specialist: Technical Consulting (Principal IT Security) at The South African Revenue Service (SARS)

Job Purpose

• To develop implementation plans and provide strategic leadership advice in multiple projects, technologies and technical consulting strategies, in order to achieve overall organisational objectives. 

Education and Experience

Minimum Qualification & Experience Required

• Honours / Postgraduate Diploma (NQF 8) IT, Computer Science or Similar AND 10-12 years ‘IT Security Architecture plus extensive experience in operating at enterprise or multi programme level within complex environments, of which 6-8 years is at a Senior Specialist level

OR

• Bachelor's Degree / Advanced Diploma IT, Computer Science or Similar (NQF 7) with Cybersecurity or architecture certification (e.g. CISSP, CISM, CCSP, TOGAF Security) AND 12 - 15 years’ IT Security Architecture experience plus extensive experience in operating at enterprise or multi programme level within complex environments, of which 6-8 years is at a Senior Specialist level

Minimum Functional Requirements

• Secure SDLC frameworks and controls across design, build, test, release and operate phases
• Application and solution security architecture for on premise, hybrid and modern platforms
• Security requirements definition, threat modelling and design assurance
• API, integration and data security principles
• Platform and application hardening standards
• Security control optimisation and rationalisation
• Working knowledge of containerisation and modern application platforms
• Alignment to enterprise architecture, security and governance frameworks
• (Product specific experience is advantageous but not mandatory.)

Job Outputs:

Process

• To provide principal level cybersecurity consulting and architecture leadership by governing SDLC security practices, enabling secure digital services, optimising cybersecurity controls, and supporting enterprise modernisation initiatives in support of SARS’ strategic and operational objectives.
• Review and govern SDLC security controls, standards and patterns across delivery teams
• Define and maintain secure design principles, reference architectures and security guardrails
• Translate business and operational requirements into clear, testable security requirements and technical specifications
• Provide security architecture assurance for new and modernised digital services
• Identify opportunities to optimise, rationalise and modernise existing security controls
• Embed security by design and security by default practices into delivery and transformation initiatives
• Analyse and make recommendations about improvements to specialist systems, procedures, policies and practices.
• Contribute to the optimum utilisation of org. resources, advising on effective planning and development of area of specialisation resource plans.
• Develop multiple practices in alignment with operational policy and procedural frameworks, supporting tactical development and excellence.
• Draw on own technical or professional expertise, knowledge & experience to identify & recommend tactical solutions to defined problems in practices.
• Influence and communicate across business areas impacted by practice area to minimise resistance and ensure on-boarding of new thinking.
• Integrate business information, compare, analyse & produce reports to identify trends, discrepancies & inconsistencies for decision making purposes.
• Optimise goal achievement through tactical strategy development and optimisation of practises, processes & systems across an internal value chain.
• Plan for value-added, continuous multiple practice and system improvement optimisation to deliver on objectives and to enhance tactical excellence.
• Proactively identify interconnected problems, determine its impact and use to develop best fit alternatives; developing best practice solutions.
• Recommend changes to optimise processes, systems, practice areas and associated procedures and execute the implementation of change and innovation.
• Translate top down policy, apply modification in relation to own practice area and communicate impact to relevant stakeholders.
• Provide support to integration projects by applying the required specialised skills in terms of architecture, data, design, services, processes, monitoring and patterns.
• Ability to apply multi-skilled capabilities to influence, identify and resolve complex issues in the IT environment.
• Engage with relevant stakeholders and establish operational and IT transformational demand.
• Successfully deliver projects, impactful improvements initiatives & business as usual enhancements, improve effectiveness, service and productivity.

Governance

• Define, review and enforce secure SDLC and architecture governance controls
• Ensure alignment with enterprise security, architecture and risk management frameworks
• Develop and/or align governance and compliance policies for own practice area to identify and manage risk exposure liability.

People

• Act as a principal consultant and mentor, providing thought leadership on secure design and modernisation
• Influence delivery, architecture and operational teams through expertise and advisory leadership
• Integrate new knowledge and transfer skills attained through formal and informal learning opportunities in the execution of your job.
• Provide specialist know-how, support, advice and practice thought leadership in area of expertise.

Finance

• Implement and monitor financial control, management of costs and corporate governance in area of specialisation.

Client

• Develop & ensure implementation of a practice that builds service delivery excellence & encourage others to provide exceptional stakeholder service.
• Participate in the specialist practice community and contribute positively to organisation knowledge management.
• Provide authoritative, specialist expertise and advice to internal and external stakeholders.

Behavioural competencies

• Accountability
• Adaptability
• Analytical Thinking
• Attention to Detail 
• Building Sustainability 
• Commitment to Continuous Learning 
• Conceptual Ability 
• Customer Service   
• Fairness and Transparency
• Honesty and Integrity
• Organisational Awareness 
• Problem Solving and Analysis 
• Respect
• Trust

Technical competencies

• Application Development and Maintenance 
• Business Knowledge 
• Creative and Innovative Thinking 
• Efficiency improvement
• Functional Policies and Procedures 
• IT Knowledge 
• Knowledge of IT Governance and Business  
• Policy analysis 
• Reporting
• System Thinking 
• Technical Expertise  

Dedaline:31st March,2026