Jobs at Road Accident Fund

Key Performance Areas

IT Governance

• Develop and implement IT governance frameworks and strategies aligned with organisational goals and industry best practices.
• Establish policies, procedures, and controls to ensure compliance with regulatory requirements and internal standards.
• Develop and maintain a complete controls library for ICT controls in line with best practice recommendations.
• Monitor and evaluate the effectiveness of governance processes and recommend improvements as needed.

IT Risk Management

• Design, develop and implement the Information Technology (IT) Risk Management Framework that is aligned to the RAF’s Enterprise Risk Management (ERM) framework.
• Develop risk mitigation plans and strategies to minimise potential impacts on IT operations and data integrity.
• Conduct regular risk assessments and audits to ensure ongoing compliance and risk readiness.
• Drive the creation of an understanding of ICT policies, processes, risk and controls’ in line with the RAF’s Policy Framework.
• Proactively ensure that all new projects have correct levels of assurance controls by conducting internal risk reviews before and during projects implemention.

Compliance and Assurance Across IT Environment

• Implement and maintain compliance programs and initiatives, including training and awareness campaigns for staff.
• Coordinate audits and assessments by internal/external auditors and regulatory bodies.
• Pro-actively manage the reduction of unsatisfactory audits by: (1) identifying areas of risk within ICT, (2) by assisting with the development of remediation plans to address issues by providing risk and audit expertise and (3) raising and tracking ICT Issues which may be of a strategic, tactical or operational nature.
• Review audit reports for factual accuracy and ensure that correct action owners were identified.
• Review the feasibility of agreed actions and facilitate closure of audit findings.

 Training and Awareness

• Oversee the development and delivery of training programs on IT governance, risk management, and compliance for employees.
• Promote a culture of compliance and awareness across the organisation through workshops, seminars, and informational materials, e.g. Cybersecurity awareness, Policy Compliance, POPIA Compliance etc.

 Track Remediation of all Observations

• Track and monitor the adequate and on time remediation of observations raised by all independent assurance bodies.
• Record remediation plans and facilitate closure for ICT related control weaknesses identified.
• Ensure this is done through weekly progress tracking with control owners (typically Senior Managers) and reporting.
• Engage with ICT management and senior management to discuss and manage overall progress against remediation plans.
• Ensure that all audit closure documents are reviewed by the appropriate stakeholders before being submitted to IA.

Policy Review and Implementation

• Lead the development and implementation of departmental policy, procedures and processes.
• Keep up to date with effective policy and practice execution strategies.

Reporting

• Prepare regular reports and updates for senior management and stakeholders on IT governance, risk, and compliance activities on a monthly basis or as and when required.
• Communicate risks, compliance issues, and recommendations clearly and effectively to key stakeholders.
• Collaborate with IT teams, legal counsel, and business units to address compliance concerns and implement solutions.

Stakeholder Management

• Facilitate and manage communication with relevant internal and external stakeholders about investments and proactively and progressively manage the relationships.
• Represent the Fund in relevant external activities and events.

People Management

• Ensure the sourcing, development and retention of a high-performance team.
• Manage staff in the department to ensure that they achieve their objectives in line with the strategic objectives of the RAF.
• Manage the implementation of human capital processes and procedures to control/regulate workplace conflict and/or institute corrective measures and consultation processes to address deviations from standards.

Qualifications and Experience

• Bachelor’s Degree/ Advanced Diploma in IT/ Risk Management/ Audit/ IT Governance related qualification.
• Postgraduate in IT/ Risk Management/ Audit/ IT Governance related qualification will be advantageous.
• Certification in CISA, COBIT and ITIL.
• ISO 27001 certification will be an added advantage.
• Relevant 6 - 8 years’ experience in IT Governance, Risk and Compliance environment of which 2 years must have been on management or supervisory level.

go to method of application »

Key Performance Areas

Service Level Management

• Responsible for the current and future service requirements of customers are identified, understood and documented in SLA and SLR documents.
• Negotiate and agree levels of IT Service to be delivered.
• Negotiate, agree and maintain the Operational Level Agreements (OLAs) that underpin the SLAs with the IT Provider.
• Provide input to Third Party Supplier or Contract Management relationships related to Service Targets and ongoing Performance that underpin SLAs.
• Ensure that service level reports are produced and that breaches of SLA targets are highlighted, escalated to the relevant senior management to prevent recurrence.
• Ensure that service performance reviews are scheduled, carried out with stakeholders regularly and are documented with agreed actions progressed.
• Ensure that improvement initiatives identified in service reviews are acted upon and progress reports are provided to customers.
• Provide measurement, recording, analysis, and improvement of Customer Satisfaction.
• Monitor the Service Level Management process.
• Audit the Service Level Management process.
• Ensure that reports on Service Performance and Achievement to the Business Unit and IT Processes are produced regularly and at an appropriate level.

Service Catalogue Management

• Document and publicize the process. 
• Responsible for ensuring that the Service Catalogue is available, accurate, and meets IT Service Provider and End User needs. 
• Ensure that Service Catalogue assessment reviews are scheduled, carried out with customers regularly and are documented with agreed actions.
• Ensure each service has an identified Service Owner and Provider.  
• Audit the Service Catalogue Management process. 
• Escalate to the Service Catalogue Management Process Owner where the process is not fit for purpose.

Quality Assurance

• Conduct regular audits of service desk interactions, analysing registered calls, customer care emails, password reset emails and ticket resolutions to identify areas for improvement.
• Collaborate with Service Desk Team to provide constructive feedback, coaching, and training to enhance performance and ensure consistency in service delivery.
• Actively identify trends, patterns, and root causes of service issues, working cross-functionally to implement corrective actions and preventive measures and increase First Call Resolution (FCR).
• Participate in service desk quality improvement initiatives, contributing insights to enhance workflows, tools, and knowledge management.
• Collaborate with other departments to ensure alignment of quality assurance initiatives with overall organizational objectives and customer satisfaction goals.
• Monitor, evaluate and score Service Desk calls against established quality assurance standards.
• Review, evaluate, and score open and closed tickets against established quality assurance standards.
• Ensure the Service Desk agents adhere to predetermined quality assurance standards and the business's standard operating procedures.
• Monitor calls to provide feedback regarding telephone etiquette, product information given and procedures. 

Reporting

• Prepare and submit reports as and when required to provide progress updates and/or inform management decisions.
• Develop reports or procedures and guide the process through the alignment of the documents to the overall RAF’s Strategy.

Stakeholder Management

• Facilitate and manage communication with relevant internal and external stakeholders in relation to investments and proactively and progressively manage the relationships.

Qualifications and Experience

• Bachelor’s Degree/ Advanced Diploma in IT related qualification.
• Certification in ITIL foundation V3 or Higher.
• Certification in ITIL Intermediate Service Design or ITIL Service Offerings and Agreements V3 or Higher.
• Relevant 4 years’ experience in an ICT interactive client support environment managing SLAs, OLAs and ICT service catalogue.

go to method of application »

Key Performance Areas

 Risk Management

• Conduct comprehensive risk assessments to identify and analyse potential risks associated with IT systems, processes, and projects.
• Develop and implement risk mitigation strategies and controls to minimize the likelihood and impact of identified risks.
• Manage exposures, insurance, legal/ regulatory requirements, cost justifications, vendor agreements, and business continuity.

 Business Continuity and Disaster Recovery

• Contribute to business impact analysis and align IT continuity plans accordingly.
• Develop and implement standard risk assessment, business impact analysis, and BCM tools and capabilities.
• Facilitate insurance and vendor agreements for disaster events.

Incident Response and Crisis Management

• Maintain incident response plans and procedures to effectively respond to and recover from IT incidents and disruptions.
• Participate in crisis management exercises.

Third Party Risk Management

• Evaluate and manage risks associated with third-party vendors, suppliers, and service providers.
• Assess third party security controls, contractual obligations, and service level agreements to mitigate risks and ensure compliance with IT policies.

Cloud Services Risk Assessment and Mitigation

• Conduct risk assessments for cloud services, develop mitigation strategies, and manage relationships with cloud service providers.
• Evaluate and manage relationships with cloud service providers, ensuring that contractual agreements, service level agreements (SLAs), and security commitments meet the organization's requirements.
• Oversee change management processes for cloud environments.

ICT Compliance

• Collaborate with IT teams and business units to ensure that information technology systems and services meet risk management and compliance objectives.
• Conduct regular audits and assessments of information technology systems and services to ensure that they are secure and meet compliance requirements.
• Ensure a compliance framework is maintained in accordance with required standards.

Policy Review and Implementation

• Contribute to the development and implementation of departmental policies, standards, procedures, and processes.
• Stay updated with effective policy execution strategies.

 Reporting

• Define key performance indicators (KPIs) and metrics to measure the effectiveness of IT Risk processes and controls.
• Prepare status reports on IT BCM matters, measure BCM program maturity, and publish DR program reports.
• Monitoring risk indicators, tracking risk treatment actions, and generating regular reports and dashboards to communicate risk status to senior management and stakeholders.

Stakeholder Management

• Foster proactive relationships with key stakeholders and address inquiries and requests for information.
• Maintain relationships with Enterprise Risk function, Auditors, service providers, and procurement teams.  

Qualifications and Experience

• Bachelor’s Degree/ Advanced Diploma in Information Technology/ Risk Management related qualification
• ITIL will be an added qualification.
• Relevant 5 - 7 years’ experience in a Risk Management or an Information Technology related environment.

go to method of application »

Key Performance Areas

Policy review and implementation

• Contribute to the development and implementation of departmental policy,  procedures and processes.
• Keep up to date with effective policy and practice execution strategies.

Forensic investigation

• Plan and coordinate the investigation of cases as assigned by respective management.
• Maintain partnership relationship with the prosecuting authorities and Law  Enforcement agencies.
• Draw monthly or weekly reports for the region for transmission to the Manager.
• Identify the loopholes in the process that may lead to abuse and report such to the Forensic Manager.
• Investigate irregularities identified or brought to attention to secure the prosecution of parties involved.
• Maintain a healthy working relationship with law enforcement agencies and the Forensic Department's private investigation working partners.
• Analyse reports received from external stakeholders or assessors and compile affidavits on behalf of RAF to lay criminal charges against guilty parties.
• Opening / registering of criminal cases with either the Police or Hawks (DPCI) and keeping proper records thereof.
• Compile a comprehensive monthly activities report and submission thereof to the Forensics Manager.
• Giving of evidence at criminal courts and departmental hearings.
• Supporting other RAF departments in connection with the investigation that is being or has been conducted.
• Meeting the targets as set down by a Forensic Manager and performing his tasks according to the set standards.
• Analyse spreadsheet on touts.
• Investigation of reports received from Tip-Offs Anonymous and giving feedback to the Manager timeously.
• Involvement in internal and external fraud campaigns initiated by Forensic Department or in conjunction with the Communications Department.
• Effective case management and record keeping i.e. inspections, case books, vehicle registers, etc.
• Provide feedback to stakeholders in respect of investigations that were referred.
• Implementation of the current fraud prevention strategy.

Fraud Prevention and Investigation

• Participate in the implementation of approved Fraud and Investigation initiatives to improve the ethical culture of the organisation.
• Promote proactive fraud prevention initiatives within the organisation.
• Participate in fraud investigation by external parties.
• Participate in providing the Claims department with properly investigated cases that will enable the assessors or requester to assess the claim and pay valid claims.
• Participate in the development and implementation of systems and platforms that will detect fraud throughout the claims lifecycle.
• Identify opportunities to innovate and improve fraud investigation initiatives and the execution thereof.

Reporting

• Ensure regular and periodic reports are prepared and submitted as and when required to provide progress updates and/or inform business unit decisions.
• Prepare proposals, briefings, presentations, reports, and other documentation, providing management information both verbally and in report format.

Stakeholder management

• Implement forensics awareness initiatives.
• Facilitate communication with all levels of stakeholder contact.
• Engage proactively with key stakeholders.

Qualifications and Experience

• Bachelor’s Degree/ Advanced Diploma in Law/ Accounting/ Auditing/ Forensic Investigations related qualification.
• Relevant 5-7 years’ experience in a Fraud Investigation related environme

go to method of application »

Key Performance Areas

IT Governance Administrative Duties

• Implement IT governance policies and frameworks to ensure they meet the organization's objectives and comply with legal and regulatory requirements.
• Support the monitoring and reporting of compliance with IT governance policies, identifying any areas of non-compliance and recommending corrective actions.
• Facilitate the IT risk management process, including risk identification, assessment, and mitigation planning.
• Coordinate with IT and business units to ensure effective implementation of IT governance practices.
• Support the IT governance training programs, educating staff on governance policies, procedures, and best practices.
• Participate in the management of IT audits, including preparation, liaison with auditors, and implementation of audit recommendations.
• Maintain up-to-date knowledge of industry trends, emerging IT governance frameworks, and regulatory requirements affecting the organization.

Internal and Audit Support

• Maintain procedural documentation for IT operations, ensuring clarity, accuracy, and accessibility for IT staff and relevant stakeholders.
• Validate alignment of process maps that visually depict IT workflows, including data flows, system interactions, and decision points.
• Implement and maintain IT governance frameworks (such as COBIT, ITIL, or ISO/ IEC 27001), ensuring IT processes are aligned with organizational goals and compliance requirements.
• Assist in addressing audit findings and implementing recommended changes.
• Conduct analysis to ensure that documentation meets the needs of end-users and supports training efforts.
• Monitor current processes and documentation for improvement opportunities.
• Facilitate process improvement initiatives in collaboration with IT teams.
• Identify and document potential risks associated with IT processes.
• Create and maintain training materials based on documented procedures and processes.

Reporting

• Contribute to the preparation of reports for senior management and external regulators, highlighting the status of IT governance initiatives.
• Contribute to the preparation of regular IT Governance reports, compiling data for senior management and technical teams.

Stakeholder Management

• Support the facilitation and management of communications with relevant internal stakeholders on IT Governance matters, under the guidance of the Seniors and ICT Management.
• Provide assistance to IT operational staff regarding the maintance of the Internal Control system.

Qualifications and Experience

• Bachelor’s Degree/ Advanced Diploma in Information Systems/ Computer Science/ Risk Management/ Internal Audit or related qualifications.
• Certifications in IT governance frameworks (e.g., COBIT/ ITIL/ ISO/IEC 27001) will be an added advantage.
• Relevant 3 years of experience in an IT Governance, Risk Management, or IT Compliance environment.
• Experience with IT audits and the implementation of IT governance frameworks and standards.

go to method of application »

Key Performance Areas

 Strategy development and operational planning

• Provide technical and strategic leadership and administrative management to the Forensic Investigation Department (FID).
• Guide implementation of the overall strategic plan for the department.
• Guide the implementation of specific key performance indicators and measures against outcomes detailed in the departmental strategic plans and annual performance plans (APP).

Policy review and implementation

• Oversee the development and implementation of anti-fraud policy, anti fraud and corruption strategy, fraud response plan, investigation methodology and applicable standard operating procedures (SOPs) for the business unit and ensure effective execution of policy and practices.
• Collaborate with appropriate structures to ensure effective execution of investigations guiding documents (anti-fraud policy, anti fraud and corruption strategy,fraud response plan, investigation methodology).
• Stay updated on industry regulatory requirements and effect the applicable changes in the organization.
• Ensure that all employees in the team know and understand the investigation legislative framework and RAF policies.

Conduct investigations into fraud, corruption, bribery, collusion conducted by external parties or combination of internal and external parties

• Develop and update procedures for reporting suspicious activities.
• Analyse the reported allegations.
• Allocate allegations for investigations in line with set guidelines and standards.
• Oversee and provide investigation capability into complex and noncomplex investigations on claims fraud, medical fraud, corruption, bribery, collusion, cybercrime, or misconduct.
• Monitor investigations progress and provide progress to the relevant stakeholders. 
• Quantify financial losses on the investigated case.
• Report control failures identified during the investigation to the relevant management.
• Approve case status changes in line with the anti-fraud policy or investigation methodology.
• Provide litigation support (testifying at disciplinary hearings, CCMA, court),and assist law enforcement agencies as and when they require help.

Recommend business areas where trends and patterns should be detected and Fraud Deterrence

• Identify business areas that are highly exposed to fraud.
• Recommend fraud detection assignment to the fraud detection team.
• Analyse the fraud detection reports and execute the investigation plan on flagged outcomes.
• Ensure proper and effective communication of investigation successes to ensure maximum deterrence.

Reporting

• Quality review investigation reports and adhere to the applicable standards and guidelines.
• Provide monthly performance report against the operational plan and APP to management.
• Provide quarterly reports to oversight structures.
• Provide investigation outcomes feedback to management.
• Compile submissions and memorandums as and when required.
• Ensure development of functional reporting systems, project or performance reporting for management.
• Manage the implemenation and operation of the case management system.
• Provide presentations to internal and external stakeholders as and when required.

Financial Management

• Ensure that the periodic financial and strategic goals of RAF as well as the performance expectations of the various teams are achieved.
• Report and review operations financial and non-financial goals.
• Ensure sufficient internal control measures are implemented for adherence to PFMA, RAF and other relevant legislation and regulation.
• Manage, monitor and control the business unit’s budget expense.
• Write and submit the monthly expenditure report.

Stakeholder Management

• Engage and communicate the FID mandate to internal and external stakeholders to ensure that they understand the responsibility of the FID unit.
• Build and maintain strategic partnership with business unit managers and heads of departments.
• Recommend corrective actions to senior managers, heads of departments to improve their processes and controls to prevent similar incident of fraud reoccuring in the future.
• Maintain proactive and progressive relationships with external stakeholders.
• Represent the Fund in relevant external activities and events.
• Communicate with all levels of stakeholder contact.
• Interact with counterparts in the industry to learn and share knowledge.
• Delegate inquiries and requests for information from both internal and external stakeholders.

 People Management

• Ensure sourcing, development and retention of a high-performing team.
• Ensure that recruitment of operational workforce is in line with employment equity targets.
• Ensure the motivation, cohesiveness, and alignment of the organization’s team members.
• Manage staff in the department to ensure that they achieve their objectives in line with the strategic objectives of the RAF.
• Ensure implementation of all people managemanet processes and procedures (eg performane management) to control/regulate workplace conflict and/or institute corrective measures and consultation processes to address deviations from standards.

Qualifications and Experience

• Bachelors Degree/Advanced Diploma in Commerce (Bcom Accounting, Internal Audit, Financial Mangement, Risk Management, BCom Law, Forensic Accounting, Economics and Information Systems), Forensic Science or LLB.
• Postgraduate related qualification in Accounting, Auditing, Financial Management, Risk Management, Law, Information Technology/ Information systems, Forensics, BCompt Honours or Masters.
• Certified Fraud Examiner (CFE) or Forensic Practitioner (ICFP).
• Certified Anti-Money Laundering Specialist (CAMS) will be an added advantage.
• Relevant 9-10 years’ experience in forensic investigation (such as but not limited to fraud, corruption, bribery, forgery and counterfeit, identity theft) of which 3 (three) years must have been on a management level in managing a team.

go to method of application »

Key Performance Areas

Incident Response and Remediation

• Maintain the Confidentiality, Integrity and Availability of the RAF Information contained within SAP systems.
• Ensure security incidents or requests are recorded in the RAF incident management system.
• Conduct investigation, analysis and review following any security breach or incident.
• Initiate the investigation of incident.
• Compile reports around the breach or incident.
• Implement corrective actions where approved.
• Maintain detailed records of breach or incident using agreed procedures.

Role Based Access Control (RBAC) and Segregation of Duty (SoD) Risk Analysis

• Engage with RAF business process owners (BPO) to ensure that access controls are designed in accordance with business requirements.
• Ensure proper Segregation of Duty (SoD) and risk analysis are performed for all identity and access management controls.
• Draft and maintain authorized records for all SAP Roles used within the RAF.
• Ensure that data and system owners approve access.
• Operate and administer logical access controls and directly associated security services relating to all platforms used in order to provide a continuous and secure access service to all Information facilities.
• Apply Access control tools within the RAF according to the RAF policies, standards, processes and procedures.
• Ensure adequate physical access control mechanisms are in place.
• Facilitate the access controls between the RAF systems and external third parties.
• Ensure IT security integration with SAP and other systems such as LDAP, AD and Identity Management.

Design, Develop and Implement SAP Security Controls

• Ensure SAP security patching is applied regularly.
• Ensure SAP module, Enterprise portal and web services are adequately protected.
• Ensure that Governance Risk and Compliance is maintained throughout.
• Prepare recommendations for appropriate security control improvements and introduction of new security controls.
• Provide guidance and support to respective IT operational staff on systems security processes, policies and security controls.
• Identify if there are any security violations while implementing the changes to the configurations.
• Provide necessary corrective actions or solutions from security perspective.
• Advise and handle all enquiries relating to IS security, contingency planning and activities of the function as and when required.

Draft and Maintain Documented Standards, Processes and Procedures

• Draft and maintain all standards, processes and procedures for SAP Security.
• Draft and maintain supporting documentation for SAP security. 

Monitoring, Reviewing and Reporting on SAP Security

• Continuous monitoring of SAP security and sensitive transactions.
• Periodic review of all relevant logs in SAP systems.
• Ensure that access requests by data subjects are reviewed in accordance with approved procedures.
• Ensure reports are submitted on time, duly authorized and maintained for record keeping.

Auditable Record Keeping of all Access, Monitoring, Reporting and Remediation

• Ensure all requests and changes are correctly authorized before implementation.
• Document all monitoring and reviewing in the approved report template. 

Audit Recommendation Analysis and Implementation

• Assist in conducting IS risk assessments for SAP.
• Participate in periodic IT security Audits by making security related documents available to the auditor.
• Implement recommended changes as per audit.
• Prepare security reports for management.
• Maintain security incident reports.

 Act as a Substitute in the Department to Cover Capacity

• Ensure security incidents/requests are recorded in the RAF incident management system.
• Respond and remediate incidents and requests within the statutory time periods.

 Policy Review and Implementation

• Contribute to developing and implementing departmental policy, standards and procedures, and processes.
• Keep up to date with effective policy and practice execution strategies.

Reporting

• Provide feed back the outcome of review meetings to the Senior Business Relationship Manager.
• Provide visibility and reporting on progress with the roadmap, and escalating any issues encountered during delivery that may affect the annual planning.

Stakeholder Management

• Proactive and progressive relationships with key stakeholders.
• Deal with inquiries and requests for information from both internal and external stakeholders.
• Conduct regular SLAs reviews with stakeholders as defined by the Senior Business Relationship Management.

 Qualifications and Experience

• Bachelor’s Degree/Advanced Diploma in Information Technology related qualification.
• SAP certifications in Security/Authorizations are required:
• Certified Technology Professional - Security with SAP NetWeaver 7.0 (P_ADM_SEC_70).
• SAP Certified Application Associate (C_GRCAC_10) GRC.
• SAP BusinessObjects Access Control 10.0 (C_GRCAC_10).
• SAPHANA, ADM945 Authorization Concept for SAP Fiori on S/4HANA.
• SAP S/4HANA Security Concepts.
• Attendance in AWS practitioner will be an added advantage
• ITIL Foundation will be an added advantage.
• Relevant 5 - 7 years’ experience in SAP Security environment.