Open Vacancies at The South African National Roads Agency (SANRAL)

MINIMUM REQUIREMENTS:

• B Eng. or B Sc. or B Tech Eng. Degree in Civil Engineering.
• A minimum of 10 years’ relevant experience, post qualification (B Eng. or B Sc. or B Tech Eng. Degree in Civil Engineering), in any of the following fields: planning, design, construction, operations and maintenance, project, and contract management of major roadworks.
• Registered with ECSA as a Professional Engineer or Professional Engineering Technologist.

KEY PERFORMANCE AREAS INCLUDE, BUT ARE NOT LIMITED TO:

Identification of Projects     

• Participates in the identification and prioritizing of projects using data from relevant management systems, network inspections, and personal knowledge.
• Based on requirements of the project, prepare annual budget and program.
• Ensure accurate identification of projects.
• Ensure effective prioritizing of projects.
• Ensure correct allocation of project funds.
• Ensure accurate project scope and realistic timeframes based on relevant requirements.

Procurement Management 

• Participates in the procurement processes for the appointment of consulting engineers and contractors as per the Employer’s standard operating procedures for procurement.
• Prepare relevant tender documentation for appointment of consulting engineers.
• Prepare relevant tender documentation for construction, in association with the consulting engineer, based on the scope of the project.
• Attend tenderer’s briefing meetings and site inspections to brief contractors on services required for project.
• Understands risk identification and analysis in respect of tender evaluations.
• Understands Pricing Schedules and analysis of tendered rates.
• Ensure use of appropriate and correct tender documentation as per specifications.
• Ensure compliance to SANRAL’s procurement policy.

Project Management

• Manages both Consultant and Construction Contracts over the full spectrum of SANRAL projects.
• Visits sites on a regular basis to monitor progress against the project plan.
• Monitors performance of projects through regular meetings with consultants and contractors.
• Ensure that appointed service provider conducts regular site audits.
• Monitors financial performance to ensure the project remains within budget.
• Prepare monthly forecast of expenditure for each project.
• Verify fee accounts and payment certificates prior to approval for payment.
• Review scope of work and potential impact on the budget and request additional funds if necessary.
• Identify possible hazardous locations of pedestrians and vehicles on network.
• Monitor transformation targets in terms of targets on construction projects.
• Identify and manage community development projects.
• Maintain good corporative governance in terms of risks and audits requirements on projects.
• Consider innovation in project life cycle.
• Ensure early identification of problems and mitigation thereof.
• Ensure effective project and contract management.
• Ensure completion of projects on time, within budget and conformance with quality standards.
• Ensure compliance with all technical, financial and quality requirements of the contract.
• Ensure compliance to terms and conditions of the contract.
• Understand the Claims process and ensure that Notices, Claims and Engineer’s Determinations are reported to the Chair of the Claims Committee.
• Understand the Dispute process and the functions of the Dispute Adjudication Board.
• Ensure effective cash flow management.
• Identify changes in project scope timeously.
• Mitigate and report on incidents as and when required.

Specialist Support   

• Heads up and/or actively participates in activities of a relevant technical cluster.
• Shares knowledge and experience with colleagues.
• Pursue research and best practice.
• Involved with development and improvement of specifications for SANRAL.
• Reviewing of Regional Memoranda and contract documentation.
• Ensure quality service delivery through use of appropriate solutions.
• Promote SANRAL’s credibility and promote aims and objectives of SANRAL.

 Communication Management

• Maintains good working relationships with all colleagues in all regions and areas of expertise.
• Cultivates and maintains good working relationships with key stakeholders, consultants and contractors.  
• Ensure internal collaboration and co-operation.
• Promote aims and objectives of SANRAL.

go to method of application »

MINIMUM REQUIREMENTS:

• NQF Level 7 Bachelor’s degree, Advanced Diploma or equivalent in Information Technology
• Compulsory industry certifications: CISSP, CISM, or CISA
• 5 years min relevant experience
• 3 years min supervisory experience

KEY RESPONSIBILITIES:

Management:

• Lead and manage the application security program, closely align with the overall SANRAL Cyber Security program.
• Establish and drive the adoption of application security testing frameworks, capabilities, and tooling.
• Scale application security through automation, ensuring security testing is integrated into development pipelines.
• Provide guidance on secure application design and risk mitigation for technology stakeholders.

Operational:

• Establish and enforce secure development standards, policies, and procedures across the organization.
• Integrate security tools, standards, and processes into the systems life cycle.
• Support the incident response and architecture review processes whenever application security expertise is needed.
• Ensure compliance with relevant security standards and regulations.
• Conduct security assessments of applications (web, cloud, mobile, API) using range of manual and automated review techniques.
• Create functional and non-functional application security requirements, including delivering secure cloud services that strike a balance of product usability.
• Oversees Vulnerability remediation and ensures accountability for risk reduction.
• Provide security requirements for systems security testing.
• Serve as a Subject Matter Expert (SME) in the field of Application Security.

Reporting:

• Provide regular updates on application security metrics, program status, and risk assessments to SANRAL’s leadership.
• Communicate security issues and plans effectively to both technical and non-technical audiences.

go to method of application »

MINIMUM REQUIREMENTS:

• NQF Level 7 Bachelor’s degree, Advanced Diploma or equivalent in Information Technology.
• Certificate in CISA, CRISC, CISM, CGEIT or COBIT.
• 10 years min relevant experience.
• 5 years managerial experience in IT GRC.

KEY RESPONSIBILITIES:

Management:

• Oversee the development, implementation, and management of an organization's IT GRC program.
• Establish IT governance frameworks.
• Identify and mitigate IT risks.
• Ensuring compliance with relevant regulations and policies.
• Lead and mentor a team of GRC professionals, fostering a culture of accountability and continuous improvement.

IT Governance:

• Work closely with the IT team to develop and implement organization-wide IT policies, processes and procedures.
• Assist in the review of IT management processes (and decisions) and confirm that they are compliant with the organisation's strategy for corporate governance of IT.
• Assist with establishing policy and standards for compliance with relevant global legislation relating to IT Governance, Privacy laws, data integrity, PCI-DSS, and other applicable laws.
• Act as the Subject Matter Expert for line managers and employees on matters relating to IT Governance.
• Research and keep up to date with international best practice in IT governance.
• Create IT RACI charts to clearly outline the responsibilities for managing the supply and demand aspects of IT.
• Perform regular IT Governance Maturity Assessments and implement improvement plans.
• Develop training plans to embed the IT Governance Programme.

IT Risk Management:

• Oversee the implementation of organisation-wide processes and procedures, tools and techniques for the identification, assessment, and management of IT risk inherent in the operation of business processes and of potential risks arising from planned changes – including technology upgrades.
• Monitor the implementation and maintenance of IT risk self-assessment programs across the organization.
• Work closely with the IT department management to ensure that IT risks are communicated and mitigated.
• Pro-actively manage and mitigate all potential IT Risks to the organization, in association with Senior Manager and team members.
• Perform third-party IT supplier risk assessments to ensure supply chain risk is managed throughout the supplier's lifecycle.

IT Audit Management:

• Develop and execute IT annual audit plans based on organisational priorities and risk assessments.
• Identify audit objectives, scope, and methodologies for each engagement in collaboration with the internal\external audit team.
• Communicate audit findings and recommendations to relevant stakeholders.
• Prepare clear and concise audit responses in collaboration with senior management.

IT Compliance Management:

• Develop, enhance and maintain compliance, best practice and legislative requirements.
• Prepare and submit reports showcasing compliance with regulatory requirements, industry standards and internal policies.

Reporting:

• Prepare and submit reports showcasing compliance with regulatory requirements, industry standards and internal policies.
• Prepare reports for relevant governance committees.
• Compile, deliver and communicate ICT performance and status updates to key stakeholders including executive leadership.
• Continuously evaluate and improve ICT reporting processes and reports to deliver more valuable insights and recommendations.
• Establish robust reporting mechanisms for tracking IT performance metrics, cybersecurity incidents, and regulatory compliance, promoting transparency and accountability.

go to method of application »

MINIMUM REQUIREMENTS:

• NQF Level 7 Bachelor’s degree, Advanced Diploma or equivalent in Information Technology.
• Advanced certifications such as CISSP or equivalent.
• 10 years min relevant experience.
• 5 years managerial experience.

KEY RESPONSIBILITIES:

Management:

• Lead complex projects in a matrixed, multi-stakeholder environment.
• Vendor and contract security negotiations.
• Project and resource management.
• Report writing and dashboard presentation.
• Ability to provide input in the development of the cyber security strategies, aligned with organizational goals.
• Manage and develop subordinates.
• Performance management.
• Training and development.
• Employee relations.
• Recruitment.
• Leave management.
• Strong knowledge and implementation of security frameworks (e.g. NIST, ISO/IEC 27001).
• Knowledge of legal, regulatory, and privacy requirements.
• Strong knowledge and experience with defining and implementing ICT security controls.
• Provide guidance to and monitor the IT security operations teams regarding patching and antivirus practices, particularly the response to zero-day threats.
• Develop security policies, procedures, processes and frameworks following industry trends.

Reporting:

• Prepare detailed information and cyber security operations reports and presentations for SANRAL’s senior management.

Micro Planning Cycle:

• Information and Cybersecurity Program Management & Project Planning (Quarterly/Monthly): Break down SANRAL’s strategic initiatives into actionable projects and manage their execution.
• Operational Security Management (Daily/Weekly): Oversee the day-to-day operations of security functions (e.g. Security Operations Center (SOC).
• Oversight: Ensure effective threat monitoring, detection, and alerting. Review SOC performance metrics).
• Threat & Vulnerability Management (Continuous/Weekly): Proactively identify and address emerging cyber security threats and vulnerabilities.
• Compliance & Audit Management (Quarterly/Ad-hoc): Ensure ongoing adherence to regulatory requirements and internal policies, and prepare for audits.

Macro Planning:

• Organisational & Business Context Alignment (Annual) – Understand SANRAL’s business strategy, critical assets, digital transformation initiatives, and risk tolerance to ensure security efforts support organizational goals.
• Threat Landscape Assessment – Conduct annual threat assessments to understand the global, regional (including specific threats relevant to South Africa/Africa), and industry-specific threat landscape.
• Cyber Security Threat Management Gap Analysis - Identify the most significant cyber risks to the organization based on the threat landscape and current security posture.

go to method of application »

MINIMUM REQUIREMENTS:

• NQF Level 7 Bachelor’s degree, Advanced Diploma or equivalent in Information Technology
• Industry certifications: CISSP, CISM, or CISA, are compulsory
• 5 years min relevant experience
• 3 years min supervisory experience

KEY RESPONSIBILITIES:

Management:

• Effective management of the Security and Network monitoring team, ensuring the organization's security posture, and reporting on security operations to senior management.
• Manage ongoing information and cyber security threat monitoring and regularly analyse security risks through qualitative risk analysis to ensure compliance with security governance.
• Manage the team's day-to-day operations, developing and implementing security procedures, coordinating incident response efforts, and ensuring compliance with regulatory requirements.

Operational:

• Lead Investigation of security incidents, identify threats, and determine the root causes of vulnerabilities.
• Identify and analyse potential threats and vulnerabilities, proactively mitigating risks.
• Manage security incidents, ensuring the appropriate process is followed from start to finish.
• Familiar with fundamentals of attack frameworks such as Mitre, Lock Head kill-chain, etc.
• Responsible for selecting, implementing, and managing threat intelligence platforms, ensuring the team has the necessary tools to detect, analyze, and respond to security incidents.
• Set up and manage security monitoring and detection systems to identify suspicious activities and potential threats.
• Lead the process to continually identify, assess, report on, manage and remediate vulnerabilities across endpoints, workloads and systems.
• Oversee the collection, analysis, and response to security alerts and events to ensure the protection of an SANRAL's assets and information.
• Define security monitoring policies, procedures, and guidelines for monitoring and detecting security threats.
• Overseeing the deployment, configuration, and maintenance of security monitoring tools, such as security information and event management (SIEM).
• Continuously research and evaluate new security technologies, tools, and methodologies to enhance the organization's security posture.

Reporting:

• Provide regular updates on incident summaries, performance metrics, threat landscape insights, and compliance status to SANRAL’s leadership.
• Develop dashboards and visualizations to provide an overview of the function's performance and security posture, allowing for quick identification of areas of concern.

go to method of application »

MINIMUM REQUIREMENTS:

• NQF Level 7 Bachelor’s degree, Advanced Diploma or equivalent in Information Technology
• Compulsory: Advanced certification as a Certified Incident Handler or equivalent (e.g. ECIH)
• 5 years min relevant experience
• 3 years min supervisory experience

KEY RESPONSIBILITIES:

Management:

• Leadership and Coordination: Ability to lead a cross-functional incident response team and manage high-pressure situations during incidents.
  Analytical Skills: Strong analytical skills to co-ordinate investigation of incidents, perform root cause analysis, and determine appropriate mitigation strategies.
• Communication: Excellent communication skills to convey information clearly to both technical and non-technical stakeholders, including senior leadership

Incident Response:

• Oversee and coordinate containment, eradication, and recovery phases of security incidents.
• Develop and implement incident response playbooks, ensuring SANRAL can respond quickly and effectively to different types of threats.
• Lead the incident response team during critical security incidents, managing communication between stakeholders and security team.

Incident Investigation and Response:

• Lead investigation of the root cause of security incidents, performing post-incident analyses to identify gaps and areas for improvement.
• Coordinate with forensic investigators to collect and analyse digital evidence and ensure proper chain-of-custody procedures are followed.
• Develop and maintain the SANRAL’s incident response plan (IRP), ensuring it aligns with industry standards and regulatory requirements.
• Conduct regular tabletop exercises and simulations to test the effectiveness of the incident response plan and train staff on incident response procedures.
• Work with other departments (e.g., IT, legal, compliance) to ensure that the incident response plan integrates seamlessly across the organization.
• Lead post-incident reviews to identify gaps and implement improvements in processes, technologies, and training to prevent future incidents.

Reporting:

• Prepare detailed incident reports and presentations for SANRAL’s senior management, outlining the impact, resolution, and next steps following an incident.
• Provide regular updates on incident summaries, performance metrics, threat landscape insights, and compliance status to SANRAL’s leadership