The main purpose of this position is to facilitate and implement the adoption of improved security controls, concepts, practices and technologies in support of secure business applications development, implementation and maintenance for our Organisation.

Detailed description

The successful candidate will be responsible for the following key performance areas:

• Identify security risks and vulnerabilities, analyse impact thereof and engage relevant stakeholders (e.g. governance bodies and product owners) on relevant security solutions, as well as to drive and monitor the implementation thereof in order to mitigate, remediate security vulnerabilities.
• Provide guidance with regard to the design and implementation of software components in support of building an advanced security posture.
• Proactively broaden knowledge in the area of application security and apply new knowledge and skills.
• Participate in application security audits through the provision of relevant information, respond to and address security related audit findings to reduce the organisation’s threat landscape and improve its application security posture.
• Participate in information technology (IT) security projects as the application security Subject Matter Expert (SME) ensuring compliance to security standards during each stage of the project development life cycle.
• Engage with the larger security community to acquire new information and adopt new security capabilities within the Bank’s IT security environment.
• Identify and implement opportunities for integration and consolidation, while ensuring the optimal use of security best practice with the development of new solutions.
• Contribute to the development and maintenance of secure system development life cycle (SDLC) procedures and standards based on the organisation’s environment and manage the implementation thereof.
• Implement the Security Major Incident Response Procedures, during a security breach, by investigating, reporting, providing recommendations, to avoid recurrence.
• Develop training material and deliver application security training to all key stakeholders (including developers, testers, and business analysts), in support of the Application and Integration security awareness campaigns.
• Present periodic reports and analytics pertaining to the security landscape surrounding the designated business applications.

Job requirements

To be considered for this position, candidates must be in possession of:

• A Bachelor’s degree in Information Technology or an equivalent qualification;
• Certified applications security engineer (CESA);
• Certified Ethical Hacker (CEH); and
• Five to eight years’ experience in the SDLC frameworks and solutions of which at least three years must be exposure to overall security governance best practices frameworks and design.

Additional requirements include:

• Additional security certification (will be an added advantage).
• Industry, organisational and business awareness.
• IT governance, risk and compliance knowledge and skill.
• Continued learning and/or professional development.
• Quality assurance knowledge and skill.
• Continuous improvement.
• Applications support and maintenance skill.
• SDLC design, testing and development skill.
• Cybersecurity governance knowledge and skill.
• IT enablement reporting skill; and capacity and performance management skill