Head of DevSecOps at Kerridge Commercial Systems South Africa

Role Summary

The role focus will be to accelerate develop, implement and deploy internal and external development teams’ systems across KCS group to deliver Security to the SDLC for growth and public products we sell to our customers. 

Implement, Improve and Monitor security metrics in relation to achieving ISO27001 and Secure By Design projects. 

Deliver through matrix management and coaching the continued maturity and development of security related outcomes and pro-active. 

Key Responsibilities:

• Implement and influence the adoption of “Secure by Design” and secure software development lifecycle. (Secure SDLC)
• Integration into teams and provide training and secure requirements.
• Collaborate with feature teams, product owners, architecture, IT, business, vendors and other stakeholders to investigate development activities.
• Establish relevant metrics and produce risk reports for stakeholders highlighting key risks, threats, incidents progress and status to assist in decision making.
• Develop a security assessment schedule across the respective lines of business / business units with key focus on software development activities.
• Conduct reviews of applications, systems, underlying infrastructure, and related processes relating to software development practices.
• OWASP SAMM implementation and ISO 27001 coordination.
• Establish and maintain risk profiles for selected products and units.
• Collaborate threat intelligence, cybersecurity, security engineering and other risk functions to develop and maintain a holistic security strategy and remediation plans.
• Establish a threat modelling architecture that is measurable and relatable to business to increase maturity on software development practices.
• Assist in documenting and tracking security findings into a formal risk register.
• Provide training and documentation regarding security.
• Facilitate continuous technical system reviews by working with the Penetration Test Team and assist business with interpretation and implementation of required controls.
• Recommend the implementation of effective controls to support defined security policies and standards. Co-ordinate and track the implementation of remediation plans.
• Participate in IT Security incident response planning and investigation of security breaches, and assist with disciplinary and legal matters associated with such breaches as necessary. 

Key Requirements: 

Essential

• Software Development Managerial expertise.
• SDLC, AGILE, Security Development.
• Security domain knowledge for OWASP, MITRE, ISO27001, Secure by Design.
• Strong communication skills – able to communicate effectively on technical and business issues
• Analytical skills.
• Experience in a Project and Programme management. 

Desirable

• Experience in Matrix management (external and internal stake holders).
• Project management.