Lead Applications and Integration Security - BSTD at South African Reserve Bank

Brief description

The main purpose of this position is to provide technical leadership and guidance in the application and integration security function, in support of secure business applications development, implementation and maintenance, for the South African Reserve Bank (SARB).

Detailed description

The successful candidate will be responsible for the following key performance areas:

• Contribute to the compilation of divisional operational plans and take responsibility for the implementation as well as the monitoring thereof. 
• Manage and direct the development and maintenance of the secure software development life cycle (SDLC) procedures and standards based on the SARB environment and manage the implementation thereof, ensuring that the solutions are free from cybersecurity vulnerabilities. 
• Lead and manage the vulnerabilities threat process in support of building an advanced security posture for the SARB.
• Address the application and integration security audit findings to reduce the SARB’s threat landscape and improve its application security posture. 
• Lead and guide the security component of the information technology (IT) projects, upholding code reviews and ensuring compliance with security standards during each stage of the project development life cycle. 
• Contribute to the development of the Security Major Incident Response Procedures and manage the implementation thereof during a security breach. 
• Drive the application and integration security awareness campaigns and oversee training to all key stakeholders (including developers, testers and business analysts) on secure development. 
• Provide consolidated and integrated reports and analytics for various forums pertaining to the application and integration security landscape for the SARB. 
• Identify and mitigate risks related to the application and integration security environment and ensure compliance with relevant governance frameworks. 
• Keep abreast of best practices and development in the field of application and integration security and ensure continuous improvement while ensuring the optimal use of security best practice with the development of new solutions.  
• Lead stakeholder engagements (internal and external) in support of the sound security posture in the SARB.  
• Fulfil the line management function pertaining to development and performance of the team. 

QUALIFICATIONS

To be considered for this position, candidates must be in possession of:

• a Bachelor’s degree (NQF 7) in Information Systems and Management or an equivalent qualification;
• certification in Application Security Engineer (SACE);
• certified Ethical Hacker (CEH); and
• eight to 10 years’ experience in secure SDLC frameworks and solutions, of which at least five years must be in exposure to overall security governance best practices frameworks and design, penetration testing, integration and applications’ code reviews.   

Additional requirements include:

• industry, organisational and business awareness;
• secure SDLC design, testing and development skill;
• knowledge and skill in:
• cybersecurity governance;
• penetration testing methodology and standards;
• IT enablement reporting;
• continued learning and/or professional development;
• quality assurance; 
• continuous improvement; 
• legislation, governance, risk and compliance;
• risk and compliance monitoring and reporting; and collaboration.