Manager: Application Security (2747) at The South African National Roads Agency (SANRAL)

MINIMUM REQUIREMENTS:

• NQF Level 7 Bachelor’s degree, Advanced Diploma or equivalent in Information Technology
• Compulsory industry certifications: CISSP, CISM, or CISA
• 5 years min relevant experience
• 3 years min supervisory experience

KEY RESPONSIBILITIES:

Management:

• Lead and manage the application security program, closely align with the overall SANRAL Cyber Security program.
• Establish and drive the adoption of application security testing frameworks, capabilities, and tooling.
• Scale application security through automation, ensuring security testing is integrated into development pipelines.
• Provide guidance on secure application design and risk mitigation for technology stakeholders.

Operational:

• Establish and enforce secure development standards, policies, and procedures across the organization.
• Integrate security tools, standards, and processes into the systems life cycle.
• Support the incident response and architecture review processes whenever application security expertise is needed.
• Ensure compliance with relevant security standards and regulations.
• Conduct security assessments of applications (web, cloud, mobile, API) using range of manual and automated review techniques.
• Create functional and non-functional application security requirements, including delivering secure cloud services that strike a balance of product usability.
• Oversees Vulnerability remediation and ensures accountability for risk reduction.
• Provide security requirements for systems security testing.
• Serve as a Subject Matter Expert (SME) in the field of Application Security.

Reporting:

• Provide regular updates on application security metrics, program status, and risk assessments to SANRAL’s leadership.
• Communicate security issues and plans effectively to both technical and non-technical audiences.