(911) Lead - Applications and Integration Security - BSTD

Brief description

The main purpose of this position is to provide technical leadership and guidance in the application and integration security function in support of secure business applications development, implementation and maintenance for the South African Reserve Bank (SARB).  

Detailed description

The successful candidate will be responsible for the following key performance areas:

• Contribute to the compilation of divisional operational plans and take responsibility for the implementation and monitoring thereof.
• Manage and direct the development and maintenance of the Secure Systems Development Life Cycle procedures and standards based on the SARB environment and manage the implementation thereof, ensuring that the solutions are free from security vulnerabilities.
• Lead and manage the vulnerabilities threat process (threat modelling and risk assessments) in support of building an advanced security posture for the SARB.
• Address the application and integration security audit findings to reduce the SARB’s threat landscape and improve its application security posture.
• Lead and guide the security component of the information technology (IT) projects, upholding code reviews and ensuring compliance to security standards during each stage of the project development life cycle.
• Implement and manage application security tools (e.g. Static Application Security Testing, Dynamic Application Security Testing, Software Composition Analysis) to automate security testing and monitoring.
• Lead the response to application security incidents (in compliance with security major incident response procedures), including root cause analysis and remediation efforts.
• Develop and deliver the application and integration security awareness campaigns, oversee training to all key stakeholders (including developers, testers and business analysts) and improve secure coding practices across the SARB.
• Provide consolidated and integrated reports and analytics for various forums on the state of application and integration security, including metrics and key performance indicators.
• Identify and mitigate risks related to the application and integration security environment and ensure compliance with relevant governance frameworks.
• Keep abreast of best practices and development in the field of application and integration security and ensure continual improvement, while ensuring the SARB applications comply with relevant security standards and regulations (e.g. Open Worldwide Application Security Project, General Data Protection Regulation, Payment Card Industry Data Security Standard).
• Lead stakeholder engagements (internal and external), in support of the sound security posture in the SARB.
• Fulfil the line management function in relation to the development and performance of the team, providing guidance and leadership to development teams and security staff.

Job requirements

To be considered for this position, candidates must be in possession of:

• an Honours degree in IT (NQF 8) or an equivalent qualification; 
• Certified Applications Security Engineer (CASE) certification;
• Certified Ethical Hacker (CEH) certification; and
• eight to ten years’ experience in an IT environment, including secure software development life cycle framework and solutions, of which at least five years are in overall security governance best practices frameworks; and
• proven experience in secure coding practices, threat modelling and vulnerability management.

The following would be an added advantage:

• additional security certifications (i.e. Certified Information Systems Security Professional, Certified Secure Software Lifecycle Professional, Offensive Security Certified Professional or GIAC Web Application Penetration Tester).

Additional requirements include:

• knowledge and skill in;
• programming languages (e.g. Java, Python, C# and web technologies);
• cloud security principles and technologies (e.g. Amazon Web Services, Azure);
• DevOps practices and CI/CD pipelines;
• cybersecurity governance;
• penetration testing methodology; 
• industry, organisational and business awareness;
• quality assurance;
• continual improvement;
• continual learning and professional development;
• collaboration;
• IT governance, risk and compliance; 
• IT enablement reporting;
• communication and interpersonal skills; and
• problem solving and analytical abilities.

In line with the SARB’s commitment to diversifying its workforce, preference will be given to suitable candidates from designated groups. People with disabilities are welcome to apply.

The SARB offers remuneration and benefits commensurate with the level of the position and in line with the market. The level at which the successful applicant will be appointed will depend on his/her competence and experience.

About SARB

 

Primary mandate of the SARB

 

Section 224 of the Constitution of South Africa states the mandate of the SARB as follows:

The primary object of the South African Reserve Bank is to protect the value of the currency in the interest of balanced and sustainable economic growth in the Republic.

The South African Reserve Bank, in support of its primary objective, must perform its functions independently and without fear, favour or prejudice.

 

WHAT WE DO

 

Monetary Policy

 

The Constitution gives the SARB the mandate to protect the value of the rand. We use interest rates to keep inflation low and steady.

 

Financial Stability

 

The SARB has a mandate to protect and enhance financial stability. We identify and mitigate systemic risks that might disrupt the financial system.

 

Prudential Regulation

 

The Prudential Authority regulates financial institutions and market infrastructures to promote and enhance their safety and soundness, and support financial stability.

 

Financial Markets

 

Open market operations are the main tool we use to implement monetary policy. We manage South Africa’s gold and foreign exchange reserves.

 

Financial Surveillance

 

The SARB is responsible for regulating cross-border transactions, preventing the abuse of the financial system and supporting the regulation of financial institutions.

 

Payments and Settlements

 

The SARB is responsible for ensuring the safety and soundness of the national payment system, which is the backbone of South Africa’s modern financial system.

 

Statistics

 

The SARB provides important economic and financial statistics that present an overview of the economic situation in South Africa.

 

Research

 

Research conducted by the SARB focuses on economics, financial stability, banking and emerging trends in finance. Our research supports policy decision-making.

Banknotes and Coin

 

The SARB has the sole right to make, issue and destroy banknotes and coin in South Africa.