Head of Devsecops

Kerridge Commercial Systems (KCS) is a market leader in the development and provision of trading and financial software environments for specialist Distribution, Wholesale, Merchant and Retail industry sectors, addressing single
- or multi-branch operations, as well as catering for organisations with 'point-of-sale' showrooms and warehouse.

The KCS InfoSec Departments assists the senior management team to set and implement strategic projects across all departments and geographies in relation to security.

The department focussed on internal and product facing security related duties and aims to set standards and achieve certification on our business functions and products.

**Role Summary**

The role focus will be to accelerate develop, implement and deploy internal and external development teams’ systems across KCS group to deliver Security to the SDLC for growth and public products we sell to our customers.

Implement, Improve and Monitor security metrics in relation to achieving ISO27001 and Secure By Design projects.

Deliver through matrix management and coaching the continued maturity and development of security related outcomes and pro-active.

**Key Responsibilities**:

- Implement and influence the adoption of “Secure by Design” and secure software development lifecycle. (Secure SDLC)
- Integration into teams and provide training and secure requirements.
- Collaborate with feature teams, product owners, architecture, IT, business, vendors and other stakeholders to investigate development activities.
- Establish relevant metrics and produce risk reports for stakeholders highlighting key risks, threats, incidents progress and status to assist in decision making.
- Develop a security assessment schedule across the respective lines of business / business units with key focus on software development activities.
- OWASP SAMM implementation and ISO 27001 coordination.
- Establish and maintain risk profiles for selected products and units.
- Collaborate threat intelligence, cybersecurity, security engineering and other risk functions to develop and maintain a holistic security strategy and remediation plans.
- Establish a threat modelling architecture that is measurable and relatable to business to increase maturity on software development practices.
- Assist in documenting and tracking security findings into a formal risk register.
- Provide training and documentation regarding security.
- Facilitate continuous technical system reviews by working with the Penetration Test Team and assist business with interpretation and implementation of required controls.
- Recommend the implementation of effective controls to support defined security policies and standards. Co-ordinate and track the implementation of remediation plans.
- Participate in IT Security incident response planning and investigation of security breaches, and assist with disciplinary and legal matters associated with such breaches as necessary.

**Key Requirements**:
Essential
- Software Development Managerial expertise.
- SDLC, AGILE, Security Development.
- Security domain knowledge for OWASP, MITRE, ISO27001, Secure by Design.
- Strong communication skills - able to communicate effectively on technical and business issues
- Analytical skills.
- Experience in a Project and Programme management.

Desirable
- Experience in Matrix management (external and internal stake holders).
- Project management.

**Company Info**

Kerridge Commercial Systems (KCS) is the market leader in developing and delivering fully integrated business management solutions for distributors, suppliers, resellers, wholesalers and merchants. Our mission is simple: to design, implement and support high performance systems that enable our customers to source effectively, stock efficiently, sell profitably and service competitively.

**Equal Opportunities**

KCS is proud to be an equal opportunity workplace and is an affirmative action employer. We are committed to equal employment opportunity regardless of race, colour, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status. If you have a disability or special need that requires us to adjust the recruiting process please do advise us when contacted.
- To all recruitment agencies: KCS does not accept agency resumes. Please do not forward resumes to our careers site or direct to KCS employee. KCS is not responsible for any fees related to unsolicited resumes._