Devsecops - Manager

**Job Role: Manager
- Information Security (DEVSECOPS)**

**Introduction**:
**Description**:
We are looking for a **Manager

The above is related to software development practices relating to the SDLC (Software development lifecycle), Agile and DEVSECOPS practices and principles.

**Start Date**:As soon as possible

**Responsibilities**:

- Develop a security assessment schedule across the respective lines of business / business units with key focus on software development activities.
- Establish and maintain risk profiles for business units by facilitating the implementation and ongoing management of the SDLC (software-development-lifecycle)
- Collaborate threat intelligence, cybersecurity, security engineering and other risk functions to develop and maintain a holistic security strategy and remediation plans.
- Establish a threat modelling architecture that is measurable and relatable to business to increase maturity on software development practices.
- Collaborate with feature teams, product owners, architecture, IT, business, vendors and other stakeholders to investigate development activities.
- Assist in documenting and tracking security findings into a formal risk register. Provide the necessary information to support any deviation to IT Security policies and standards.
- Facilitate the use of secure architectural patterns and work with the security engineers to translate these patterns into line of business secure builds.
- Embed the use of self-service and automated security testing into the DevOps/Software Development Lifecycle.
- Facilitate continuous technical system reviews by working with the Penetration Test Team and assist business with interpretation and implementation of required controls.
- Recommend the implementation of effective controls to support defined security policies and standards. Co-ordinate and track the implementation of remediation plans.
- Establish relevant metrics and produce risk reports for stakeholders highlighting key risks, threats, incidents progress and status to assist in decision making.
- Participate in IT Security incident response planning and investigation of security breaches, and assist with disciplinary and legal matters associated with such breaches as necessary.

**Skills**:

- Solid understanding and good working knowledge of SAFe and Agile software development
- Interest in artificial intelligence, machine learning and robotics process automation
- Excellent written and verbal communication skills
- Strong facilitation, negotiation and conflict resolution skills
- Strong analytical and problem-solving skills, including the ability to decompose high level information into finer detail
- Proven ability to multi-task and work independently, as well as collaboratively as part of a cross-functional team
- Experience influencing and directing the actions of team members not directly under one’s line management responsibilities

**Work Experience**:

- Experience with cybersecurity frameworks such an NIST or ISO
- Five or more years’ relevant industry experience in software development practices.
- Experience within the Insurance and /or financial services sector is advantageous
- Knowledge of IT risk management principles and practices

**Qualification Requirements**:

- Bachelor’s degree in Computer Science, Information Systems Management, Cybersecurity, Information Assurance or a tertiary (3-year) qualification in a related field
- Any of the following certifications, in good standing, will be an added advantage: CRISC, CGEIT, CISA, CISM, CISSP or CCSP

**Job Types**: contract 12-months, renewable

**Salary**:market-related

**COVID-19 considerations**:
All COVID-19 precautions will be adhere to. Initial interviews will be conducted via telephone and/or video meetings.

**Education**:

- Bachelors (required)

**Experience**:

- Software development: 5 years (preferred)
- cybersecurity frameworks such an NIST or ISO: 1 year (preferred)

License/Certification:

- CRISC, CGEIT, CISA, CISM, CISSP or CCSP (required)