Job Description

Brief description

The main purpose of this position is to provide technical leadership and guidance in the application and integration security function in support of secure business applications development, implementation and maintenance for the South African Reserve Bank (SARB).

Detailed description

The successful candidate will be responsible for the following key performance areas:


Contribute to the compilation of divisional operational plans and take responsibility for the implementation and monitoring thereof. Manage and direct the development and maintenance of the Secure Systems Development Life Cycle procedures and standards based on the SARB environment and manage the implementation thereof, ensuring that the solutions are free from security vulnerabilities. Lead and manage the vulnerabilities threat process (threat modelling and risk assessments) in support of building an advanced security posture for the SARB. Address the application and integration security audit findings to reduce the SARB's threat landscape and improve its application security posture. Lead and guide the security component of the information technology (IT) projects, upholding code reviews and ensuring compliance to security standards during each stage of the project development life cycle. Implement and manage application security tools (e.g. Static Application Security Testing, Dynamic Application Security Testing, Software Composition Analysis) to automate security testing and monitoring. Lead the response to application security incidents (in compliance with security major incident response procedures), including root cause analysis and remediation efforts. Develop and deliver the application and integration security awareness campaigns, oversee training to all key stakeholders (including developers, testers and business analysts) and improve secure coding practices across the SARB. Provide consolidated and integrated reports and analytics for various forums on the state of application and integration security, including metrics and key performance indicators. Identify and mitigate risks related to the application and integration security environment and ensure compliance with relevant governance frameworks. Keep abreast of best practices and development in the field of application and integration security and ensure continual improvement, while ensuring the SARB applications comply with relevant security standards and regulations (e.g. Open Worldwide Application Security Project, General Data Protection Regulation, Payment Card Industry Data Security Standard). Lead stakeholder engagements (internal and external), in support of the sound security posture in the SARB. * Fulfil the line management function in relation to the development and performance of the team, providing guidance and leadership to development teams and security staff.