Working for a global System Integrator (SI), we are looking for a candidate with areas of expertise in Application Security, working in Agile teams and having good communication skills to bridge the technical and business stakeholders around a risk based conversation for the client. Needs to be a self-starter and able to take the initiative on addressing the challenges of building the appropriate security controls in the applications whilst keeping the approach pragmatic from a risk perspective.
- Manages aspects of the product lifecycle enabling the product to meet the needs of customers/users and achieve financial or other targets.
- Acts as product owner for one or more lower-value products or services; prioritises product requirements and owns a product backlog.
- Analyses market and/or user research, feedback, expert opinion and usage data to understand needs and opportunities.
Change Management & Release Management
- Assesses, analyses, develops, documents and implements changes based on requests for change.
- Assesses and analyses release components.
- Provides input to scheduling. Carries out the builds and tests in coordination with testers and component specialists maintaining and administering the tools and methods – manual or automatic – and ensuring, where possible, information exchange with configuration management.
- Ensures release processes and procedures are maintained.
Business & Requirement Analysis
- Investigates operational requirements, problems, and opportunities, seeking effective business solutions through improvements in automated and non-automated components of new or changed processes.
- Assists in the analysis of stakeholder objectives, and the underlying issues arising from investigations into business requirements and problems, and identifies options for consideration.
- Works with stakeholders, to identify potential benefits and available options for consideration, and in defining acceptance tests.
- Contributes to selection of the business analysis methods, tools and techniques for projects; selecting appropriately from predictive (plan-driven) approaches or adaptive (iterative/agile) approaches.
- Contributes to selection of the requirements approach for projects, selecting appropriately from predictive (plan-driven) approaches or adaptive (iterative/agile) approaches.
- Defines and manages scoping, requirements definition and prioritisation activities for initiatives of medium size and complexity.
- Facilitates input from stakeholders, provides constructive challenge and enables effective prioritisation of requirements. Reviews requirements for errors and omissions.
- Establishes the requirements base-lines, obtains formal agreement to requirements, and ensures traceability to source.
- Investigates, manages, and applies authorised requests for changes to base-lined requirements, in line with change management policy.
- Experience in conducting interviews and delivering information security assessments of the current infrastructure, projects, new technologies, external service providers and information security related changes.
- Strong understanding of enterprise-level information systems and technology architectures, expertise in network security, cryptography, virtualization, cloud security concerns.
- A solid understanding of ISO2700X, PCI-DSS, ITIL is a must.
- Technically aware of current threats and trends, emerging information security solutions / vendor products, strong analytical skills, ability to create new business models.
- Ability to provide a clear framework for performance to direct reports or to project teams
- Pro-active (engaging & impact-oriented) mindset, ability to think end-to-end.
- Business- and solution-oriented, global mindset of strategic orientation, with ability to act tactically as required.
- Ability to be self-directed while working under tight deadlines, must be able to perform well under pressure.
- Ability to work in a fast-paced environment with different international cultures.
- Ability to define problems, collect data, establish facts, carry out logical analysis, and draw valid conclusions.
- Ability to cope with change, make decisions and act comfortably with risk and uncertainty.
- Strong communication (both written and verbal in English) and facilitation skills (small and large groups), especially when interacting with different levels of business.
Technical Experience / Qualification:
- 8+ years of progressive work experience in at least three of the following domains: Security and Risk Management; Asset Security; Security Engineering; Communications and Network Security; Identity and Access Management; Security Assessment and Testing; Security Operations; Software Development Security.
- 3-5 years of experience in managing a team
- CISSP, CISM or similar certification desired
- CISSP-ISSAP, OSCP, TOGAF Certified, SABSA Chartered Security Architect Certifications, CCSP, AWS Certified Solutions Architect certifications are a plus
- Strong knowledge of Cloud, CI/CD Pipeline Components
- Expertise in the deconstruction of application stacks associated with bare-metal, SaaS, and PaaS architectures
- Understanding of how to detect and remedy security issues associated with OWASP Top 10
- A track record in systems integration, solutions modelling, services design is desired.
- Competitive Basic / day rate