DevSecOps Lead

Your time is now to be your exceptional best at Old Mutual!

Job Description

The Python Backend Engineer is responsible for implementing and maintaining a comprehensive DevSecOps Security Program. This is a 1st line of defence role and will report into the Chief Information Security Officer of the bank.

The candidate will fit in best with the company culture if they value honesty, integrity, reliability, and can interact, communicate with, and share knowledge with colleagues at all levels, whilst treating them with the utmost respect and professionalism

KEY RESULT AREAS

• Implement a comprehensive DevSecOps security program to protect applications and supporting infrastructure from both internal and external threats.
• Embed the use of self-service and automated security testing into the DevOps/Software Development Lifecycle.
• Define rules and policies for all CI/CD Pipeline security tools and platform security tools
• Establish strong governance and assurance controls and processes to continuously measure and improve coverage and operating effectiveness of controls
• Conduct reviews of applications, systems, underlying infrastructure, and related processes relating to software development practices.
• Facilitate the use of secure architectural patterns and work with the security engineers to translate these patterns into line of business secure builds.
• Assist in documenting and tracking security findings into a formal risk register.
• Provide the necessary information to support any deviation to IT Security policies and standards.
• Establish a threat modelling architecture that is measurable and relatable to business to increase maturity on software development practices.
• Collaborate with feature teams, product owners, architecture, IT, business, vendors and other stakeholders to investigate development activities.
• Establish relevant metrics and produce risk reports for stakeholders highlighting key risks, threats, incidents progress and status to assist in decision making.

Role Requirements

• Bachelor's or Master's degree in Technology related field. Information Systems Security degree will be a plus.
• 8 to 10 years of Technology experience and out of which a minimum of 3 years in a DevSecOps role
• Experience in managing DevSecOps in banking and financial services industry- advantageous.
• Experience in implementing and automating cybersecurity controls for CI/CD pipelines
• Professional security certifications, such as CSSLP, CISSP or CISM
• Strong knowledge of vulnerability & threat management
• Knowledge of Python and Dart languages will be a plus

The appointment will be made from the designated group in line with the Employment Equity Plan of Old Mutual South Africa and the specific business unit.

Skills

Education

Closing Date

03 August 2023

Old Mutual Limited is pro-vaccination and encourages its workforce to be fully vaccinated against Covid-19.

All prospective employees are required to disclose their vaccination status as part of the recruitment process.

Please refer to the Old Mutuals Covid-19 vaccination policy for further detail. Kindly note that Old Mutual reserves the right to reinstate the requirement to vaccinate at any point if it is of the view that it is imperative to do so.