Responsibilities:
- Define, document, and implement software
security policy, secure coding practices and guidelines for the bank in
line with industry best practices and technologies commensurate with risk
and regulatory requirements.
- Develop, implement, and maintain a
software security assurance framework which that shall guide information
security team in security and risk assessments of applications, as well as
provide security requirements for developers and third parties to adhere
to.
- Lead Information Security involvement in
all software and application implementation projects and scrum teams to
ensure all applications and changes meet set information security
requirements before introduction to production environments.
- Collaborate with Enterprise Architecture
and Business Services & Solutions teams to identify
application/software security improvements and plug-in identified security
controls in DevOps tools.
- Perform and coordinate regular trainings
on secure coding, software security and application security practices for
the development and other KCB technology teams at regular intervals.
- Collaborate in the continuous monitoring
and defense of the Bank’s critical applications, such as core banking, and
digital channels, for cybersecurity threat indicators; report on
violations and security measures taken to address threats.
- Identify, integrate, and maintain
security tools, such as SAST and DAST tools (Static/Dynamic Application
Security Testing), standards, and processes into the software development
or product life cycle (SDLC / PLC), and CI/CD pipelines.
- Participate in performing risk
assessments for business solutions for inherent security risks and provide
recommendations for addressing such risks.
- Define, create, and deliver
software/application security compliance reports and relevant metrics to
the Bank’s Senior Management.
- Protects the bank’s applications and
systems by defining access privileges and other security control
structures.
Qualifications:
Bachelor’s
Degree
- BSc. Information Technology /Computer
Science / Telecommunications / Engineering (Electrical, Electronic)
- CDP: Certified DevSecOps Professional
- CSSLP: Certified Secure Software
Lifecycle Professional
- CISM: Certified Information Security
Manager
- CISA: Certified Information Systems
Auditor
- CISSP: Certified Information Systems
Security Professional
Master’s Degree-MBA/MSc
Experience:
- Experience in Information Security
- Strong Application Security
- knowledge, experience within Secure SDLC
and DevSecOps
- Experience in Banking Operations
- Experience in Project Implementation and
user training
How To Apply