Key Responsibilities
- Define, document, and implement software security policy,
secure coding practices and guidelines for the bank in line with industry
best practices and technologies commensurate with risk and regulatory
requirements.
- Develop, implement, and maintain a software security assurance
framework which that shall guide information security team in security and
risk assessments of applications, as well as provide security requirements
for developers and third parties to adhere to.
- Lead Information Security involvement in all software and
application implementation projects and scrum teams to ensure all
applications and changes meet set information security requirements before
introduction to production environments.
- Collaborate with Enterprise Architecture and Business Services
& Solutions teams to identify application/software security
improvements and plug-in identified security controls in DevOps tools.
- Perform and coordinate regular trainings on secure coding,
software security and application security practices for the development
and other KCB technology teams at regular intervals.
- Collaborate in the continuous monitoring and defense of the
Bank’s critical applications, such as core banking, and digital channels,
for cybersecurity threat indicators; report on violations and security
measures taken to address threats.
- Identify, integrate, and maintain security tools, such as SAST
and DAST tools (Static/Dynamic Application Security Testing), standards,
and processes into the software development or product life cycle (SDLC /
PLC), and CI/CD pipelines.
- Participate in performing risk assessments for business
solutions for inherent security risks and provide recommendations for
addressing such risks.
- Define, create, and deliver software/application security
compliance reports and relevant metrics to the Bank’s Senior Management.
- Protects the bank’s applications and systems by defining
access privileges and other security control structures.
Qualifications
For the above position, the successful applicant
should have the following:
- Bachelor of Science in Information Technology/Computer
Science/Telecommunications / Engineering (Electrical, Electronic).
- Any of the listed professional qualifications in Information
Security certification such as the following or any other equivalent is
required: CDP: Certified DevSecOps Professional, CSSLP: Certified Secure
Software Lifecycle Professional, CISM: Certified Information Security
Manager, CISA: Certified Information Systems Auditor, CISSP: Certified
Information Systems Security Professional
- 5 years’ experience in Technology.
- 2 years’ experience in Information Security.
- 1 year knowledge/ experience in Application Security within
Secure SDLC and DevSecOps.
- 1 year experience in Banking Operations.
- 1 year experience in software development or scripting.
- 1 year experience in Project Implementation and user training.
How To Apply
