Principal Application Security Architect at Santam Insurance

CAREER OPPORTUNITY

• Santam BITS has a career opportunity for a senior role of Principal Application Security Architect in the Business Information and Technology Services (BITS) department which is based in the Western Cape or Gauteng.

KEY RESPONSIBILITIES

• Driving a comprehensive application security strategy.
• Threat mitigation and risk management.
• Secure architecture and design.
• Vulnerability management and code reviews.
• Securing the development lifecycle.
• Collaboration and communication with development teams and other stakeholders.
• Protecting global assets.
• Understanding regional requirements.
• Lead the development and execution of application security assessments.
• Ensure applications comply with all relevant security standards and regulations.
• Champion a "security by design" culture.
• Develop and maintain application security documentation.
• Develop and manage risk mitigation strategies.
• Work with other security teams (e.g., security operations, etc.)
• Stay up-to-date on the latest application security threats and vulnerabilities.
• Application Security Incident Response and Cyber Crisis Management.
• Participate in Group Information Security Programme (GISP) initiatives.
• Application Security (including cloud security), Infrastructure Security, and Cybersecurity Education, Training and Awareness.
• Provide regular feedback to Santam Manco on Group-wide application security issues.
• Clear and timely communication to management and users regarding application security matters.
• Application Security Risk assessment that identifies a requirement for additional awareness or targeted education, training, and awareness interventions.
• Review and respond to all application security-related audit findings.
• Produce required application security reports.
• Ensure that security 'gates' are a formal part of the SDLC/ Agile/ relevant solution development methodology.
• Active participation in Sanlam-sanctioned industry bodies (e.g. ISF Live, ISACA, FS-ISAC)
• Timeous escalation of new, high or escalating cybersecurity risks.
• Engage with application owners and the Group Cyber Security Centre (GCSC) Operations Team to ensure that system vulnerabilities identified during penetration tests, Red Team exercises, or vulnerability scans are addressed.
• Ensure that the Group CIO is aware of risks and actions required.
• Find & provide root cause analysis and implement permanent and/or long-term fixes for application security-related incidents.
• Strong understanding of integration between Workstations and Network/Servers

QUALIFICATIONS AND EXPERIENCE

• A bachelor’s Degree or Diploma in Cybersecurity, Computer Science, Information Systems, or a related field, or equivalent work experience.
• A Recognised Cyber Security Certification(s) (e.g., Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Ethical Hacker (CEH), or similar certification will be an advantage.
• With 15+ years of experience in software engineering, a significant portion of that in an architectural position focusing on cybersecurity within complex organisations, preferably in the financial services sector. The incumbent must have a solid technical software engineering background with a deep understanding of cybersecurity concepts, threats, and vulnerabilities.