Principal Application Security Architect - Cape Town, South Africa - Sanlam

    Sanlam
    Sanlam Cape Town, South Africa

    1 month ago

    Sanlam background
    Description

    CAREER OPPORTUNITY

    Santam BITS has a career opportunity for a senior role of Principal Application Security Architect in the Business Information and Technology Services (BITS) department which is based in the Western Cape or Gauteng.

    KEY RESPONSIBILITIES

  • Driving a comprehensive application security strategy.
  • Threat mitigation and risk management.
  • Secure architecture and design.
  • Vulnerability management and code reviews.
  • Securing the development lifecycle.
  • Collaboration and communication with development teams and other stakeholders.
  • Protecting global assets.
  • Understanding regional requirements.
  • Lead the development and execution of application security assessments.
  • Ensure applications comply with all relevant security standards and regulations.
  • Champion a "security by design" culture.
  • Develop and maintain application security documentation.
  • Develop and manage risk mitigation strategies.
  • Work with other security teams (e.g., security operations, etc.)
  • Stay up-to-date on the latest application security threats and vulnerabilities.
  • Application Security Incident Response and Cyber Crisis Management.
  • Participate in Group Information Security Programme (GISP) initiatives.
  • Application Security (including cloud security), Infrastructure Security, and Cybersecurity Education, Training and Awareness.
  • Provide regular feedback to Santam Manco on Group-wide application security issues.
  • Clear and timely communication to management and users regarding application security matters.
  • Application Security Risk assessment that identifies a requirement for additional awareness or targeted education, training, and awareness interventions.
  • Review and respond to all application security-related audit findings.
  • Produce required application security reports.
  • Ensure that security 'gates' are a formal part of the SDLC/ Agile/ relevant solution development methodology.
  • Active participation in Sanlam-sanctioned industry bodies (e.g. ISF Live, ISACA, FS-ISAC)
  • Timeous escalation of new, high or escalating cybersecurity risks.
  • Engage with application owners and the Group Cyber Security Centre (GCSC) Operations Team to ensure that system vulnerabilities identified during penetration tests, Red Team exercises, or vulnerability scans are addressed.
  • Ensure that the Group CIO is aware of risks and actions required.
  • Find & provide root cause analysis and implement permanent and/or long-term fixes for application security-related incidents.
  • Strong understanding of integration between Workstations and Network/Servers

    • QUALIFICATIONS AND EXPERIENCE

  • A bachelor's Degree or Diploma in Cybersecurity, Computer Science, Information Systems, or a related field, or equivalent work experience.
  • A Recognised Cyber Security Certification(s) (e.g., Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Ethical Hacker (CEH), or similar certification will be an advantage.
  • With 15+ years of experience in software engineering, a significant portion of that in an architectural position focusing on cybersecurity within complex organisations, preferably in the financial services sector. The incumbent must have a solid technical software engineering background with a deep understanding of cybersecurity concepts, threats, and vulnerabilities.

    • COMPETENCIES

  • High Stress Tolerance.
  • Building and maintaining relationships.
  • Teamwork and ability to function independently.
  • Facilitation Skills.
  • Adaptability.
  • Attention to detail.
  • Planning and organising.
  • Ability to work independently.
  • Interpersonal savvy.
  • Decision quality.
  • Plans and aligns.
  • Optimises work processes.
  • Being resilient.
  • Collaborates.
  • Cultivates innovation.
  • Customer focus.
  • Drives results.
  • Sensitivity to Risk
  • Balances Stakeholders
  • Reporting and Administration

    • ADDITIONAL COMPETENCIES AND SKILLS

  • Programming Languages: It is crucial to understand the security considerations of languages like Java, Python, C#, JavaScript and emerging ones like Kotlin.
  • Web Technologies: Familiarity with HTML, CSS, JavaScript frameworks like React and Angular, and web application security concepts is essential.
  • Mobile Development: Security expertise in Android, iOS, and cross-platform frameworks like Flutter helps secure sensitive data on user devices.
  • Cloud Security: A deep grasp of cloud platforms like AWS, Azure, and GCP and their security implications is vital for secure cloud deployments.
  • API Security: Understanding API security best practices is critical to prevent unauthorized access and data breaches.
  • Vulnerability Understanding: In-depth knowledge of common and obscure vulnerabilities in various technologies allows for accurate identification and exploitation for testing and mitigation purposes.
  • Secure Coding Practices: Expertise in secure coding principles and best practices for different languages and frameworks empowers proactive vulnerability prevention.
  • Threat Modelling: The ability to analyse application architecture and functionality to anticipate potential attack vectors and proactively address them is crucial.
  • Security Scanners and Code Analysis Tools: It is vital to understand how to use these tools to identify vulnerabilities in code and recommend remediation strategies.
  • Penetration Testing Tools: Familiarity with these allows for thorough vulnerability assessment and simulating real-world attack scenarios.
  • Security Incident Response Tools: Knowledge of incident response tools and methodologies helps them effectively handle security breaches and minimize damage.
  • Cryptography and Encryption: Understanding encryption algorithms and their application in securing data is essential.

    • ADDITIONAL COMPETENCIES AND SKILLS

    ABOUT THE COMPANY

    Santam is the leading short-term insurer in South Africa. Along with its subsidiaries, the business transacts all classes of short-term insurance. Santam is a large, diversified, and transforming company and our success is rooted in our passion for our clients. Everything we do is centered on our delivery of Insurance Good