Senior Specialist, Application Security at A Renowned Company

A renowned company in the financial services industry specialized in the use of technology for revenue collection and management requires the
service of the following personnel who must be highly skilled and experienced.

Job Objectives

• Establish strategic direction for the Application Security program and establish project plans for application security strategy execution
• Accountable for the implementation, operational management and ownership of all areas of application security
• Ensure a formal set of processes are in place by which the group can identify various security concerns, gaps and remedial actions to ensure optimal security of its IT operations

Reports To:

Managing Director/ Head, Technology
(administrative reporting)
Job Responsibilities
Department: Application Security Supervises:
Specialist, Application Security

Key Performance Indicators
Competence Requirements

• Enforce security policies and procedures across the applications landscape
• Ensure efficient user & access management as per access profile
• Ensure auditing of security policies and procedures
• Identify, investigate, and report on suspected breaches and review findings with key stakeholders
• Oversee the development of security policies
• Manage Information Security Application Security staff in identifying, developing, implementing and maintaining information
• security processes across the suite of business applications to
• reduce risks, respond to incidents and limit exposure to liability.
• Implements tools and strategies to ensure the successful implementation of the Application Security Program
• Ensure detailed security designs match high level designs and are traceable to requirements in functional specification
• Ensure security designs produced adhere to architectural roadmap
• and support the development, execution and operations of service
• Research emerging technologies in support of security enhancement and development efforts
• # of application security violations/incidents
• # of security incidents due to incorrect patch / no patch
• deployment
• Timely reporting of security incidents / violations
• # of security awareness
• communications
• # of formal security trainings
• % of employees covered through formal security
• trainings
• # of security breaches encountered / reported at service Desk
• # of security breaches identified and resolved (i.e., mitigating actions identified and acted
• Working knowledge of database and application security
• Experience within the information security domain
• Knowledge of risks related to key platforms
• Good knowledge of application security control mechanisms
• Strong interpersonal skills to work with different teams within and outside of the Company
• Good understanding the Software Development Life
• Cycle Methodologies such as Waterfall, Agile
• Exposure to the Application Security Vulnerabilities
• (as listed in OWASP Top 10), Security Testing methodologies and related tools
• Programming experience
• Problem Solving
• English
• Develops and implements secure code practices program which includes threat modelling and automated application scanning
• Communicates effectively with application development teams and clients to address complex information security issues
• Reviews documentation created by direct reports to provide constructive feedback.
• Work with client facing teams to ensure information security initiatives are understood and implemented.
• Establishes goals and objectives for team performance and manages attainment of those goals.
• Develops and ensures services in response to various risks and threats.
• Accountable for technical information security architecture, system security designs, implementation, and management of information
• security systems and/or programs for the protection of the application environment.
• Keeps senior management apprised on the status of information security issues and initiatives.
• Review technical security reports
• Nominal budgetary responsibility or ability to spend
• upon) within SLA / agreed timelines
• % decrease in the impact of security breaches and incidents

Specification/Qualification
Educational Qualification  
Minimum of a Higher National Diploma (HND) in Computer Science, Computer Engineering or related areas

Professional Qualification
Possession of the following certification is recommended: SSCP / CISSP, CISM

Desired Experience 
7 to 10 years of functional experience