We are currently looking for a DevSecOps Lead in Johannesburg and Cape Town to implement and maintain a comprehensive DevSecOps Security Program. This is a 1st line of defence role and will report to the Chief Information Security Officer. The candidate will fit in best with the company culture if they value honesty, integrity, reliability, and can interact, communicate with, and share knowledge with colleagues at all levels, whilst treating them with the utmost respect and professionalism. Bachelor's or Master's degree in Technology related field. Information Systems Security degree will be a plus. 8 to 10 years of Technology experience and out of which a minimum of 3 years in a DevSecOps role. Experience in managing DevSecOps in banking and financial services industry will be a big plus. Experience in implementing and automating cybersecurity controls for CI/CD pipelines. Implement a comprehensive DevSecOps security program to protect applications and supporting infrastructure from both internal and external threats. Embed the use of self-service and automated security testing into the DevOps/Software Development Lifecycle. Define rules and policies for all CI/CD Pipeline security tools and platform security tools. Establish strong governance and assurance controls and processes to continuously measure and improve coverage and operating effectiveness of controls. Conduct reviews of applications, systems, underlying infrastructure, and related processes relating to software development practices. Facilitate the use of secure architectural patterns and work with the security engineers to translate these patterns into line of business secure builds. Assist in documenting and tracking security findings into a formal risk register. Provide the necessary information to support any deviation to IT Security policies and standards. Establish a threat modelling architecture that is measurable and relatable to business to increase maturity on software development practices. Collaborate with feature teams, product owners, architecture, IT, business, vendors and other stakeholders to investigate development activities. Establish relevant metrics and produce risk reports for stakeholders highlighting key risks, threats, incidents progress and status to assist in decision making.