Job Purpose
The Director, DevSecOps is responsible for providing communication, integration, automation, and fluid cooperation between all cross-functional teams to plan, develop, test, deploy, release, and maintain a solution; managing and leading DevSecOps team to design, implement, automate, and enhance the Continuous Delivery/Continuous Integration pipelines that represent the DevSecOps ways of working, workflows, and git operations to deliver functionalities from proof of concepts to an on-demand release of value to the end user.
Key Accountabilities (1)
Main Work
- Continuous Delivery Through DevSecOps Factory:
- Build, map and optimize the delivery of Continuous Delivery pipelines by addressing key elements such as: Process time, Lead time, Delay time, Percentage of completion and accuracy.
- Continuous Exploration by analyzing and researching the development and implementation of new technologies/features
- modification and improvement of existing architectures
- define and prioritize activities in the platform backlog according to its needs.
- Continuous Integration by building, integrating features, bugs fixing the new versions of services and platforms
- automating end-to-end testing and validating application services on non-production environments.
- Continuous Deployment of services and platforms from non-production all the way to production.
- Release applications/services features fast, efficiently, and first to market on demand of business.
- DevSecOps Factory:
- Build, implement, improve and measure DevSecOps factory: Tools Chain, Culture, Ways of Working, Mind Set
- Build, automate, enhance, and integrate security governance: Application v platform continuous security monitoring
- API security Testing
- Penetration testing
- Protocol Fuzzing
- Threat Modeling.
- Report periodically to the Head of IT Infrastucture Services.
Key Accountabilities (2)
Optimization And Compliance
- Implement and enhance automated Test and Verification, with:
- Verification of expected business value.
- Defects found and fixed immediately (Roll forward)
- Increase visibility with automated generation of Information and Reporting, by providing:
- Dynamic self-service of information
- Customizable dashboards
- Cross-reference across organizational boundaries
- Engage stakeholders early and consistently throughout the SDLC, leading to few defects and incorrect requirements.
- Build trust between software engineering and IT, enable organic process improvement and risk mitigation.
- Maximize business value by enabling technical staff to adapt to changing requirements or environmental factors.
- Ensure that team members fulfill their commitments on service quality and comply with the Bank's regulations and policies.
Key Accountabilities (3)
PEOPLE MANAGEMENT
- Oversee human resources planning and execution (headcount & costs) of their function/ sub- function
- Attract, onboard and retain the right talents for a high- performing team
- Establish and communicate sub- function/ function and individual KRAs/ KPIs, goals, action plan, expectations and results to reporting line
- Manage sub- function/ function performance & provide feedback regularly (following the annual performance management cycle)
- Define team's capability requirements and enable team member's professional and personal development through capability assessment, training, coaching & feedback, mentoring, etc.
- Motivate and recognize team members contributions towards the team's shared goals
- Responsible for developing talents within the function/ sub- function
- Act as a role model and promote corporate culture at function/ sub- function level
- Understand & communicate relevant HR offerings to team members.
Success Profile - Qualification and Experiences
Education Background / Experience
- Graduated from university majoring in Computer Science / Engineering, Software Engineering, or Information Technology.
- At least 12 years of experience in software development, with a minimum of 7 years of experience in DevSecOps setup.
- Expert knowledge of DevSecOps factory pipeline components and DevSecOps metrics.
- Expert knowledge and handson experience working with public and hybrid cloud environments.
- Handson experience across the full engineering lifecycle, including code, commit, code review, documentation, testing, integration, QA, and monitoring for both frontend and backend technologies.
- Expert knowledge and working experience with DevSecOps toolchains and security governance.
- Expert knowledge and working experience with Infrastructure as Code and configuration management.
- At least 6 years of experience in a management position.
- Holds International Certificate of System; Master Degree is an advantage.
- English proficiency, in line with TCB's regulations in each period.
