Picture
 
AIR TRAFFIC AND NAVIGATION SERVICES COMPANY (ATNS)
 


HEAD OF SECDEVOPS RE-ADVERTISEMENT
Listing reference: atns_000505
Listing status: Online
Apply by: 8 October 2024
Position summary
Industry: Aviation & Aerospace
Job category: Others: Transport and Logistics
Location: Johannesburg
Contract: Permanent
Remuneration: Market Related
EE position: Yes
About our company
ATNS
 
Introduction
Applications are invited for the position of Head of SecDevOps based at Head Office (Bruma). The successful applicant will be reporting to the Chief Technology & Information Officer. Overview To develop and implement a SecDevOps strategy and roadmap in line with the vision and strategy of the organization. To leverage evolving practices in security, application development, operations and sourcing to provide a world class, resilient technology environment that enables taking full advantage of opportunities in the digital economy. To implement and oversee Secure Software Development Lifecycle (SSDLC) best practices , fostering a culture of security excellence within cross-functional teams. To lead the secure development and maintenance of ATNS digital platforms, in collaboration with relevant stakeholders.
 
Job description
Major Activities
  • Develop the SecDevOps strategy to contribute to the overall departmental and  organizational strategy.
  • Build upon the International Civial Avialtion Organisation’s  aviation cybersecurity strategy to ensure safety, security and continuity of ATNS services in a world increasingly jeopardized by cybersecurity threats.
  • Actively participate in the development and implementation of the national aviation cybersecurity strategy.
  • Drive the adoption of best practices in software development, configuration and support that integrate principles of lean thinking, continuous improvement and agility, e.g. test-driven development, continuous integration, etc.
  • Lead the secure development and maintenance of ATNS digital platforms, supported by peers working on infrastructure management, data and analytics, and information security, in line with the ATNS modernisation strategy.
  • Establish together with South African Civil Aviation Authority an information sharing group for governance and compliance consisting of all aviation ecosystem role players with a trust framework that can be leveraged by the RSA aviation community as a whole.
  • Participate in relevant regional and international  fora.
  • Collaborate effectively with technology peers and colleagues across the organization.
  • Lead application rationalisation informed by business value analysis of the application inventory.
  • Transform the application landscape through scalable applications and technology, enabling business efficiency and growth.
  • Apply strategic judgement to inform build or buy decisions.
  • Ensure that all applications adhere to relevant standards.
  • Provide cybersecurity technical leadership and guidance in relevant local, regional and international bodies.
  • Develop and maintain the Applications roadmap in line with agreed priorities, initiatives and expected operational service levels.
  • Ensure compliance with relevant legal and policy frameworks. 
  • Develop and maintain relevant policies, processes, procedures and standards.
  • Facilitate secure software development lifecycle , ensuring the infusion of security into every phase of systems development and operation.
  • Provide cybersecurity controls (covering people, processes and technology) designed to protect CNS systems, networks and data from digital attacks.
  • Schedule and implement regular maintenance of applications in order to maintain system reliability and stability .
  • Drive cybersecurity controls to ensure that the aviation infrastructure systems and information systems ranging from legacy systems to next generation satellite communication systems are resilient to cyber-attacks and remain safe and trusted globally, whilst continuing to innovate and grow in all the defined or determined areas within the South African sovereign and delegated continental and oceanic airspace.
  • Manage solution delivery initiatives, build or buy, to ensure quality coding and/or that solutions are delivered efficiently.
  • Collaborate with all relevant technology peers in every phase of the value chain: project management, architecture, information security, quality assurance, business and technical specifications, etc.
  • Facilitate continuous improvement of the application development/sourcing processes.
  • Establish appropriate metrics for performance measurement of the Applications Team.
  • Risk Management: Identify, evaluate, and mitigate security risks, partnering with teams to conceive risk mitigation strategies.
  • Agile Collaboration: Actively participate in all planning meetings and stand-ups, addressing security concerns and risks within an agile development framework.
  • Incident Response: Lead and coordinate security incident response, encompassing investigation and resolution.
  • Policy and Process Management: Create, revise, or archive security policies and documented processes in alignment with industry best practices.
  • Technology Trends: Remain abreast of emerging technology trends, frameworks, and security methodologies to bolster software security.
  • Security Advocacy: Cultivate a culture of secure coding and configuration across all applications and features.
  • Leadership and Team Management: Oversee and mentor a team of DevSecOps engineers and specialists. Set clear objectives, provide consistent feedback, and support team members' professional growth. Foster a collaborative and innovative team milieu.
  • DevSecOps Strategy: Formulate and execute a DevSecOps strategy that aligns with the organization's objectives. Define and continuously enhance DevSecOps processes and practices.
  • Automation and Tools: Implement and manage SecDevOps automation tools and technologies. Continuously evaluate and select appropriate tools to augment the SecDevOps pipeline.
  • Maintain constructive and productive stakeholder relations across the business and with relevant external related parties.
  • Visible and active leadership to the organisation's applications landscape.
  • Develop a RACI matrix that clearly identifies and assigns information security roles for the various ATSEPs and other stakeholders.
  • Identify key risks, develop and implement effective mitigating plans and actions in order to avoid or minimise relevant risks, and report and raise these risks in the appropriate forums.
  • Ensure optimisation of resources through effective deployment and management of skills.
  • Develop a robust cybersecurity culture through structured training and awareness programs to capacitate the ATSEPs from end to end i.e. Cybersecurity Education, Training and Skills.
  • Ensure that staff is managed in accordance with HC policies, processes and practices.
  • Ensure continuous development of staff. Ensure that staff remain suitably trained to achieve expected performance outcomes in a dynamic technology environment.
  • Ensure effective management of finance in line with business priorities and within financial parameters.
 
Minimum requirements
Minimum Qualifications
  • Bachelor’s degree in Information Technology, Information Systems or a related field
  • Post Graduate Degree in Information Technology, Information Systems or a related field           
  • Master's degree preferred
  • Certification: PMI-ACP, OSCP, CEH, CISSP. Other certifications like TOGAF, ITIL, COBIT or related certifications would be an advantage.
  • Knowledge of cloud technologies (Infrastructure or DevOps or Solution Architecture), Certification will be advantageous 
  • ISACA Professional Registration is an advantage
  • Leadership qualification in a field relevant to aviation/aerospace/aeronautics
 
Minimum Experience
  • Seasoned professional required with minimum 10 years' experience in Information Technology of which at least 5 years' experience in SecDevOps or a related field, and 5 years' experience in managing technical team(s).
  • Experience in a high technology electronic environment with in-depth knowledge and understanding of aeronautical communication, navigation, surveillance and satellite systems is also required.
  • Must be experienced in SecDevOps and Agile software development principles, an advocate of lean thinking and display an appreciation for cybersecurity and continuous improvement.
 
Key knowledge requirements:
  • Excellent stakeholder management: tactful, diplomatic and empathetic to clients, colleagues and subordinates.
  • In-depth working knowledge of ICAO global and regional plans and SARP’s.
  • A working knowledge of ITU regulations.
  • Demonstrated experience in DevSecOps leadership and security management.
  • Secure Development: Strong knowledge of secure software development practices and methodologies.
  • Security Standards: Familiarity with OWASP top 10 and other security standards.
  • Vulnerability Management: Proficiency in vulnerability management tools and practices.
  • Agile Experience: Agile development experience is a plus.Experience in C# or Java, along with proficiency in NodeJS/JavaScript/Typescript/Ruby.
  • Proven experience with continuous integration and continuous delivery (CI/CD) pipelines, including tools like Jenkins, Code Pipeline, and CodeBuild.
  • Knowledge of the aviation regulatory framework and relevant legislation.
  • Proficiency with Version Control tools such as GitHub, GitLab, or Bitbucket.
  • Familiarity with CI/CD platforms such as Jenkins, GitLab CI/CD, DevOps, CircleCI, or Travis CI.
  • Containerization and Orchestration: Experience with containerization technologies like Docker, Kubernetes, Docker Swarm, and OpenShift.
  • Cloud Experience: Proficiency in cloud platforms like Owncloud, AWS, Openstack, Azure, or Google Cloud Platform.
  • Familiarity with security frameworks such as OWASP and SANS.
  • Hands-on experience with DevSecOps tools such as SonarCloud, SonarQube, OWASP ZAP, Burp Suite, Snyk, Fortify, and QualysGuard.
 
APPLY










INVESTIGATION AND STANDARDS SPECIALIST
Listing reference: atns_000507
Listing status: Online
Apply by: 9 October 2024
Position summary
Industry: Aviation & Aerospace
Job category: Operations Management
Location: Bedfordview
Contract: Permanent
Remuneration: Market Related
EE position: No
About our company
ATNS
 
Introduction
Applications are invited for the position of Investigation Standards Specialist (Peromnes Grade 8) based at Head Office, Bruma. The successful applicant will be reporting to the Manager Aviation Safety (ATS/FPD). Purpose To support the Manager Aviation Safety (ATS/FPD) and the Head of Aviation Safety in managing all associated aspects of the Safety Management System (SMS) and to maintain an effective safety management system and related processes, and provide guidance and advice on safety-related matters.
 
Job description
Regulatory and Governance Compliance - Ensure compliance with Air Traffic Control Standards and Procedures following ATNS Processes (Policies and Procedures), International Civil Aviation Organization (ICAO) - Annexes, documents, and circulars, and Aviation Legislation requirements Civil Aviation Regulation (CAR) & Civil Aviation Technical Standards (CATS);  Ensure ATNS complies with its internal safety processes, procedures, directives, and instructions;  Ensure regulatory compliance for all rating training, operational validations, and assessments by performing practical assessment oversight at the Aviation Training Academy (ATA) and the Air Traffic Service Units (ATSUs);  Mediate disputes raised from unsuccessful rating assessments;  Ensure that ATNS adheres to approved alternative means of compliance, exceptions, and special approvals (designated examiner procedures, and visiting Designated Examiner procedures);  Assist the development, implementation, and maintenance of a Safety Management System;  Lead safety assessments in all change management areas which are subject to the Hazard Identification and Risk Mitigation process;  Monitor and ensure compliance with OHS Act No 85 of 1993 within ATNS;  Represent ATNS at Designated Examiner (DE) workshops;  Distribute all South African Civil Aviation Authority (SACAA) and Accident and Incident Investigation Division (AIID) requests and documents to unit management for actioning;  Facilitate SACAA and AIID enquiries concerning the Safety Management System components and elements;  Conduct investigations when there are identified regulatory and licensing breaches to establish the cause, and provide feedback to the Head of Safety to report to the SACAA.
Safety Reports and Safety Investigations - Receive, evaluate and validate Mandatory Occurrence Reports (MORs), Air Safety Reports (ASRs), Hazard Reports (HAZREPS), and Unfavorable Condition Reports (UCRs) daily and ensure that these are actioned accordingly;  Distribute MORs and investigation reports to the SACAA and AIID respectively a required.  Action all received ASRs, UCRs, and HAZREPS and provide feedback to relevant internal and external parties and stakeholders (e.g.  ATS, OT, etc., and airlines or airport authorities);  Conduct safety investigations and/or reviews with the associated risk analyses and determination of causal factors. Collect all the supporting data and materials where relevant for ATNS-attributed safety events and other selected reports (ASR etc.);  Develop safety recommendations based on the findings of investigations;  Conduct safety investigations when requested by AIID (Accidents, Incidents and Investigations Division);  Collect, collaborate, and distribute safety-related data for the AIID and South African Air  Force (SAAF) to assist in accident and incident investigations;  Compile reports and supporting documentation for events which have no Air Traffic Service (ATS) attribution but impact aviation safety;    Compile and distribute investigation reports to ATSU management. Monitor, track and update the associated safety recommendations;  Evaluate recommendations of previous events with similar findings for implementation and effectiveness;  Assess the efficacy of implemented recommendations;  Participate in the peer review process;  Consolidate safety occurrence data for statistical output when requested;  Identify and monitor safety data trends and report to management;  Coach, mentor and guide unit investigators.
Coordinate internal and external safety audits - Conduct annual and follow-up safety audits for all areas of safety assurance;  Compile safety audit reports containing findings and observations identifying non-compliance and systemic failures within the system;  Formulate recommendations to support findings and observations and to improve the safety of the Air Traffic Management (ATM) system;  Generate a corrective action plan tracker;  Distribute audit reports for approval and disseminate them along with findings and observation tracker to action owners;  Monitor, track, and update all audit findings and non-conformance corrective action plans, ensuring all recommendations are effectively implemented;  Facilitate the exchange of external audit information between ATNS-controlled ATSUs and the external auditor, namely SACAA;  Facilitate safety audits conducted by external auditors;  Guide and coordinate the population and completion of corrective action plans, submit to the external auditor, and monitor and track the progress of the corrective action plans. 
Manage Safety Assessments - Ensure that safety risks and hazards are effectively managed in the event of system change to enable the ongoing provision of safety assurance to ATNS;  Receive safety assessment requests, evaluate the changes required, and register safety assessment on the relevant register;  Ensure the correct and effective composition of the safety assessment team and facilitate hazard and risk identification brainstorming sessions;  Facilitate the estimation and assessment of each identified hazard and associated risks for appropriateness, as well as risk mitigation actions;  Guide the project owner on the population and update the safety assessment hazard log with all identified hazards and risks;  Review and evaluate safety assessment documentation and supporting evidence against all applicable safety objectives, requirements and evidence statements for logic and completeness;  Provide assurance on the implementation of safety risk mitigation.
Coordinate Safety Promotion and Training - Conduct safety presentations to internal and external stakeholders as required;  Share lessons learned from safety events via internal safety publications;  Create safety content for distribution on internal media;  Organise and coordinate appropriate annual safety promotion activities;  Present SMS training across all levels of the organisation and to all employees;  Participate in corporate induction activities;  Train and mentor safety investigators and provide continuation training;  Train and mentor safety assessment specialists;  Conduct safety reporting training across the organization;  Manage all safety-related queries arising from the operations environment. 
Maintain Safety Documentation - Provide inputs and update safety documentation and templates including:  ATNS safety assessment templates,  Hazard log and unit risk registers,  SMS Manual,  ATNS safety policy,  Safety audit report templates,  S&R policies, directives, and instructions,  Manual reporting templates,  SMS training material for induction, operations, and management policies;  Conduct an annual review of audit checklists against all aviation regulations; company  instructions; directives; and memorandums;  Maintain the training curriculum of the unit investigation training course;  Conduct a review of the ATA course curricula and make recommendations to management;  Configure, review and update electronic reporting templates on the reporting tool;  Maintain and administer the electronic reporting tool database by adding and removing users and assigning roles;  Maintain and administer the Standards and Regulations SharePoint page;  Configure and maintain investigation recommendations and audit trackers on the digital platform;  Configure, review and update electronic continuous improvement feedback forms;  Provide input into the annual budgeting process.
 Safety Committees and Work Groups - Participate in relevant external safety-related committees i.e.: Civil Air Navigation Services Organization (CANSO) Africa Safety working group;  Civil Aviation Regulations Committee (CARCom) sub-committees & work groups;   National Airspace Committee (NASCOM) and sub-committees; Air Traffic Service Incident Analysis Group (AIAG); IATA Technical Action Group (TAG); Local RWY safety teams (LRST); and Airlines Association of South Africa (AASA);  Review and provide input to CARCOM's proposed regulations and technical standards;  Conduct research based on proposed regulatory changes, and review and provide input on the sub-committee’s working papers;  Review and provide input to NASCOM proposals;  Conduct tasks assigned by CARCom and NASCOM sub-committee to any relevant work group;  Provide ATNS responses at Tactical Action Group (TAG) to AIAG recommendations;  Attend and participate in all relevant ATNS internal meetings (RRC meetings, SRB, SAG etc.); Prepare reports for the Safety Review Board (SRB) and Safety Action Group (SAG) by reviewing all safety events to extract high-risk events and outstanding recommendations as well as outstanding safety audit data;   Provide input to documentation submitted to the Management Committee (MANCOM), the Executive Committee (EXCO), the Strategic Programmes, Information and Technology Committee (SPITC), and the Board.
Manage safety statistics - Update investigation and audit trackers for statistics compilation;  Analyse safety data and produce safety statistics and graphs;  Generate safety reports for various internal committees.
Participate in projects - Provide subject matter expertise on safety and regulations to all relevant projects within ATNS;  Conduct oversight and assurance activities on the commissioning and decommissioning of new ATSUs.
 
Minimum requirements
Minimum Formal Qualifications:
  •     Validated Approach Controller 
  •    Validated On-the-Job-Training-Instructor (OJTI)
  •     IATA Diploma in Safety Management
  •    Formal tertiary qualification in Business Management/Leadership or related field is an advantage
 
Minimum Years of Experience: 
  •  Minimum 5 years’ experience as a validated Approach/Area Surveillance or Aerodrome (FAOR/FACT) Controller with a working knowledge of the  Safety Management System and the application thereof in an Air Traffic Services (ATS) environment
  • Safety event investigation training and experience is an advantage
 
If you have not been contacted within 3 weeks of the closing date of this advert, please accept that your application was unsuccessful.
 
ATNS is an equal opportunity employer that strives to achieve a diverse workforce broadly representative of our people. This position will be filled in line with the objectives of ATNS’ Employment Equity Plan and therefore candidates from designated groups as per the Employment Equity Act of 1998, are encouraged to apply.
People with disabilities are encouraged to apply.
 
APPLY