Want to be notified the moment a job has been posted? Setup Job Alerts
Principal Security Specialist
To have end-to-end accountability for information security for a group for Sage products, application or systems. This will require close working with Live Service Management teams, IT Operations teams and Product Engineering teams. The Principal Security Specialist will continually identify opportunities for improvements in our existing approaches to security and create plans to deliver these improvements.
They will be responsible for monitoring our information security practises to ensure that they remain effective and of the highest standards. Key accountabilities and decision ownership: (8 or 10 max) • Developing a strong information security capability in selected Product Engineering or Enterprise Application Development teams • Driving continual improvement of security operations in Live Service Management or IT Operations teams • Selection of tools and vendors to support information security in the Software Development Lifecycle and Security Operations • Monitoring our information security practises to ensure they remain effective and continually improving • Assessing new and existing Sage products, application or systems to identify weaknesses in our information security approach and creating improvement plans where required • Ensuring that our approach to information management is aligned with all our Sage Values • Ongoing development and embedding of procedures, processes and standards to support the information security policy suite across product operations • Support our drive towards ISO27001 compliance Skills, know-how and experience: Must have: (5 or 6 Max) • Proficiency in English language, verbal and written • Excellent communication and influencing skills • Hands on experience in implementing security in the software development lifecycle • Hands on experience of security operations • Understanding the challenges of information security in a fast-moving agile/devops environment Preferred: (2 or 3 Max) • Experience in implementing information security in public cloud based online products • Experience of formal compliance frameworks (e.g.
SOC, ISO27001, PCI or similar) Technical / professional qualifications: Desirable: • CISSP/CSSLP or similar.