Job Description
To drive improvements in the end-to-end product/system lifecycle spanning the whole SDLC and post launch operations, covering major strategic customer-facing products and internally developed colleague-facing applications. To work with security champions to develop a strong security culture and capability and to evolve the security champions program as a whole. To ensure that new product/system releases are secure and that vulnerabilities discovered in live products and systems are quickly and effectively addressed.
***This is a hybrid role - three days per week in our Bangalore office.***
Responsibilities
- Working with Security Champions to develop a strong security capability in teams and improving the effectiveness of the overall Security Champion program
- Driving continual improvement in the secure software development lifecycle and supporting our drive to a modern DevSecOps approach
- Acts as the main point of contact on security issues for Product Delivery and EAD teams on major strategic groups of products/systems
- Assessing major strategic groups of Sage products, application or systems to identify security weaknesses and creating improvement plans where required
- Supporting security compliance as it relates to assigned products
- Identifies the need for new tools and vendors and leads their evaluation
- Drives significant improvement in key processes/standards and designs and implements new processes/standards
- Contributes to performance evaluation and technical mentoring of junior team members
- Provides technical security leadership for significant projects or workstreams
- Active contributor to relevant industry bodies, conferences, open-source projects etc.
Skills & Experience
- Significant experience in implementing security in the software development lifecycle
- Experience in implementing security in public cloud based SaaS applications
- Proficiency in English written and verbal
- Experience of working with geographically dispersed teams
- Experience working in an agile, DevOps/DevSecOps environment
- Experience in security operations
- Experience of formal compliance frameworks (e.g. SOC, ISO27001, PCI or similar)
- Relevant professional security qualification such a CISSP, CSSLP or similar
- Relevant degree and >8 years commercial experience
