Principal Security Specialist Job Description: To drive improvements in the end-to-end product/system lifecycle spanning the whole SDLC and post launch operations, covering major strategic customer-facing products and internally developed colleague-facing applications. To work with security champions to develop a strong security culture and capability and to evolve the security champions program as a whole. To ensure that new product/system releases are secure and that vulnerabilities discovered in live products and systems are quickly and effectively addressed. ***This is a hybrid role - three days per week in our Bangalore office.*** Key Responsibilities: Responsibilities 1. Working with Security Champions to develop a strong security capability in teams and improving the effectiveness of the overall Security Champion program 2. Driving continual improvement in the secure software development lifecycle and supporting our drive to a modern DevSecOps approach 3. Acts as the main point of contact on security issues for Product Delivery and EAD teams on major strategic groups of products/systems 4. Assessing major strategic groups of Sage products, application or systems to identify security weaknesses and creating improvement plans where required 5. Supporting security compliance as it relates to assigned products 6. Identifies the need for new tools and vendors and leads their evaluation 7. Drives significant improvement in key processes/standards and designs and implements new processes/standards 8. Contributes to performance evaluation and technical mentoring of junior team members 9. Provides technical security leadership for significant projects or workstreams 10. Active contributor to relevant industry bodies, conferences, open-source projects etc. Skills & experience 1. Significant experience in implementing security in the software development lifecycle 2. Experience in implementing security in public cloud based SaaS applications 3. Proficiency in English – written and verbal 4. Experience of working with geographically dispersed teams 5. Experience working in an agile, DevOps/DevSecOps environment 6. Experience in security operations 7. Experience of formal compliance frameworks (e.g. SOC, ISO27001, PCI or similar) 8. Relevant professional security qualification such a CISSP, CSSLP or similar 9. Relevant degree and >8 years commercial experience #LI-RS2 Function: Global Information Security Country: India Office Location: Bangalore Work Place type: Hybrid Advert Working at Sage means you’re supporting millions of small and medium sized businesses globally with technology to work faster and smarter. We leverage the future of AI, meaning business owners spend less time doing routine tasks, like entering invoices and generating reports, and more time pursuing their ambitions. Our colleagues are the best of the best. It’s why we were awarded 2024 Best Places to Work by Glassdoor. Because to achieve extraordinary outcomes, we need extraordinary teams. This means infusing Sage with people who knock down barriers, continuously innovate, and want to experience their potential. Learn more about working at Sage:sage.com/en-gb/company/careers/working-at-sage/ Watch a video about our culture:youtube.com/watch?v=qIoiCpZH-QE We celebrate individuality and welcome you to join us if you embrace all backgrounds, identities, beliefs, and ways of working. If you need support applying, reach out atcareers@sage.com. Learn more about DEI at Sage:sage.com/en-gb/company/careers/diversity-equity-and-inclusion/ Equal Employment Opportunity (EEO) Sage is committed to Equal Employment Opportunity and providing reasonable accommodations to applicants with physical and/or mental disabilities. In order to provide equal employment and advancement opportunities to all individuals, employment decisions at Sage will be based on merit, qualifications, and abilities. Sage does not discriminate in employment opportunities or practices on the basis of race, color, religion, sex, national origin, age, protected disability, veteran status, sexual orientation, gender identity, genetic information, or any other characteristic protected by applicable law.