Security Specialist - Compliance at Sage

Job Description  

•  We are looking for a person with a strategic mindset, and excellent stakeholder management skills, who can help us to define and deliver a compelling approach to security governance, risk and compliance (GRC). As part of the Information Security Compliance team, you will be working under the guidance of the a new Director of Security GRC, and together you will drive transformational change in how we manage security risks across our regions, business functions and associated Sage products.
• You likely don’t think of yourself as a security traditionalist. You understand what underpins a successful GRC approach but you’re looking for an opportunity to rip up the playbook and take a new and more radical approach. You will be passionate about using your influence to reach data-driven decisions and enable measurement of success against Sage’s Cyber Security Strategy. Motivated by challenging the status quo, you will have the business knowledge to change the way work is performed. You will build strong relationships across the security function and strengthen connections to the wider business, delivering the highest standard of support to Sage’s business functions.
• Currently the Global Information Security team is embarking on a new journey to build and embed new threat-based risk assessments processes for global and regional initiatives whilst also elevating cyber security within the business. You are part of the compliance function of Global Security, responsible for the new and bold security strategy and representing Global Security for their respective regions and meeting the demand from multiple compliance needs across the business (including, but not limited to SOC2, ISO 27001 and PCI-DSS).

Key Responsibilities  

•  Act as a local point of contact and representative of security for business functions, in the South Africa regions, building relationships with and win the confidence of senior stakeholders across the Group.
•  Lead the delivery of risk-based security compliance initiatives for key Sage Products.
•  Contribute to the management of Security Standards and Policy frameworks as well as a Cyber Security Training & Awareness Programme.
•  Provide local management and guidance of the South Africa Compliance Programs, SOC-1, SOC-2, PCI DSS, ISO 27001.
•  Suggest and positively impact the scope, coverage, performance of the South Africa Compliance Programs.
•  Co-ordinate compliance programs with both Internal stakeholders, and external auditors.  Maintain a good awareness of the changing threat landscape by participating in and sometimes contributing to relevant security groups, forums, or conferences
•  Strive to find innovations in the ways that we support the demands of our customers and new prospects.
•  Support the Info-Sec concerns and issues of our local and growing Customer base in South Africa.
•  Identify security risks and influence changes to business processes.
•  Positively impact the other Information Security teams and support them in their needs.

Skills & experience:

•  Experience designing and/or operating an ISMS that aligned to the requirements of ISO27001  Candidate will have managed PCI-DSS compliance programs previously (essential)
•  Familiar working in an agile, Dev_Sec_Ops environment (essential)
•  Experience in implementing and maintaining information security management systems for public cloud based online services, (IaaS, PaaS). (essential)
•  Strong analytical skills, highly organised and excellent communication, and presentation skills. (essential)
•  Good documentations skills, capable of writing strong guidelines and standards. (essential)
•  Candidate must embrace new ways of working, understanding that remote working is required, and will often be working with geographically dispersed teams (essential)
•  Understanding of the challenges of information security compliance in complex, global organisation.
•  Awareness of secure development and secure operations practices.
•  Project management skills to support multiple complex assignments.