SAP started in 1972 as a team of five colleagues with a desire to do something new. Together, they changed enterprise software and reinvented how business was done. Today, as a market leader in enterprise application software, we remain true to our roots. That’s why we engineer solutions to fuel innovation, foster equality and spread opportunity for our employees and customers across borders and cultures.
SAP values the entrepreneurial spirit, fostering creativity and building lasting relationships with our employees. We know that a diverse and inclusive workforce keeps us competitive and provides opportunities for all. We believe that together we can transform industries, grow economics, lift up societies and sustain our environment. Because it’s the best-run businesses that make the world run better and improve people’s lives.
SAP is seeking a Security Risk Response Leader that will work with our internal teams and various Lines of Businesses (LoBs) to formulate, quantify and track risk mitigation plans. Specifically, the candidate will create, maintain, and enhance risk reduction initiatives and drive report output for key security and compliance threat vectors such as infrastructure and compliance risk, third party suppliers, security incidents, data transfers, vulnerability assessments, system entitlements, etc. In addition to construction and management of the risk mitigation and response lifecycle, this individual will be fundamental in interpreting the data as a subject matter expert adding value to SAP’s overall Integrated Risk Management framework. The candidate will collaborate with key partners across the organization and distill information into management and executive-level reporting. The candidate will have a strong understanding of security and compliance related risks and controls, and effectively collaborate with multiple stakeholders.
Job Duties and Key Activities:
The responsibilities of this job include, but are not limited to:
- Leading the administration and regular enhancement of SAP’s risk-based mitigation program and processes designed to help ensure compliance with laws, regulations, internal and external audits (Such as SOC1, SOC2, ISO 27001, internal audits, etc.), and detect and prevent potential non-compliance, and any other related SAP requirements
- Collaborate with internal departments and various LoBs to analyze, communicate and make recommendations with respect to regulatory requirements
- Driving the process of assessing, monitoring, and mitigating compliance risks across various SAP LoBs by developing, enhancing and executing the risk mitigation and response program to include compliance audits (internal, external, and customer audits), including the performance of mitigated changes, with potential coordination and management of internal and/or external resources as warranted and in collaboration with other assurance functions (e.g., Internal Audit and GR&AS); This will require personal engagement in the conduct of such activities, as well as management of the team’s performance implementation of these activities
- Leading the phased development and execution of relevant risk mitigation activity and ongoing evolution to aid our ability to assess the effectiveness of SAP’s compliance program elements.
The job further requires the Security Risk Response Leader to:
- Maintain strong subject matter expertise through learning and engagement in external programs and conferences and relevant benchmarking to provide sound advice and guidance to business partners regarding compliance policy, processes and issue management, and in the development of team
- Mentor and coach risk response team members
- Serve in leadership roles related to special projects and other initiatives
- Design and deliver meaningful, accurate and effective presentations to senior management and ensure follow-up on any areas that require corrective action
- Oversee the management and maintenance of various tools and data streams related to risk mitigation and response
- Assist in preparation for all external inquiries and audits and/or internal reviews of systems or processes
- Identify, develop and help implement enhanced mitigation and response controls as warranted
- Be able to handle all matters as confidential, demonstrate an ability to effectively and continually prioritize, and identify new issues requiring attention in a risk-based manner and help drive resolution within and beyond scope of responsibility
- Additionally, this role requires the ability to identify matters that require elevation to senior management on mitigation of risk and improving the effectiveness of the compliance program.
Qualification, Education, Experience:
- Knowledge of compliance laws, rules, regulations, risks and typologies
- Must be a self-starter, flexible, innovative and adaptive
- Strong interpersonal skills with the ability to work collaboratively and with people at all levels of the organization
- Strong written and verbal communication and interpersonal skills
- Ability to both work collaboratively and independently; ability to navigate a complex organization
- Advanced analytical skills
- Ability to both works independently and collaborate with team members
- Excellent project management and organizational skills and capability to handle multiple projects at one time
- Proficient in MS Office applications (Excel, Word, PowerPoint)
- Demonstrated knowledge in area of focus
- Relevant certifications desirable (CISA, CRISC, CISSP, CISM)
Undergraduate degree required, knowledge of NIST and FAIR frameworks preferred.
At least 10 years of professional work experience is required. Progressive work experience in System Architecture, Management consulting experience at one of Big 4 consulting in the area of compliance, security, and system architecture is strongly preferred. Compliance risk management and monitoring/auditing experience with a global company and consulting firm with emphasis in auditing is required.
WHAT YOU GET FROM US
Success is what you make it. At SAP, we help you make it your own. A career at SAP can open many doors for you. If you’re searching for a company that’s dedicated to your ideas and individual growth, recognizes you for your unique contributions, fills you with a strong sense of purpose, and provides a fun, flexible and inclusive work environment – apply now.
ERP Today is FREE to anyone involved with the ERP sector, and always will be. It is direct mailed to end users, vendors, consultancies and independent professionals.