SAP started in 1972 as a team of five colleagues with a desire to do something new. Together, they changed enterprise software and reinvented how business was done.
Today, as a market leader in enterprise application software, we remain true to our roots. That’s why we engineer solutions to fuel innovation, foster equality and spread opportunity for our employees and customers across borders and cultures.
SAP values the entrepreneurial spirit, fostering creativity and building lasting relationships with our employees. We know that a diverse and inclusive workforce keeps us competitive and provides opportunities for all.
We believe that together we can transform industries, grow economics, lift up societies and sustain our environment. Because it’s the best-run businesses that make the world run better and improve people’s lives.
Security Governance Lead Enterprise Cloud Services
In your role as Security Governance Lead you will redesign the ECS Security Governance Framework, focusing on security service management (incl.
Vulnerability management and patch management), strategical and operational information security and NIST Cybersecurity Framework (CSF).
You will drive the strategic development of our key processes by working with Delivery, TechOps, Service and Product Engineering teams around our Private Cloud environment.
You will report directly to ECS Chief Security Officer and you will support the CSO office, responsible for the effective and efficient security strategy, security programs and services.
The role starts as an Individual contributor but can develop in a management position where you will develop your own team in the following years.
The Role :
Redesign the Security Governance Framework that will enable better collaboration and efficiency between Security teams inside ECS.
Work together with the Security Delivery and Service Engineering team to redesign our Security Notes / Patch Management Process
Monitor NIST L3 compliance from CSO Office perspective and prepare a plan for achieving NIST L4.
Work together with Vulnerability Management teams and get commitments from different stakeholders that these are mitigated.
Work together with the Head of Defensive Architecture to automate live feeds into management dashboards and to redefine our internal processes / procedures.
Work together with the Partner Management team to translate our security best practices and NIST CSF controls to Premium Suppliers and make sure we are aligned as One ECS in regards to the service we offer.
Work together with Cloud Application Services and Product Engineering teams and design new services as part of our RISE with SAP programme.
Document our processes, the way we operate, team ambitions etc and redesign our internal CSO Office pages
Identify risks around our processes, document them in the risk register and keep track together with ECS Risk Mgmt team.
Role Requirements :
4-7 years of experience in Security Governance and Security Compliance related functions
Experience with NIST Cybersecurity Framework, SOC and ISO 27001 standards
Experience in writing policies and procedures that will guide teams in their operations and define how to better collaborate to make processes like Vulnerability Management, Patch Management or Incident Response more efficient
Experience with Identity Governance concepts in a Private / Public cloud environment
Experience with a MSSP model in a public / private cloud environment - shared responsibility with customers
Professional security management certification is desirable, such as Certified Information Systems Security Professional (CISSP), Certified in Governance of Enterprise IT (CGEIT), Certified Information Security Manager (CISM), or other similar credentials
Fluent in both spoken and written English
About the team :
Enterprise Cloud Services (ECS) is a business unit in the Product Engineering Board Area. Enterprise Cloud Services supports customers throughout their cloud transformation and SAP S / 4HANA adoption journey.
We run the Intelligent Enterprise so they can be an Intelligent Enterprise. Our portfolio of SAP HANA Enterprise Cloud and SAP Cloud Application Services turns SAP products into a solution-as-a-service on customer’s preferred infrastructure, including Hyperscalers, as one SAP.
Possible locations for this position : Bucharest, Romania; Sofia, Bulgaria; Budapest, Hungary; Monterrey, Mexico; Sao Paolo, Sao Leopoldo - Brazil;
Bangalore, Pune, Gurgaon - India.