Senior Information Security Compliance Specialist
SAP IoT Startup Accelerator
We help the world run better
Our company culture is focused on helping our employees enable innovation by building breakthroughs together. How? We focus every day on building the foundation for tomorrow and creating a workplace that embraces differences, values flexibility, and is aligned to our purpose-driven and future-focused work. We offer a highly collaborative, caring team environment with a strong focus on learning and development, recognition for your individual contributions, and a variety of benefit options for you to choose from.Apply now!
SAP values the entrepreneurial spirit, fostering creativity and building lasting relationships with our employees. We know that a diverse and inclusive workforce keeps us competitive and provides opportunities for all. We believe that together we can transform industries, grow economics, lift societies, and sustain our environment. Because it’s the best-run businesses that make the world run better and improve people’s lives.
The SAP Public Sector/Government Sr. Audit Specialist is a key partner with SAP External Auditors, as well as internal risk, continuous monitoring, remediation, and cyber compliance program managers. This position is key to safeguarding SAP, its customers, reputation, assets, and the interests of shareholders, by assisting in identifying audit issues, threats, and opportunities for the achievement of business objectives.
We are looking for candidates with specialized experience in government audit program like ITSG-33/Protected B, FedRAMP, PCI DSS, DoD compliance, IRAP CSA and ISMAP with a deep understanding of the public sector regulatory requirements that applies to use of cloud technology services for Federal and DoD customers. This position coordinates within SAP and with others to support all aspects of enhancing the Audit Support process, including but not limited to the implementation, maintenance and monitoring of internal and external audits, the development of audit dashboards as well as tracking and reporting of audit issues, to appropriate levels of management. They will also provide the operational support for the program through monitoring and analysis, and assessment activities in accordance with control objectives and activities.
- Manages the partnership and collaboration with external auditors and collect/report key metrics provided by multiple stakeholders, assist with the development and reporting of key audit dashboards for SAP products.
- Oversees and maintain a centralized audit register and calendar for SAP products.
- Lead the Internal Audit IT risk assessment process and provide input to a risk-based audit plan for SAP products.
- Responsible for coordination of IT audit plan for SAP products
- Develop valuable and positive relationships with the Product Lines of Businesses and other business leaders by offering practical insight on complex issues impacting operations, and system/infrastructure/technology related to SAP products.
- Develop project plans and proposals. Establish timeline, schedule, stages of the project and prepare status reports as required.
- Provide oversight and management of the external Audit Support program to ensure efficient execution and effective collaboration with external auditors related to SAP products.
- Coordinate and support global audit professionals, providing direction and ensuring accomplishment of audits and projects for SAP products.
- Assist audit support leadership in identifying opportunities to improve business processes and IT operations making recommendations to the audit team and to the relevant management teams for SAP products.
- Report status on deliverables
- Determine the impact of systems development and the implementation and use of technology on the operational and control environment (both technology and business functions) for SAP products.
- Facilitate the audit, review and assessment of key processes and controls, as needed For SAP products.
- Assist with reporting to Senior Management, as required.
- Articulates the value and importance of audit, compliance, and risk management in a positive and business-sensitive manner to all business groups and sectors.
Job Specific Specialized Knowledge & Skills
- The candidate must have a broad understanding of business functions and processes, IT processes, systems (e.g., SAP, Oracle, Salesforce), IT general controls and emerging technologies including cloud computing, mobile computing, privacy, and cybersecurity.
- Understanding the role of an auditor, the definition of a high-quality audit and an understanding of expectations of all parties involved in an external audit.
- Understand and align business strategy/objectives and influence decision making through appropriate internal control discussions.
- Utilize quantitative and qualitative skills to analyze data and influence audit response and audit issues management/remediation plans.
- Collaborate with others to promote the exchange of ideas and experience among stakeholders with responsibility for Audit Support and serve as independent voice to help pressure test risk and control levels and appropriate mitigation strategies.
- The candidate must demonstrate proven success in working in a team, as well as independently and exhibit follow-through to understand root causes of issues.
- This position requires handling multiple engagements with overlapping deadlines. A demonstrated ability to write clear, coherent, and precise reports on a multiplicity of complex technical issues is essential.
- Strong stakeholder management skills with a focus on listening to stakeholder and customer needs.
- Effectively innovate and implement policies, procedures, processes, controls, and approaches
- Excellent business and commercial acumen – strong strategic and tactical agility.
- Excellent communications skills, highly developed interpersonal skills, and strong ability to work collaboratively across the organization and obtain positive visibility and credibility quickly.
- Detailed knowledge of IT security Risk Management (ITSG-33).
- Demonstrate experience in the design, implementation and set to work networked security solutions to meet Government of Canada (GC) ITSG-33 security controls for classified projects or solutions.
- Detailed knowledge of industry security standards (e.g., ISO, PCI DSS, SOC 2)
- Ability to work both independently and within group.
- Problem solving skills and ability to work under pressure.
- Understanding of a variety of Vendor security solutions.
- Understanding of network/ web technologies and protocols.
- Through understanding of the latest security principles, techniques, and protocols.
Qualifications & Experience
- Bachelor’s Degree in computer science, Information Systems Management, or other related fields or equivalent experience.
- 4+ years of related professional experience – ideally with big 4 or equivalent audit, consulting, or industry experience
- Industry experience in performing and/or participating with public sector standards and certifications including three of the following FedRAMP, PCI DSS, FISMA, DoD IL2/IL4, Australian IRAP Cyber Security Assessment, ISMAP
- Working knowledge of Cloud IT processes and Cloud IT infrastructure
- Relevant security certifications like CISA, ISA, PCIP, CISSP, CISM are an asset.
- Experienced in the use of cybersecurity frameworks such as NIST, COBIT, ISO etc.
We build breakthroughs together
SAP innovations help more than 400,000 customers worldwide work together more efficiently and use business insight more effectively. Originally known for leadership in enterprise resource planning (ERP) software, SAP has evolved to become a market leader in end-to-end business application software and related services for database, analytics, intelligent technologies, and experience management. As a cloud company with 200 million users and more than 100,000 employees worldwide, we are purpose-driven and future-focused, with a highly collaborative team ethic and commitment to personal development. Whether connecting global industries, people, or platforms, we help ensure every challenge gets the solution it deserves. At SAP, we build breakthroughs, together.
We win with inclusion
SAP’s culture of inclusion, focus on health and well-being, and flexible working models help ensure that everyone – regardless of background – feels included and can run at their best. At SAP, we believe we are made stronger by the unique capabilities and qualities that each person brings to our company, and we invest in our employees to inspire confidence and help everyone realize their full potential. We ultimately believe in unleashing all talent and creating a better and more equitable world.
SAP is proud to be an equal opportunity workplace and is an affirmative action employer. We are committed to the values of Equal Employment Opportunity and provide accessibility accommodations to applicants with physical and/or mental disabilities. If you are interested in applying for employment with SAP and are in need of accommodation or special assistance to navigate our website or to complete your application, please send an e-mail with your request to Recruiting Operations Team: Careers@sap.com
For SAP employees: Only permanent roles are eligible for the SAP Employee Referral Program, according to the eligibility rules set in the SAP Referral Policy. Specific conditions may apply for roles in Vocational Training.
EOE AA M/F/Vet/Disability:
Qualified applicants will receive consideration for employment without regard to their age, race, religion, national origin, ethnicity, age, gender (including pregnancy, childbirth, et al), sexual orientation, gender identity or expression, protected veteran status, or disability.
Successful candidates might be required to undergo a background verification with an external vendor.
Requisition ID: 379263 | Work Area: Information Technology | Expected Travel: 0 - 10% | Career Status: Professional | Employment Type: Regular Full Time | Additional Locations: #LI-Hybrid.
Job Segment: Cloud, Information Security, Cyber Security, ERP, Compliance, Technology, Security, Legal