As an Expert Security Architecture Consultant –SEC/SAP- CIS,
you will join a diverse team of technical experts in building a world-class
security technical advisory and thought-leadership organization providing exceptional
and practical, technical and logistical direction to its internal customers;
enabling the business to move and innovate rapidly while minimizing risks
to the Brand.
Responsibilities include referencing direction set by the
Corporate Information Security team and the in-application security team,
applying the security control standards and practices to be embedded within
each system and environment, coordinating with cross functional teams for
alignment, and establishing practices for validation of controls throughout the
design and delivery lifecycle.
A security and risk expert, the SEC BISO (and their team)
will be tasked with driving consumption and adoption of the existing CIS
security services suite, identifying security gaps and needs for expanding the
service set, promoting vulnerability management / patching of platforms &
infrastructure, facilitating business & technology risk decisions, managing
compliance related activities, and ensuring technical recovery &
The SEC Security team will accomplish these responsibilities
by tapping CIS on staff experts and working with a cross functional team of
information security specialists that collectively execute on essential job
functions, balancing business & risk drivers, and by effectively
communicating & influencing at the program management, technical lead, and
senior leadership levels.
Contribute to a team of technical
experts and specialists whose mission is:
input and guidance to ensure that the SEC program is aligned appropriately with
Corporate Information Security when considering key priorities such as business
requirements, industry threat landscape, and business risk appetite.
Work closely with
SEC work streams end-to-end in releasing secure and compliant infrastructure,
applications and experiences at the speed of business.
business and technology to provide expert security guidance into design and
implementation of SEC’s capabilities.
Consult with both
technology and business teams to identify priorities and security capability
requirements, and incorporate these requirements into the security strategy.
knowledge and confidence in communicating with highly technical audiences.
written and verbal communication skills and an ability to communicate across
all areas and levels of the business.
Proven ability to
pull a diverse group of individuals with different goals together and
facilitate productive discussions driving towards results.
analytical and problem-solving skills.
in identifying solutions for complex problems in enterprise environments.
self-starter who is has a track record of taking ownership of information
security challenges and driving them to resolution.
Minimum 8 years'
experience in information security or information technology disciplines.
experience with major large global enterprise, complex high-end SAP
security experience with SAP S4 Hana, SAP S4 Finance, and SAP S4 Fashion
Deep subject matter
expertise with SAP Security Industry Best Practices, SAP Security Tools,
Non-SAP Security complimentary tools, and expert level knowledge of SAP GRC.
of compliance controls, legal and regulatory laws, and requirements in relation
CISSP, CHH, OSCP,
OSCE, GPEN, CPT certifications highly beneficial.
a Bachelor’s Degree and minimum of 8 or 9 years directly relevant work
in Computer Science or Business Information Management or equivalent work
Note: One of
the following alternatives may be accepted: PhD or Law + 6 yrs; Masters + 7
yrs; Associates degree + 9 yrs; High School + 10 yrs.