Responsibilities include referencing direction set by the Corporate Information Security team and the in-application security team, applying the security control standards and practices to be embedded within each system and environment, coordinating with cross functional teams for alignment, and establishing practices for validation of controls throughout the design and delivery lifecycle.
A security and risk expert, the SEC BIS (and their team) will be tasked with driving consumption and adoption of the existing CIS security services suite, identifying security gaps and needs for expanding the service set, promoting vulnerability management / patching of platforms & infrastructure, facilitating business & technology risk decisions, managing compliance related activities, and ensuring technical recovery & resiliency.
The SEC Security team will accomplish these responsibilities by tapping CIS on staff experts and working with a cross functional team of information security specialists that collectively execute on essential job functions, balancing business & risk drivers, and by effectively communicating & influencing at the program management, technical lead, and senior leadership levels.
Contribute to a team of technical experts and specialists whose mission is:
Provide critical input and guidance to ensure that the SEC program is aligned appropriately with Corporate Information Security when considering key priorities such as business requirements, industry threat landscape, and business risk appetite.
Work closely with SEC work streams end-to-end in releasing secure and compliant infrastructure, applications and experiences at the speed of business.
Partner with business and technology to provide expert security guidance into design and implementation of SEC’s capabilities.
Consult with both technology and business teams to identify priorities and security capability requirements, and incorporate these requirements into the security strategy.
Strong technical knowledge and confidence in communicating with highly technical audiences.
Extremely strong written and verbal communication skills and an ability to communicate across all areas and levels of the business.
Proven ability to pull a diverse group of individuals with different goals together and facilitate productive discussions driving towards results.
Excellent analytical and problem-solving skills.
Proven experience in identifying solutions for complex problems in enterprise environments.
Motivated self-starter who is has a track record of taking ownership of information security challenges and driving them to resolution.
Minimum 8 years' experience in information security or information technology disciplines.
Recent security experience with major large global enterprise, complex high-end SAP implementations.
Information security experience with SAP S4 Hana, SAP S4 Finance, and SAP S4 Fashion required.
Deep subject matter expertise with SAP Security Industry Best Practices, SAP Security Tools, Non-SAP Security complimentary tools, and expert level knowledge of SAP GRC.
Working knowledge of compliance controls, legal and regulatory laws, and requirements in relation to SAP.
CISSP, CHH, OSCP, OSCE, GPEN, CPT certifications highly beneficial.
Typically requires a Bachelor’s Degree and minimum of 8 or 9 years directly relevant work experience.
Bachelor's degree in Computer Science or Business Information Management or equivalent work experience.
Note: One of the following alternatives may be accepted: PhD or Law + 6 yrs; Masters + 7 yrs; Associates degree + 9 yrs; High School + 10 yrs.