Security and Compliance Associate

We help the world run better

Our company culture is focused on helping our employees enable innovation by building breakthroughs together. How? We focus every day on building the foundation for tomorrow and creating a workplace that embraces differences, values flexibility, and is aligned to our purpose-driven and future-focused work. We offer a highly collaborative, caring team environment with a strong focus on learning and development, recognition for your individual contributions, and a variety of benefit options for you to choose from. Apply now

Summary
Cloud Lifecycle Management Application Management team is providing central tools and architectures for provisioning and operating various SAP Cloud solutions. One of our main tools is the Service Provider Cockpit (SPC), which is the de-facto standard suite for service operations in SAP’s major cloud units like S/4HANA, C/4HANA, HANA Enterprise Cloud, HCM and others. In addition to managing SAP’s inhouse IaaS platforms, SPC is also used to orchestrate workloads on all major hyperscalers (Azure, AWS, GCP, Ali Cloud). 
 
The team drives the design, implementation and “productization” of the key lifecycle management services required to drive operations excellence for SAP’s cloud delivery
 
The Role
•    SPC Operations’ key responsibility is to manage and operate various cloud products running on HANA Database for our global OnDemand customers.
•    Operations needs to ensure the various productive assets are running well according to agreed SLAs and being operated in secure and a compliant manner.
 
Role Requirements:
•    Perform security and compliance assessments on new and existing infrastructure and applications to ensure adherence and effective controls are in place.
•    Implement existing and new compliance requirements.
•    Collaborate with stakeholders to ensure corrective actions are in place; document lessons learned.
•    Provide support in due-diligence and third party risk assessment efforts.
•    Ensure adherence of risk policies with required standards.
•    Provide reports on analysis and corrective actions in the event of security incidents and alerts.
•    Support internal and external audit processes, as needed.
•    Brings technical or application expert knowledge into the operation
•    Takes the full responsibility for the adherence of the audit controls and is accountable for the success
•    Drive Operational efficiency and productization
•    Own operational tasks, escalations, and process improvements.
•    Working closely with Internal/External Stakeholders, Development Architects/Managers & developers, across locations, to ensure timely delivery of tasks related to any controls.
•    Participate and contribute towards organization’s goals and objectives, collaborating with multiple teams and solutions.
 
Key Responsibilities:
•    Document policies, procedures, and guidelines in accordance with regulatory and business requirements.
•    Support security and compliance assessments, and collaborate with stakeholders to close identified gaps.
•    Be able to demonstrate knowledge for audit, risk management, or SoX controls.
•    Demonstrates proactive engagement to address identified risks and issues and to solve problems with moderate to high complexity.
•    Works independently and collaboratively, able to take sole responsibility for driving end-to-end projects.
•    Has advanced functional skills and special knowledge in several areas such as IT automations.
•    Utilizes demonstrated creativity and specialist professional knowledge to deliver high quality results & solutions.
•    Works as a role model within team and demonstrates thought professional judgement, best practices concepts and strategies. 
 
Work Experience:
•    Experience must involve minimum of two (2) years in the following:
•    Technology Risk Assessment
•    IT Audit and Compliance Operations
•    User Access Management
•    Project Management
•    IT System Architecture and
•    Network Security is a plus
•    Candidate will have 2+ years of functional experience in IT auditing, risk management, SoX internal controls, or similar relevant roles
•    General knowledge of the International Standards for the professional practice of Internal Auditing over IT Applications
•    Experience and exposure to Cloud Operations, Networking and Server Management.
•    Expert knowledge of Openstack, Linux, Security Group/Rules, etc.
•    Experience in operating/administering SAP Basis/ NetWeaver stack and Cloud Native Technologies is an advantage
•    Good understanding of Virtualization, Storage and Network, Containers, etc
•    Experience or exposure to SAP HANA or other Database technologies is an advantage.
•    Understanding of SaaS and Cloud offerings or products, and related processes is an advantage.
•    Knowledge of IaaS Infrastructures and experience of setting up, working in, and managing virtualized landscapes
•    Expertise in SAP’s Lifecycle Management tools as well as SAP’s operations and support processes is a major plus
 
Expectations & Tasks:
•    Internally recognized for good level knowledge of audit
•    Utilizes demonstrated creativity and specialist professional knowledge to deliver high quality results & solutions
•    Works as a role model within team and demonstrates thought leadership capabilities, best practices concepts and strategies
•    Performs quality reviews of the work of associates and specialists
•    Provides regular updates on assignment outcomes and performs ongoing monitoring of key risks & findings within assigned responsibilities
•    Demonstrates proactive engagement to address identified risks and issues and to solve problems with moderate to high complexity
•    Develops and maintains fundamental network to collaborate effectively within similar functions across SAP
•    Communicates clearly, in a way that others can understand within defined processes & policies, Presents messages/work results to cross-functional colleagues and managers
•    Works independently and collaboratively, Able to take sole responsibility for driving end-to-end projects.
•    Has advanced functional skills and special knowledge in several areas
 
Skills / Competencies
•    Candidate will have 3+ years of functional experience in auditing, risk management, SOX internal controls, or similar relevant roles
•    General knowledge of the International Standards for the professional practice of Internal Auditing
•    Technical Knowledge in SAP products preferred
•    General knowledge of the SoX, ISO or PCI audit, a plus
 
Education and Qualifications
•    Bachelor or higher University Degree in Computer Science or Engineering preferred
•    7-10 years of Experience
•    Exposure to ITIL/ITSM processes are beneficial
•    Security, audit relevant and project management relevant experience is a major plus
 

We build breakthroughs together

SAP innovations help more than 400,000 customers worldwide work together more efficiently and use business insight more effectively. Originally known for leadership in enterprise resource planning (ERP) software, SAP has evolved to become a market leader in end-to-end business application software and related services for database, analytics, intelligent technologies, and experience management. As a cloud company with 200 million users and more than 100,000 employees worldwide, we are purpose-driven and future-focused, with a highly collaborative team ethic and commitment to personal development. Whether connecting global industries, people, or platforms, we help ensure every challenge gets the solution it deserves. At SAP, we build breakthroughs, together.

We win with inclusion

SAP’s culture of inclusion, focus on health and well-being, and flexible working models help ensure that everyone – regardless of background – feels included and can run at their best. At SAP, we believe we are made stronger by the unique capabilities and qualities that each person brings to our company, and we invest in our employees to inspire confidence and help everyone realize their full potential. We ultimately believe in unleashing all talent and creating a better and more equitable world.
SAP is proud to be an equal opportunity workplace and is an affirmative action employer. We are committed to the values of Equal Employment Opportunity and provide accessibility accommodations to applicants with physical and/or mental disabilities. If you are interested in applying for employment with SAP and are in need of accommodation or special assistance to navigate our website or to complete your application, please send an e-mail with your request to Recruiting Operations Team: Careers@sap.com
For SAP employees: Only permanent roles are eligible for the SAP Employee Referral Program, according to the eligibility rules set in the SAP Referral Policy. Specific conditions may apply for roles in Vocational Training.

EOE AA M/F/Vet/Disability:

Qualified applicants will receive consideration for employment without regard to their age, race, religion, national origin, ethnicity, age, gender (including pregnancy, childbirth, et al), sexual orientation, gender identity or expression, protected veteran status, or disability.
Successful candidates might be required to undergo a background verification with an external vendor.

Requisition ID: 390502  | Work Area: Software-Development Operations  | Expected Travel: 0 - 10%  | Career Status: Professional  | Employment Type: Regular Full Time   | Additional Locations: #LI-Hybrid.