Information Security Third Party Risk - SAP Global Security and Cloud Compliance

Job Description

Requisition ID: 453238

Work Area: Information Technology

Expected Travel: 0 - 10%

Career Status: Professional

Employment Type: Regular Full Time

Career Level: T2

Hiring Manager: Zoltan Waag

Recruiter Name: Stephanie Muller

YOUR FUTURE ROLE

Our mission of the SAP Global Security and Cloud Compliance (SGSC) organization is to strengthen the security foundation for SAP, fitting for a world class enterprise software company. Security and Compliance is a critically necessary requirement for the success at SAP's transformation in the areas of cloud, Al, and sustainability, both internally and externally for SAP's customers. The Role within Information Security Risk Management is part of the Global Security Compliance and Risk unit which encompasses Governance, Compliance and Certification, as well as Information Security Risk Management.

Information Security Risk Management aims to proactively safeguard our organization's assets, reputation, and stakeholders by improving the risk culture for behaviour towards, risk taking, negative outcomes, and policy compliance by enhancing trust and risk mitigation while protecting the core values of our organization at all times​.

This position as Information Security Third Party Risk Specialist offers the unique opportunity to contribute to the Information Security Risk Management Strategy while providing significant value to our business stakeholders. You'll be part of an international, diverse team, working in a role that's pivotal to our continued security and compliance posture.

What you'll do

• Perform Inherent Risk Assessments with the Line of Business Units for the services to be provided by third parties to identify the relevancy of the risk based on security, privacy and compliance.
• Perform Information Security Risk Assessments to the third parties that provide relevant services to SAP, evaluate responses, technical and non-technical evidences and raise potential findings.
• Track timelines of identified findings on a periodic basis to ensure the remediation of controls gaps.
• Communicate efficiently the results of the different risk assessments to the relevant stakeholders: third parties, Line of Business Units, BISO/risk coordinators.
• Follow-up the status of the risk assessments, findings and security agreements, and appropriately escalate to the relevant stakeholders when needed.

What you bring

• Professional working experience within Cyber Security, Supply Chain, Cloud and Application Securityand/or Information Security Risk functions and processes.
• Knowledge in Information Security, Cloud and/or AIrelated frameworks (ISO 27001, ISO 27017, ISO 42001, NIST CSF, etc.)
• Stakeholder engagement/management: communicate clearly and convincingly with different stakeholders.
• Demonstrate accountability, transparency, integrity, and a team-oriented approach.
• good communication and presentation skills.
• Proven experience working in cyber security risk operations or risk management operations functions.
• Fluent written and spoken English skills.

We help the world run better
At SAP, we keep it simple: you bring your best to us, and we'll bring out the best in you. We're builders touching over 20 industries and 80% of global commerce, and we need your unique talents to help shape what's next. The work is challenging – but it matters. You'll find a place where you can be yourself, prioritize your wellbeing, and truly belong. What's in it for you? Constant learning, skill growth, great benefits, and a team that wants you to grow and succeed.

We win with inclusion
SAP’s culture of inclusion, focus on health and well-being, and flexible working models help ensure that everyone – regardless of background – feels included and can run at their best. At SAP, we believe we are made stronger by the unique capabilities and qualities that each person brings to our company, and we invest in our employees to inspire confidence and help everyone realize their full potential. We ultimately believe in unleashing all talent and creating a better world.

SAP is committed to the values of Equal Employment Opportunity and provides accessibility accommodations to applicants with physical and/or mental disabilities. If you are interested in applying for employment with SAP and are in need of accommodation or special assistance to navigate our website or to complete your application, please send an e-mail with your request to Recruiting Operations Team: Careers@sap.com. Requests for reasonable accommodation will be considered on a case-by-case basis.

For SAP employees: Only permanent roles are eligible for the SAP Employee Referral Program, according to the eligibility rules set in the SAP Referral Policy. Specific conditions may apply for roles in Vocational Training.

Successful candidates might be required to undergo a background verification with an external vendor.

AI Usage in the Recruitment Process

For information on the responsible use of AI in our recruitment process, please refer to our Guidelines for Ethical Usage of AI in the Recruiting Process.

Please note that any violation of these guidelines may result in disqualification from the hiring process.

Additional Locations: