Policy and Standards Analyst
RUN with purpose
As market leader in enterprise application software, SAP helps companies of all sizes and industries innovate through simplification. From the back office to the boardroom, warehouse to storefront, on premise to cloud, desktop to mobile device – SAP empowers people and organizations to work together more efficiently and use business insight more effectively to stay ahead of the competition. SAP applications and services enable customers to operate profitably, adapt continuously, and grow sustainably.
Security and Privacy are vital components of SAP Ariba's success as a cloud company. Our customers entrust us with their Confidential Business Transactional Data and some Personally Identifiable Information because of the value that we add by processing that data for them. If you want to be a game changer in building confidence in the cloud for our customers, consider joining our team. We are looking for ambitious people who thrive in a dynamic environment, and are passionate about security and ready for a challenge. Success will depend upon building rapport and credibility with multiple stakeholders across SAP Ariba. As a leader in Cyber Security, this candidate will have opportunities to mentor, support, and contribute to goals and initiatives that ensure the secure usage of technology, industry standards, and best practices.
SAP Ariba’s Security, Privacy and Governance (SPG) team is responsible for identifying, assessing and managing threats, vulnerabilities, and associated risks to Ariba’s information assets and resources. This includes providing expertise and partnership with operating and maintaining various integrated security technologies to protect the integrity, confidentiality and availability of all information resources throughout a highly distributed cloud environment.
The Policy and Standards analyst is accountable for driving the Security and Privacy policies in line with industry frameworks and SAP policies. This will involve baselining and gap analysis against industry standards and best practices. The analyst must also stay abreast of new developments in Information Security related technologies and practices both internal and external to SAP, to assess them and measure the potential business impact. The analyst will also be responsible for maintaining Security and Privacy awareness across the business.
- Maintain SAP Ariba Security and Privacy policies and standards in line with industry frameworks (ISO, NIST, ISF, OWASP, etc.) and SAP policies. On a minimum 12 monthly basis, review each policy with the key stakeholders and update under change control as appropriate.
- Perform baselining and gap-analysis against industry standards and best practices
- Draft new or changed policy documents, and store and track them, while adhering to SAP's document lifecycle procedures with archival as necessary.
- Assist departmental stakeholders to develop and or maintain documents such as process maps, procedures for standard operations, job aides or guides, and related items.
- Manage review and approval workflow for policy documentation with process owners, business owners and subject matter experts.
- Ensure that there is adherence to established policies across the SAP Ariba enterprise, working closely with other Security, Privacy and Governance team members.
- Support the remediation of any outstanding regulatory issues / or deficiencies in the current compliance state versus regulatory or certification control requirements.
- Work closely with cross-functional team members to develop training presentations and computer-based training modules.
- Act as a Security champion to raise awareness of Security and Privacy and deliver training programs to the SAP Ariba internal and external workforce.
- Communicate security policy changes to the business and ensure that the relevant departments make an impact assessment of the changes
- Provide consultancy on risk management matters and advise on the implementation of security controls
- Oversee security standards compliance metrics and reporting and provide reliable and regular updates while highlighting key issues; assist the Chief Security Office to prepare for and run the monthly Security and Privacy Board sessions.
- Monitor developments in Information Security related technologies and practices to ensure that new developments are assessed and potential business impact is measured
- 5+ years of experience in information security audits and risk management.
- Knowledge of Cloud Security concepts, techniques, tools, methods and practices including DLP, encryption, vulnerability management, GRC, segregation of duties, production change management, software development, incident handling, and data transmission integrity.
- Understanding of technology use, trends and risks in a business context and environment.
- Demonstrated experience working with regulatory requirements and standards (PCI-DSS, SOC 2, BSI, GDPR etc.) and frameworks (ISO 27000, COBIT, ITIL, NIST, ISF, OWASP, etc.).
- The ability to communicate complex security risks to non-technical staff
- Must have a strategic mind-set to ensure a clear focus on the go forward agenda and the ability to apply risk based decisions balancing cost/opportunity and risk.
- Strong verbal and written communication skills and ability to influence others
- Skill at writing policies and guidance documents and conducting investigations.
- Experience with Technical writing and working with various authoring tools such as Adobe RoboHelp
- Capable of producing high quality output and documentation with attention to detail and following best in class design and delivery methods, tools and standards.
- Strong data analytics and reporting skills and able to collect, analyze and represent data to senior stakeholders.
The ideal candidate will also have the following qualifications and skills:
- Successful track record of working with service providers to achieve business goals
- Excellent planning ability and business acumen
- Able to see the “big picture” and contribute to the development of the operations runbook
- Must be organized and goal/execution oriented
- Bachelor’s Degree in MIS, Computer Science, or other related field.
- At minimum one of the following industry certifications: CISSP, CRISC, CISA, CISM, CRMA
SAP'S DIVERSITY COMMITMENT
To harness the power of innovation, SAP invests in the development of its diverse employees. We aspire to leverage the qualities and appreciate the unique competencies that each person brings to the company.
SAP is committed to the principles of Equal Employment Opportunity and to providing reasonable accommodations to applicants with physical and/or mental disabilities. If you are interested in applying for employment with SAP and are in need of accommodation or special assistance to navigate our website or to complete your application, please send an e-mail with your request to Recruiting Operations Team (Americas: Careers.NorthAmerica@sap.com or Careers.LatinAmerica@sap.com, APJ: Careers.APJ@sap.com, EMEA: Careers@sap.com). Requests for reasonable accommodation will be considered on a case-by-case basis.
EOE AA M/F/Vet/Disability:
Qualified applicants will receive consideration for employment without regard to their age, race, religion, national origin, gender, sexual orientation, gender identity, protected veteran status or disability.
Nearest Major Market: San Jose
Nearest Secondary Market: Palo Alto
Job Segment: ERP, Law, Risk Management, Computer Science, SAP, Technology, Legal, Finance
ERP, Financials, Business Intelligence, Procurement, HCM, SCM, business, planning, efficiency, sustainability, innovation, analytics, reporting, dashboarding
Company Type: Public Company
Company Size: 10,001+