1+ months

Security Risk Response Leader

Weiser, ID 83672

Requisition ID: 270844
Work Area: Information Technology
Expected Travel: 0 - 10%
Career Status: Management
Employment Type: Regular Full Time


SAP started in 1972 as a team of five colleagues with a desire to do something new. Together, they changed enterprise software and reinvented how business was done. Today, as a market leader in enterprise application software, we remain true to our roots. Thats why we engineer solutions to fuel innovation, foster equality and spread opportunity for our employees and customers across borders and cultures.

SAP values the entrepreneurial spirit, fostering creativity and building lasting relationships with our employees. We know that a diverse and inclusive workforce keeps us competitive and provides opportunities for all. We believe that together we can transform industries, grow economics, lift up societies and sustain our environment. Because its the best-run businesses that make the world run better and improve peoples lives.


SAP is seeking a Security Risk Response Leader that will work with our internal teams and various Lines of Businesses (LoBs) to formulate, quantify and track risk mitigation plans. Specifically, the candidate will create, maintain, and enhance risk reduction initiatives and drive report output for key security and compliance threat vectors such as infrastructure and compliance risk, third party suppliers, security incidents, data transfers, vulnerability assessments, system entitlements, etc. In addition to construction and management of the risk mitigation and response lifecycle, this individual will be fundamental in interpreting the data as a subject matter expert adding value to SAPs overall Integrated Risk Management framework. The candidate will collaborate with key partners across the organization and distill information into management and executive-level reporting. The candidate will have a strong understanding of security and compliance related risks and controls, and effectively collaborate with multiple stakeholders.

Job duties and Key Activities:

The responsibilities of this job include, but are not limited to:

Leading the administration and regular enhancement of SAPs risk-based mitigation program and processes designed to help ensure compliance with laws, regulations, internal and external audits (Such as SOC1, SOC2, ISO 27001, internal audits, etc.), and detect and prevent potential non-compliance, and any other related SAP requirements

Collaborate with internal departments and various LoBs to analyze, communicate and make recommendations with respect to regulatory requirements

Driving the process of assessing, monitoring, and mitigating compliance risks across various SAP LoBs by developing, enhancing and executing the risk mitigation and response program to include compliance audits (internal, external, and customer audits), including the performance of mitigated changes, with potential coordination and management of internal and/or external resources as warranted and in collaboration with other assurance functions (e.g., Internal Audit and GR&AS); This will require personal engagement in the conduct of such activities, as well as management of the teams performance implementation of these activities

Leading the phased development and execution of relevant risk mitigation activity and ongoing evolution to aid our ability to assess the effectiveness of SAPs compliance program elements.

The job further requires the Security Risk Response Leader to:

Maintain strong subject matter expertise through learning and engagement in external programs and conferences and relevant benchmarking to provide sound advice and guidance to business partners regarding compliance policy, processes and issue management, and in the development of team

Mentor and coach risk response team members

Serve in leadership roles related to special projects and other initiatives

Design and deliver meaningful, accurate and effective presentations to senior management and ensure follow-up on any areas that require corrective action

Oversee the management and maintenance of various tools and data streams related to risk mitigation and response

Assist in preparation for all external inquiries and audits and/or internal reviews of systems or processes

Identify, develop and help implement enhanced mitigation and response controls as warranted

Be able to handle all matters as confidential, demonstrate an ability to effectively and continually prioritize, and identify new issues requiring attention in a risk-based manner and help drive resolution within and beyond scope of responsibility

Additionally, this role requires the ability to identify matters that require elevation to senior management on mitigation of risk and improving the effectiveness of the compliance program

Qualification, Education, Experience:


Knowledge of compliance laws, rules, regulations, risks and typologies

Must be a self-starter, flexible, innovative and adaptive

Strong interpersonal skills with the ability to work collaboratively and with people at all levels of the organization

Strong written and verbal communication and interpersonal skills

Ability to both work collaboratively and independently; ability to navigate a complex organization

Advanced analytical skills

Ability to both works independently and collaborate with team members

Excellent project management and organizational skills and capability to handle multiple projects at one time

Proficient in MS Office applications (Excel, Word, PowerPoint)

Demonstrated knowledge in area of focus

Relevant certifications desirable (CISA, CRISC, CISSP, CISM)


Undergraduate degree required, knowledge of NIST and FAIR frameworks preferred.


At least 10 years of professional work experience is required. Progressive work experience in System Architecture, Management consulting experience at one of Big 4 consulting in the area of compliance, security, and system architecture is strongly preferred. Compliance risk management and monitoring/auditing experience with a global company and consulting firm with emphasis in auditing is required.


Success is what you make it. At SAP, we help you make it your own. A career at SAP can open many doors for you. If youre searching for a company thats dedicated to your ideas and individual growth, recognizes you for your unique contributions, fills you with a strong sense of purpose, and provides a fun, flexible and inclusive work environment apply now.

To harness the power of innovation, SAP invests in the development of its diverse employees. We aspire to leverage the qualities and appreciate the unique competencies that each person brings to the company.

SAP is committed to the principles of Equal Employment Opportunity and to providing reasonable accommodations to applicants with physical and/or mental disabilities. If you are in need of accommodation or special assistance to navigate our website or to complete your application, please send an e-mail with your request to Recruiting Operations Team (Americas:Careers.NorthAmerica@sap.comorCareers.LatinAmerica@sap.com, APJ:Careers.APJ@sap.com, EMEA:Careers@sap.com).

Successful candidates might be required to undergo a background verification with an external vendor.

Additional Locations:

Job Segment: Risk Management, ERP, Consulting, Law, Finance, Security, Technology, Legal


Posted: 2020-12-01 Expires: 2021-02-04

Before you go...

Our free job seeker tools include alerts for new jobs, saving your favorites, optimized job matching, and more! Just enter your email below.

Share this job:

Security Risk Response Leader

Weiser, ID 83672

Join us to start saving your Favorite Jobs!

Sign In Create Account
Powered ByCareerCast