Senior Information Security Compliance Specialist

by | Aug 30, 2023 | Uncategorized

Job Description

Title: Senior Information Security Compliance Specialist

Location: Washington, DC, US, 20005

Work Area: Information Technology

Expected Travel: 0 – 10%

Career Status: Professional

Employment Type: Regular Full Time

Additional Locations: Virtual – USA

***FOR THIS POSITION YOU MUST BE ABLE TO OBTAIN AND MAINTAN A US CLEARANCE SO YOU MUST BE A US CITIZEN***

SAP values the entrepreneurial spirit, fostering creativity and building lasting relationships with our employees. We know that a diverse and inclusive workforce keeps us competitive and provides opportunities for all. We believe that together we can transform industries, grow economics, lift societies, and sustain our environment. Because it’s the best-run businesses that make the world run better and improve people’s lives.
Role Description

The SAP Public Sector/Government Sr. Audit Specialist is a key partner with SAP External Auditors, as well as internal risk, continuous monitoring, remediation, and cyber compliance program managers. This position is key to safeguarding SAP, its customers, reputation, assets, and the interests of shareholders, by assisting in identifying audit issues, threats, and opportunities for the achievement of business objectives.

We are looking for candidates with specialized experience in government audit program like ITSG-33/Protected B, FedRAMP, PCI DSS, DoD compliance, IRAP CSA and ISMAP with a deep understanding of the public sector regulatory requirements that applies to use of cloud technology services for Federal and DoD customers. This position coordinates within SAP and with others to support all aspects of enhancing the Audit Support process, including but not limited to the implementation, maintenance and monitoring of internal and external audits, the development of audit dashboards as well as tracking and reporting of audit issues, to appropriate levels of management. They will also provide the operational support for the program through monitoring and analysis, and assessment activities in accordance with control objectives and activities.

Position Responsibilities

  • Manages the partnership and collaboration with external auditors and collect/report key metrics provided by multiple stakeholders, assist with the development and reporting of key audit dashboards for SAP products.
  • Oversees and maintain a centralized audit register and calendar for SAP products.
  • Lead the Internal Audit IT risk assessment process and provide input to a risk-based audit plan for SAP products.
  • Responsible for coordination of IT audit plan for SAP products
  • Develop valuable and positive relationships with the Product Lines of Businesses and other business leaders by offering practical insight on complex issues impacting operations, and system/infrastructure/technology related to SAP products.
  • Develop project plans and proposals. Establish timeline, schedule, stages of the project and prepare status reports as required.
  • Provide oversight and management of the external Audit Support program to ensure efficient execution and effective collaboration with external auditors related to SAP products.
  • Coordinate and support global audit professionals, providing direction and ensuring accomplishment of audits and projects for SAP products.
  • Assist audit support leadership in identifying opportunities to improve business processes and IT operations making recommendations to the audit team and to the relevant management teams for SAP products.
  • Report status on deliverables
  • Determine the impact of systems development and the implementation and use of technology on the operational and control environment (both technology and business functions) for SAP products.
  • Facilitate the audit, review and assessment of key processes and controls, as needed For SAP products.
  • Assist with reporting to Senior Management, as required.
  • Articulates the value and importance of audit, compliance, and risk management in a positive and business-sensitive manner to all business groups and sectors.

Job Specific Specialized Knowledge & Skills

  • The candidate must have a broad understanding of business functions and processes, IT processes, systems (e.g., SAP, Oracle, Salesforce), IT general controls and emerging technologies including cloud computing, mobile computing, privacy, and cybersecurity.
  • Understanding the role of an auditor, the definition of a high-quality audit and an understanding of expectations of all parties involved in an external audit.
  • Understand and align business strategy/objectives and influence decision making through appropriate internal control discussions.
  • Utilize quantitative and qualitative skills to analyze data and influence audit response and audit issues management/remediation plans.
  • Collaborate with others to promote the exchange of ideas and experience among stakeholders with responsibility for Audit Support and serve as independent voice to help pressure test risk and control levels and appropriate mitigation strategies.
  • The candidate must demonstrate proven success in working in a team, as well as independently and exhibit follow-through to understand root causes of issues.
  • This position requires handling multiple engagements with overlapping deadlines. A demonstrated ability to write clear, coherent, and precise reports on a multiplicity of complex technical issues is essential.
  • Strong stakeholder management skills with a focus on listening to stakeholder and customer needs.
  • Effectively innovate and implement policies, procedures, processes, controls, and approaches
  • Excellent business and commercial acumen – strong strategic and tactical agility.
  • Excellent communications skills, highly developed interpersonal skills, and strong ability to work collaboratively across the organization and obtain positive visibility and credibility quickly.
  • Detailed knowledge of IT security Risk Management (ITSG-33).
  • Demonstrate experience in the design, implementation and set to work networked security solutions to meet Government of Canada (GC) ITSG-33 security controls for classified projects or solutions.
  • Detailed knowledge of industry security standards (e.g., ISO, PCI DSS, SOC 2)
  • Ability to work both independently and within group.
  • Problem solving skills and ability to work under pressure.
  • Understanding of a variety of Vendor security solutions.
  • Understanding of network/ web technologies and protocols.
  • Through understanding of the latest security principles, techniques, and protocols.

Qualifications & Experience

  • Bachelor’s Degree in computer science, Information Systems Management, or other related fields or equivalent experience.
  • 4+ years of related professional experience – ideally with big 4 or equivalent audit, consulting, or industry experience
  • Industry experience in performing and/or participating with public sector standards and certifications including three of the following FedRAMP, PCI DSS, FISMA, DoD IL2/IL4, Australian IRAP Cyber Security Assessment, ISMAP
  • Working knowledge of Cloud IT processes and Cloud IT infrastructure
  • Relevant security certifications like CISA, ISA, PCIP, CISSP, CISM are an asset.
  • Experienced in the use of cybersecurity frameworks such as NIST, COBIT, ISO etc.

APPLY HERE