Employer: SAP

Our company culture is focused on helping our employees enable innovation by building breakthroughs together. How? We focus every day on building the foundation for tomorrow and creating a workplace that embraces differences, values flexibility, and is aligned to our purpose-driven and future-focused work. We offer a highly collaborative, caring team environment with a strong focus on learning and development, recognition for your individual contributions, and a variety of benefit options for you to choose from. Apply now!


As a Third Party Information Security Compliance Specialist on the Third Party Risk Management Team you will play an integral role in managing the ongoing enterprise program as well as working with stakeholders across SAP to enhance its maturity. The TPRM team’s function is to identify, assess, mitigate, monitor, and report on third party risks to SAP. The goal is to secure customer trust and protect SAP’s reputation by reducing the likelihood of a security incident, business disruption, or unethical actions taken by a third party.


Managing the assessment process:

  • Support all Third-Party Risk Management (TPRM) activities to proactively identify, evaluate, and mitigate cyber security and operational risks.
  • Establish strong partnership with SAP stakeholders and support the facilitation and management of the security risk assessment process and monitoring of remediation plans in accordance with the TPRM standard.
  • Track and monitor the status of assessments and communicate the status with key stakeholders on a regular basis.
  • Participate in the preparation of third-party risk reports to effectively communicate current residual risk status to business stakeholders.
  • Assist in properly classifying the relevance and impact of technical issues identified through ongoing monitoring platforms, such as BitSight or SecurityScorecard.
  • Able to communicate the risk and remediation methods to SAP stakeholders and third parties.

Program reporting

  • Participate in the timely and accurate notification and escalation of actual or potential risks involving third parties.
  • Support the identification and maintenance an on-going list of all critical suppliers while providing status reporting to key stakeholders.
  • Support the delivery of reporting on all aspects of TPRM performance and effectiveness.

Program enhancement

  • Support the continuous assessment of any legal, regulatory, and external certification requirements relating to TPRM.
  • Identify opportunities to improve business resiliency through proactive management of TPRM.
  • Support the collaboration with the global purchasing organization to ensure security requirements are part of the onboarding process and continuously improved based on the ever-changing threat landscape.
  • Support the collaboration with the global legal organization to ensure contractual obligations are met from a security perspective.

Role Requirements

  • University Degree or equivalent (e.g. Risk Management, Cyber Security, Finance, Supply Chain, or Business Administration)
  • Certifications such as CRISC, CISSP, or CISA as well as technical certifications in Microsoft and Linux platforms, as well as networking such as CCNA, CCNP, or Networking+ are a plus.
  • Risk management experience, preferably within TPRM or cyber security profession.
  • Experience with utilizing ongoing Security Risk platforms.
  • Knowledge of TPRM threat scenarios, security controls, concepts, processes and tools.
  • Knowledge of the National Institute of Standards and Technology (NIST) frameworks and NIST controls applicable to supply chain risk management.
  • Excellent communication and presentation skills, both verbal and in writing and an ability to build a network and to collaborate with various teams globally.
  • Fluent in writing and speaking English. Ability to read German and/or Spanish a plus.