Manager, SAP Security & Security Operations

The Manager of SAP Security and Security Operations will manage key access management, technology controls, resilience, and cybersecurity efforts under the direction of Infrastructure & IT Operations and in concert with the divisional CISO. This role will play a crucial role in ensuring the integrity, confidentiality, and availability of our SAP systems. You will be responsible for designing and implementing robust security measures, managing SAP roles, and ensuring compliance with relevant regulations and standards. Your expertise will help us maintain a secure and efficient SAP environment that supports our business processes and objectives. This role will help develop vulnerability and risk management processes, oversee their implementation, and analyze company databases to identify and address potential security risks and vulnerabilities. Partner strategically with other internal teams and external stakeholders to design, adopt, and integrate appropriate controls, deliver consistent processes and solutions, and promote control automation. To support these efforts, a successful candidate will have in-depth knowledge of industry trends, standards, and proficiency with the latest cybersecurity tools and processes.

The Manager of SAP Security and Security Operations provides knowledge transfer on best practices and may be responsible for training IT and business members.

Key Duties and Responsibilities:

• Manage the operational, technological, and legal risks associated with the business.
• Design, develop, and maintain SAP security roles and authorizations with a focus on SAP ECC / FIORI and S4 HANA to meet business needs and compliance requirements.
• Lead the implementation of SAP Control Panel GRC (Governance, Risk, and Compliance) modules, including Access Control, Process Control, Risk Management and Fire Fighter Provisioning
• Develop and maintain documentation related to SAP security policies, procedures, and role designs.
• Provide expert guidance on SAP security best practices, risk management, and compliance strategies.
• Manage incident response for SAP security-related issues, including root cause analysis and preventive measures.
• Establish proper governance to control and proactively spot problems, vulnerabilities, and changes in the underlying systems’ risk profile.
• Help application, product, and information owners understand the overall risk profile so that the proper controls may be introduced.
• Proactively identify, assess, and manage inherent risks in our system and promote a risk-mitigating culture.
• Identify threats, risks, vulnerabilities, and relevant mitigation methods to support risk decisions and carry out security risk assessment operations.
• Drive transparent, quantifiable, and long-lasting control improvements by working together with the CISO, audit, compliance, business control management, and technology teams.
• Provide clear direction to business, product, and technology stakeholders so they can manage their risks effectively.
• Manage the access provisioning function to ensure effective IAM governance.
• Other duties as assigned.

Education and Qualifications:

• Bachelor’s degree in computer science, information security or a related field
• 5+ years of experience in technology or IT risk management
• Proven experience in SAP Security Architecture, with a strong focus on SAP ECC.
• Deep understanding of SAP security concepts, role design, GRC, and compliance management.
• Experience with SAP HANA, S/4HANA and FIORI security models is highly desirable.
• Experience supporting and securing infrastructure and applications.
• Certifications in SAP Security and/or GRC are required.
• Certifications like CISSP, CRISC, CISA, CISM, and CCSP would be preferred.

Required Skills:

• Proven track record in risk management, preferably in the audit or compliance activities, technology, or other pertinent control functions
• Proficient with firewalls, endpoint security, mobility management, and vulnerability scanning
• Demonstrated expertise in the management of technology and application risks and controls.
• Ability to build effective working relationships with teammates, subordinates, coworkers, and external organizations who are spread out geographically and from different cultural backgrounds.
• Demonstrated aptitude for analysis and problem-solving.
• Excellent communication skills in writing, speaking, and presenting.
• Outstanding interpersonal, negotiation, and persuasive abilities
• Strong organizational skills and the capacity to multitask successfully.

Work Environment:

• Working conditions are normal for an office environment.
• Some work may be performed in a manufacturing or warehouse environment.
• Hours may need to accommodate time zone differences as necessary for global operations.
• Up to 25% travel may be required for strategic planning and support activities.

Pay Range: $141,674-$207,788.

This “base salary range” is a reasonable estimate for this position at the time of posting. Pay within each range is based on a variety of factors including, but not limited to, to primary work job-related knowledge, skills, experience, business requirements and geographic location. ASSA ABLOY conducts regular review of compensation ranges and therefore reserves the right to alter this range at any given time. 

The above information is designed to indicate the general nature and level of work performed by employees within this job/classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job.

ASSA ABLOY is an Equal Employment Opportunity/Affirmative Action employer.

We are the ASSA ABLOY Group
Our people have made us the global leader in access solutions. In return, we open doors for them wherever they go. With nearly 61,000 colleagues in more than 70 different countries, we help billions of people experience a more open world. Our innovations make all sorts of spaces – physical and virtual – safer, more secure, and easier to access. 

As an employer, we value results – not titles, or backgrounds. We empower our people to build their career around their aspirations and our ambitions – supporting them with regular feedback, training, and development opportunities. Our colleagues think broadly about where they can make the most impact, and we encourage them to grow their role locally, regionally, or even internationally.

As we welcome new people on board, it’s important to us to have diverse, inclusive teams, and we value different perspectives and experiences.