Description
Our client has started a project with the goal to implement - in alignment with the related business departments - a new ERP application platform for financial and supply chain processes. While the project team is currently in the final phase of the global design of the business processes, the team is at the same time looking forward in order to determine what further support is required during the design & planning and execution phase. A key role has been identified with respect to the support of the application implementation of security processes and controls.
The Role
We are looking for a Senior Information Security professional who has large experience in the implementation of the required security processes and controls in an ERP application platform based on SAP HANA R/4. The professional will be responsible for the development of a systematic approach/framework that can be used controlling of all relevant security activities, processes, and deliverables during the project life cycle. The scope of the work includes all cyber security framework functions: predict, prevent, detect, respond, and recover, as well as security and IT compliance aspects.
It is the task of the security professional to participate in working groups, in which the project approach, application design, configuration and process implementation are being discussed and roadmaps are defined. The security professional has to make sure that security controls are sufficiently documented by the suppliers, changes in standard operating procedures are noted and executed and processes are aligned between the I&O team, the Security Operations Team and the Service Integration vendor.
Roles and responsibilities of the organization, the Service Integration vendor, the ERP supplier, and the Security Professional have not been defined in all details, yet. Therefore, we are looking for a pragmatic and flexible professional, who has a hands-on attitude, is enthusiastic in transforming chaos into structure and knows how important it is to start with small wins while having the bigger end picture in mind.
The security professional needs to have a broad knowledge and expertise in the security aspects of SAP HANA R/4. A professional who likes the technical aspects of IT and IT security but has the capability to think like an architect. Of course, we expect that the professional is fully up to date about new developments in cyber security and security legislation and SAP HANA security and has an excellent understanding of security threats and vulnerabilities while also being capable to translate these into business risks on technical, as well as process and enterprise levels. The professional actively follows the current developments in (technical) security solutions, cyber security regulations, SAP security standards, security operations and can apply these in a pragmatic, risk-based manner. Extremely important is that the professional is capable in taking decisions and driving towards results, while at the same time looks for guidance, cooperation and collaboration when required.
Timelines/Capacity
We expect a hiring period from May 2021 till end of September 2021 for 5 days/week with a possible extension by 3 months.
Key Responsibilities
- First point of contact for the security team and the ERP project team for all questions, issues, actions related to security controls and processes.
- Creates and maintains a security framework for the implementation of SAP HANA for the organization and aligns roles & responsibilities in implementation and monitoring with the project and security team.
- Monitors and documents the successful implementation of security controls, procedures and processes, in particular gaps in security controls that require further improvement actions.
- Actively aligns about technical security standards and baselines with Security Officers DK/US and CISO.
Knowledge & Experience
- Certifications such as CISSP, CCSP or similar are required
- More than 7 years of demonstrable work experience in leading security roles in ERP/SAP implementation projects;
- Excellent knowledge of ERP processes in general, and SAP security frameworks in particular, combined with an insight in threat actors and attack vectors
- Outstanding know-how of the NIST security framework, the ISO270xx security standards and CIS benchmarks and controls.
- Working experience in multinational organizations and virtual teams
- Excellent communication skills, ie being able to communicate effectively with different stakeholders and to deal with the different interests in the organization
- Excellent communication skills in English