Managing the assessment process:
- Support all Third-Party Risk Management (TPRM) activities to proactively identify, evaluate, and mitigate cyber security and operational risks.
- Establish strong partnership with SAP stakeholders and support the facilitation and management of the security risk assessment process and monitoring of remediation plans in accordance with the TPRM standard.
- Track and monitor the status of assessments and communicate the status with key stakeholders on a regular basis.
- Participate in the preparation of third-party risk reports to effectively communicate current residual risk status to business stakeholders.
- Assist in properly classifying the relevance and impact of technical issues identified through ongoing monitoring platforms, such as BitSight or SecurityScorecard. Able to communicate the risk and remediation methods to SAP stakeholders and third parties.
- Participate in the timely and accurate notification and escalation of actual or potential risks involving third parties.
- Support the identification and maintenance an on-going list of all critical suppliers while providing status reporting to key stakeholders.
- Support the delivery of reporting on all aspects of TPRM performance and effectiveness.
- Support the continuous assessment of any legal, regulatory, and external certification requirements relating to TPRM.
- Identify opportunities to improve business resiliency through proactive management of TPRM.
- Support the collaboration with the global purchasing organization to ensure security requirements are part of the onboarding process and continuously improved based on the ever-changing threat landscape.
- Support the collaboration with the global legal organization to ensure contractual obligations are met from a security perspective.
- University Degree or equivalent (e.g. Risk Management, Cyber Security, Finance, Supply Chain, or Business Administration)
- Certifications such as CRISC, CISSP, or CISA as well as technical certifications in Microsoft and Linux platforms, as well as networking such as CCNA, CCNP, or Networking+ are a plus.
- Risk management experience, preferably within TPRM or cyber security profession.
- Experience with utilizing ongoing Security Risk platforms.
- Knowledge of TPRM threat scenarios, security controls, concepts, processes and tools.
- Knowledge of the National Institute of Standards and Technology (NIST) frameworks and NIST controls applicable to supply chain risk management.
- Excellent communication and presentation skills, both verbal and in writing and an ability to build a network and to collaborate with various teams globally.
- Fluent in writing and speaking English. Ability to read German and/or Spanish a plus.
Job Segment:Cyber Security, Compliance, ERP, Network, Cloud, Security, Legal, Technology