SAP SAP NS2 Senior Information Security Compliance Specialist - DC Metro area 

United States, Virginia 

150583025

Washington, DC Metro area preferred.

As a Senior Information Security Compliance Specialist you will help improve the risk posture of the organization. You will advise the implementation of policies, procedures, and standardsto govern the protection of corporate infrastructure and applications.

Key responsibilities may include:

• Design, build, and deploy risk management best practices and capabilities
• Identify opportunities to mature and improve risk capabilities, including risk sensing, risk assessment, analytics, reporting, and metrics
• Ensure up to date documentation and socialization of policies and procedures
• Actively research and analyze current security trends, methodologies, issues, technologies, and latest regulatory requirements
• Maintain awareness of evolving compliance standards based on industry and geographic jurisdiction

Key tasks may include:

• Guide the development of a risk framework and risk matrix to assist with assessing the organization’s risk appetite
• Implement existing and new compliance requirements
• Provide risk mitigation recommendations and work with technology and business partners to help mitigate technology risk observations
• Assist leadership with establishing metrics; report performance against established risk metrics
• Collaborate with business and IT stakeholders to assess project risks and controls, and to develop/update Business Continuity Plan and Disaster Recovery Program
• Conduct third party risk assessments to ensure compliance to required standards
• Ensure adherence of risk policies with SAP NS2 standards
• Enhance internal audit functions to increase process efficiency
• Provide reports on analysis and corrective actions in the event of security incidents and alerts
• Support external audit processes, as needed
• Perform business impact analysis and develop/maintain risk register
• Coach junior staff to develop knowledge base in the team
• Conceive and roll out applicable communication and training packages to business and technology stakeholders
• Stay abreast on emerging regulatory updates, technological trends, and changing threat landscape to inform new policies and standards
• Oversee other members of the team during planning, implementation and operations of various comliance and risk frameworks

Experience and Education:

• Bachelor’s degree or relevant work experience
• 5-10 years’ experience working in risk management and compliance functions
• Familiarity with Risk Management solutions and processes
• Familiarity with security laws, strategies, processes, standards, and services
• Security Certifications like CISSP, CISA, CISM, GCFA, GCIH, GCIA, GNFA, GREM, GCCC, or Security+ are an asset

We win with inclusion

Washington DC