Senior Member Technical Staff

We seek a highly skilled and experienced professional to assume the Senior Manager of SAP Second Line of Defense role. In this strategic leadership position, you will oversee our SAP systems' “second line of defense” activities, ensuring compliance, risk management, and control effectiveness for SAP Security End to End. Your expertise will be crucial in maintaining the integrity of our SAP landscape and supporting the organization's overall risk management framework. The SAP Security Governance Team oversees, assesses, and leads risk and compliance activities, develops, and deploys the Risk and Compliance Management framework, and serves as a guide in the SAP Risk and Compliance domain. The Senior Manager’s role will ensure that the SAP Security Strategy and Risk and Compliance Management frameworks are always up-to-date, new threats are continuously included, and the approaches are understood and applied consistently across all 3 lines of defense.

Senior Manager – SAP Security Governance: Risk and Compliance Management will establish P&G – SAP Security Risk and Compliance Management, “second line of defense” organization and serve as the governing body carrying out the responsibilities of this key team.

Key Responsibilities:

Establish and handle the SAP Security Strategy and Governance Framework, acting as the key contact for all SAP security related tasks across lines of defense.

Risk Management:

• Lead the development, implementation, and continuous improvement of SAP risk management strategies and frameworks.
• Identify and assess risks associated with SAP processes, applications, and data, collaborating with relevant partners to prioritize risk mitigation efforts.

Compliance and Governance:

• Establish and implement compliance with relevant industry standards, regulations, and internal IT policies related to SAP systems.
• Work closely with internal audit teams to ensure SAP-related audits are conducted effectively and timely, addressing any findings or deficiencies.

Controls Development and Monitoring:

• Design and implement robust control frameworks for SAP processes, collaborating with process owners and IT teams to ensure controls are practical and effective.
• Develop key performance indicators (KPIs) and metrics to monitor control effectiveness and promptly address deviations.
• Deploy and ensure trainings on controls and standards across lines of defense.

Incident Response and Issue Management:

• Develop and maintain incident response plans for SAP systems, ensuring the organization is prepared to address potential security breaches or operational disruptions.
• Lead investigations into SAP-related incidents, coordinating with IT security teams, internal audit, and legal departments as necessary.

Stakeholder Collaboration:

• Champion strong working relationships with various stakeholders, including IT, finance, legal, compliance, and external auditors, to align SAP second line of defense activities with broader organizational objectives.

Team Leadership:

• Build and lead a high-performing team responsible for SAP risk management, controls, and compliance activities.
• Provide guidance, mentorship, and professional development opportunities to team members.

Reporting and Communication:

• Communicate risks and outages up to management and across lines of defense for remediation.
• Prepare regular reports for executive leadership and relevant committees, providing insights into SAP risk and control status, emerging issues, and recommended actions.

Job Qualifications

Qualifications:

• Bachelor’s degree in business, Information Systems, or a related field; master's degree preferred.
• Extensive experience (7+ years) in Audit, risk management, internal controls, compliance, or a related field, focusing on SAP systems.
• Extensive and broad-based experience and expertise with all stacks of SAP infrastructure and Application stack with demonstrated understanding of SAP Security, Risk, and compliance control within a large and diverse enterprise environment or business community.
• Solid understanding of SAP processes, modules, and configurations, including ECC, S/4HANA, SAP Platform Basis, Integration, Operating Systems, and related technologies.
• Demonstrable record of accomplishment of leading and running multi-functional teams, fostering collaboration, and achieving results.
• Identifying key risks and controls, knowledge of Sarbanes Oxley readiness controls optimization, and configuring controls around security, business process, and within the GRC (Governance, Ri modules.
• Relevant certifications such as Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), or equivalent are a plus.
• Superb communication, presentation, and interpersonal skills.
• Strong analytical and problem-solving abilities, with keen attention to detail.
• Experience in working with regulatory requirements and industry standards (e.g., SOX, GDPR) about SAP systems.
• Leading teams to generate a vision, establish direction and motivate members, create an atmosphere of trust, leverage diverse views, coach staff, and encourage improvement and innovation.
• Prior success in roles managing in a professional services firm or large enterprise as a consultant, auditor or business process specialist is preferred.