Senior Third Party Risk Management Specialist Job
With SAP in Newtown Square PA USMore jobs from SAP
Posted on February 07, 2020
About this job
Job type: Full-time
Role: System Administrator
Industry: Cloud Services, Customer Experience Management, Enterprise Software
Company size: 10k+ people
Company type: Public
Requisition ID: 243291
Work Area: Software-Design and Development
Expected Travel: 0 - 10%
Career Status: Professional
Employment Type: Regular Full Time
SAP started in 1972 as a team of five colleagues with a desire to do something new. Together, they changed enterprise software and reinvented how business was done. Today, as a market leader in enterprise application software, we remain true to our roots. That’s why we engineer solutions to fuel innovation, foster equality and spread opportunity for our employees and customers across borders and cultures.
SAP values the entrepreneurial spirit, fostering creativity and building lasting relationships with our employees. We know that a diverse and inclusive workforce keeps us competitive and provides opportunities for all. We believe that together we can transform industries, grow economics, lift up societies and sustain our environment. Because it’s the best-run businesses that make the world run better and improve people’s lives.
Senior Third Party Risk Management Specialist - Newtown Square, PA
EXPECTATIONS AND TASKS
- Support all Third-Party Risk Management (TPRM) activities to proactively identify, evaluate, and mitigate cyber security and operational risks.
- Identify and evaluate complex supply chain and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement.
- Identify and maintain an on-going list of all critical suppliers while providing status reporting to key stakeholders.
- Facilitate and manage the security risk assessment process and monitoring of remediation plans in accordance with the TPRM policy and standards.
- Track and monitor the status of each due diligence review and communicate the status with key stakeholders on a regular basis.
- Ensure timely and accurate notification and escalation of actual or potential risks involving third parties.
- Continuously assess any legal, regulatory, and external certification requirements of TPRM.
- Deliver reporting on all aspects of TPRM performance and effectiveness.
- Prepares third party risk reports to effectively communicate current residual risk status to business stakeholders.
- Identify opportunities to improve business resiliency through proactive management of TPRM.
- Collaborate with the global purchasing organization to ensure security requirements are part of the onboarding process and continuously improved based on the ever-changing threat landscape.
- Collaborate with the global legal organization to ensure contractual obligations are met from a security perspective.
- Stay informed about the latest developments in the TPRM field.
- Support all internal and external audit activities as they relate to TPRM.
- Ensure response/recovery planning and testing are conducted with critical suppliers/providers and report on the test results to key stakeholders.
- Work cross-functionally with team members to support and drive a collaborative team environment.
EDUCATION AND QUALIFICATIONS / SKILLS AND COMPETENCIES
- University Degree (e.g. Risk Management, Cyber Security, Finance, Supply Chain, or Business Administration)
- Certifications such as CRISC, CISSP, or CISA are a plus.
- Risk management experience preferably within TPRM or cyber security profession.
- Experience with TPRM threat scenarios, security controls, concepts, processes and tools.
- Experience with the National Institute of Standards and Technology (NIST) frameworks and NIST controls applicable to supply chain risk management.
- Experience with leading industry security standards, associated controls, and audit requirements for compliance.
- Ability to build a network and to collaborate with various teams globally.
- Excellent communication and presentation skills at the Executive Level, both verbal and in writing.
- Fluent in writing and speaking English
- At least 5 to 10 years of experience in Third-Party Risk Management (TPRM) or cyber security analyst roles.
- Prior experience driving strategic projects or initiatives.
- Experience in presenting to leadership teams summarizing findings to facilitate risk-based decisions.
- Newtown Square, PA
- Relocation is not available for this position
WHAT YOU GET FROM US
Success is what you make it. At SAP, we help you make it your own.
A career at SAP can open many doors for you. If you’re searching for a company that’s dedicated to your ideas and individual growth, recognizes you for your unique contributions, fills you with a strong sense of purpose, and provides a fun, flexible and inclusive work environment – apply now.
SAP'S DIVERSITY COMMITMENT
To harness the power of innovation, SAP invests in the development of its diverse employees. We aspire to leverage the qualities and appreciate the unique competencies that each person brings to the company.
SAP is committed to the principles of Equal Employment Opportunity and to providing reasonable accommodations to applicants with physical and/or mental disabilities. If you are interested in applying for employment with SAP and are in need of accommodation or special assistance to navigate our website or to complete your application, please send an e-mail with your request to Recruiting Operations Team. (Americas:Careers.NorthAmerica@sap.com or Careers.LatinAmerica@sap.com, APJ: Careers.APJ@sap.com, EMEA: Careers@sap.com). Requests for reasonable accommodation will be considered on a case-by-case basis. Successful candidates might be required to undergo a background verification with an external vendor.
EOE AA M/F/Vet/Disability:
Qualified applicants will receive consideration for employment without regard to their age, race, religion, national origin, gender, sexual orientation, gender identity, protected veteran status or disability.
Successful candidates might be required to undergo a background verification with an external vendor.