As an Assistant Manager - Information Security, you will be responsible for carrying out risk management, auditing and supporting Go-To-Market (GTM) teams within SAP LeanIX. You shall also be liaising with employees across the company and help with any Information Security related queries. The role involves plenty of learning opportunity for someone looking to grow within IT Risk / Auditing / Corporate Security domain.
WHAT IS WAITING FOR YOU?
- Coordinate external audits such as ISO 9001, ISO 27001, ISO 27018, SOC 1, SOC 2, TISAX, BSI C5, Cyber Essentials Plus
- Assist Information security team in responding to evidence requests and queries as part of the internal audits
- Respond to Request for Proposal (RFPs) and liaise with the Sales and Solution Engineering teams on security topics
- Support ongoing integration and continued compliance with SAP policies and procedures
- Follow-up with respective Point of Contact (POCs) on audit findings and support remediation
- Assist in execution of internal controls at SAP LeanIX such as log reviews, security incident management, phishing simulation exercises and risk management activities
- Liaise with relevant stakeholders and help in improvising existing processes
- Assist Information Security team with new projects and initiatives
WHAT ARE WE LOOKING FOR?
- Candidate must have 4+ years of hands-on experience in audit/ implementation of standards such as ISO 9001, ISO 27001, SOC 2 TSPs, TISAX, NIST 800 series, Cyber Essentials scheme
- Knowledge of information security program, control processes and audit procedures
- Relevant Security Certifications are a plus e.g. CISA, CISSP, CISM, CCSK, ISO 27001 LI, ISO 27001 LA, etc.
- Ability to multi-task and manage stakeholder expectations
- A drive to learn and grow within the IT Risk / Auditing / Corporate Security domain
- Any experience with standards and frameworks such as FedRAMP, ISO 22301, ISO 27017, ISO 27018, BSI C5, CSA STAR Level 2, HIPAA would be a plus
- Any experience in Web Application and Network penetration testing / Vulnerability Management is a plus