SAP Cyber Security Expert

Translating the central CISO strategy into practical and pragmatic solutions within a major SAP system renewal program, which will eventually replace a number of OnPrem SAP solutions with S/4HANA PCE and a number of SAP SaaS satellites. This includes collecting and processing information from SAP or SI contracts, (IT) processes, risk analyses, and proposing and implementing mitigating actions (with IT suppliers and SAP or non-SAP teams within the IT department) to adequately secure the company's assets (physical and electronic information, data, and IT assets). This includes, among other things, compliance with the GDPR and NIS2 standards.

Main Activities:

• Information Security Management: - Serves as the point of contact for and assists the CISO with maintaining a central Information Security Management System (ISMS) in line with international (mandated) standards for everything related to the SAP transformation program and existing and new SAP solutions; - Actively monitors and supplements the various CISO dashboards and other information sources within the CISO community regarding existing and new SAP solutions; - Monitors the defined actions of internal and external audits for the ERP organization and provides monthly feedback to department management and maintains operational contact with the Internal Audit department;

• Information Risk Management: - Monitors the CISO processes, policies, and standards (and helps improve them) for defining, developing, and applying "information risk analysis, risk treatment and risk monitoring" to the business and IT processes that have been or will be implemented with the new SAP solutions; - Assists the ERP delivery teams with incorporating information risk management processes into the business and IT processes supported by existing or new SAP solutions; - Pragmatically conducts information risk analyses and monitors them together with the CISO for projects in the transformation process, as well as for operational existing situations; - Responsible for maintaining the section of the central CISO information risk register related to SAP solutions and projects; - Ensures that the risks and associated mitigating actions are clearly reported to the business owners, together with the CISO;

• CISO Solutions & Services: - Defines any requirements for cybersecurity solutions and services within the ERP organization, in close consultation with the central CISO team; - Collaborates with the CISO organization on controls for the cybersecurity services of the (IT) sourcing partners within the ERP organization; - Collaborates with the SAP Basis and central CISO teams to establish, maintain, and execute CSIRT (computer security incident response team) activities; - Guides the SAP Authorization team in setting up Identity & Access Management solutions and governance in line with central CISO guidelines;

• Governance, Policies & Awareness: - Supports the central CISO organization in developing and communicating within the ERP department policies, standards, procedures, and guidelines regarding information security and data protection; - Implements compliance and necessary controls within the ERP department according to central CISO agreements, legal regulations, and the agreed-upon review cycle; - Contributes to company-wide long-term information security awareness, in close collaboration with the HR team, internal communication, and existing training initiatives to raise awareness among internal and external employees about information security and privacy risks and teach them best practices; - Serves as the point of contact for security liaisons in the various departments for implementing policy, applying policies, and resolving security incidents with SAP solutions;

• Reporting: - Supports the central CISO team with quarterly reports to the executive committee; - Is responsible for drafting, preparing, and following up on status reports (progress, budget, resources, planning, project templates) on cybersecurity-related initiatives within the ERP organization; - Is responsible for drafting, preparing, and following up on reports on security findings from the CISO dashboards;

• IT Compliance Monitoring: - Supports the central CISO organization with establishing and maintaining an IT audit and IT compliance framework, in line with legal requirements or strategic IT objectives, and is responsible for the administrative follow-up of outstanding (audit) improvement proposals within the ERP organization and SAP solutions;- Establishes close collaboration with the Data Protection Officer and the Information

Risk Manager (risk identification) to exchange audit findings and compliance violations within the SAP applications or ERP organization; - Supports the execution of IT audits and IT compliance assignments based on information security and data protection policies and Information Risk Management processes, id