Orbia - SAP security and GRC Manager (Remote)

Orbia Advance Corporation is a Purpose-led company with big aspirations. We are out to advance life around the world while maximizing value to our shareholders, customers and employees. The Company is passionate about the topics that define how people will live and thrive tomorrow: the future of cities, buildings, agriculture, and materials. Orbia Advance Corporation has five business groups which offer innovative solutions across multiple industries including building and infrastructure, data communications, chemicals and more. In 2018, Orbia Advance Corporation bought a majority stake in Israeli-based Netafim, the world’s leader in drip irrigation, and is helping the world ‘grow more with less’ as it helps to solve food and water scarcity. Orbia Advance Corporation has operations in 41 countries with more than 22,000 employees.

We started as a producer of commodities and have evolved to become a provider of innovative solutions that address the global issues of rapid urbanization, water and food scarcity, and a growing and aging population. We’re already a global leader in Polymers, Fluor, Building & Infrastructure, Datacom, and Precision Irrigation. We have embarked on a CEO-led transformation, as part of our journey to become a truly purpose-led, future fit company.

JOB IDENTIFICATION:

Company: Orbia – Global Functions

Job Title: SAP Security & GRC Manager

Job Type: Full - Time

Reports To: Senior Manager, SAP & Application Security

Department: IT (Information Technology)

Location: LATAM/ APAC

MAIN PURPOSE:

The Manager, SAP Security & GRC is responsible for developing and delivering the SAP Security strategy in partnership with the Senior Manager of Application Security. The position will also be responsible for maintaining the SAP Security strategy and operations across multiple S/4 HANA and ECC environments. Primary responsibilities will include assessment, design, implementation and support of end user security, and SAP Access Control Risk Management leveraging SailPoint Access Request Management (SAP GRC experience or similar is acceptable).

EDUCATION & KNOWLEDGE REQUIRED:

• Minimum: Bachelor’s degree.
• Desirable: Bachelor’s degree in Computer science, Engineering or Business preferred.
• This position may require up to 30% hands-on SAP Security work.
• Deployment of SAP Security and GRC Framework for large and complex businesses.
• Knowledge/experience in SAP Risk management and remediation.
• Deployment of SAP Cyber security services and products.
• Familiarity with relevant regulations, such as SOX (Sarbanes Oxley), GDPR / data privacy, PCI-DSS, etc.
• Enabling SNC and TLS SAP encryption protocols.
• Good documentation, communication, and organization skills.
• Good analytical and troubleshooting skills.
• Capability to multi-task and play distinct roles in a dynamic environment.
• Ability to operate independently with minimal oversight.
• Up to 10% travel is required based upon business needs.
• Ability to build strong partnerships in a matrixed environment.
• Excellent communication skills, written, verbal.
• Ability to learn, grow and take on expanded duties as business needs evolve.
• Excellent leadership skills and ability to communicate and influence at all levels and inspire through leadership to develop individuals and teams.
• Superb judgment and integrity, including excellent decision-making skills and a sense of urgency.

EXPERIENCE REQUIRED:

• 12+ years SAP Security experience including the following:

• 2+ years securing custom transactions, tables, and programs.
• 3+ years in SAP S/4HANA.
• 2+ years in SAP BW4HANA/SAC/Solution Manager.
• 2+ years in SAP MDG/Fiori.
• 3+ years leading security design workshops.
• 2+ years in HANA Database security.
• 5+ years of experience in SAP GRC Access Control or similar.
• 2+ years SAP Vulnerability Management, Code Scanning and SAP Privileged Access Management.
• Experience automating user provisioning processes and managing user access reviews.
• Understanding of best practice within Information Security and risk management including standards such as ISO/IEC 27001.
• Experience in large business transformation, across business areas, countries, and cultures

• Talent management and development.

LANGUAGES REQUIRED:

• English (Fluent)
• Spanish (Desirable)

MAIN RESPONSIBILITIES:

• Leads the development of security standards and frameworks for SAP security & GRC.
• Provides assurance against such standards and frameworks across the entire SAP footprint.
• Selects, deploys, and operates appropriate SAP application security toolsets (e.g., SAP Code Scanning, SAP Vulnerability Management, Quality Assurance, Privileged Access Management etc.)
• Functionally directs and partners with teams of security professionals and management staff in the successful fulfilment of security delivery commitments.
• Ensures information security is embedded across the SAP ecosystem.
• Responsible for managing end to end GRC services for SAP.
• Manages and maintains SailPoint Access Request Management platform (formally ERP Maestro) and SailPoint IIQ integration with SAP for user provisioning (SAP GRC experience is acceptable.)
• Partners with Finance Compliance to ensure segregation of duties and sensitive access management are built into role designs and associated risks are remediated or mitigated.
• Supports SAP Vulnerability Management platforms and enforcing service level objectives for remediating vulnerabilities.
• Supports and manages the implementation of end-to-end encryption for all SAP integrations, databases, and storage.
• Assists with all SAP IT audit functions.
• Leads compliance activities and remediation efforts with SAP focused initiatives.
• Documentation updates including SOPs, Work Instructions and Knowledge articles.
• Partners with other IT Teams to maintain regulatory compliance for SAP including GDPR.
• Collaborates with other security domains across Application, Infrastructure and Cyber Security.
• Evangelizes information security and drive security awareness and training.
• Stays abreast of relevant information security regulations that impact SAP applications and drive programs to ensure proactive compliance.

Our Global brands: Dura-Line, Koura Global, Vestolit, Netafim, Alphagary, Wavin.

They offer a broad range of value added solutions and finished products that contribute to customers’ success and ultimate improve the quality of life for people around the world. Along its commitment to good citizenship, Orbia Advance Corporation delivers Total Value to customers, employees and investors worldwide, every day.