Deloitte | India Offices of the US

SAP Security Manager

The team

The Deloitte Global Cybersecurity function is responsible for enhancing data protection, standardizing and securing critical infrastructure, and gaining cyber visibility through security operations centers. The Cybersecurity organization delivers a comprehensive set of security services to Deloitte’s global network of firms around the globe.

Work you’ll do

As part of the Global Cybersecurity team, responsibilities will be to work with customers to deliver technical assessments against a broad range of services, illustrative duties will include:

Strategic

• Lead the operations of services support the assessment of SAP business services.
• Provide strategic insight on service roadmap, opportunities, and enhancements.
• Take ownership for the delivery of the service and its value proposition to customers.

 Operational

• Support the enhancement and delivery of operational processes, rules of engagements and methodologies to deliver quality vulnerability analysis, alerting/alarms, security control enforcement and monitoring to Deloitte.
• Executing ongoing and ad hoc security assessments using a mixture of tools to help driver organizational risk reduction.
• Act as the service reviewer for enhancing technical configurations, monitoring capabilities and customer alerting to increase service value and insight to customers.
• Own and develop customer facing materials to increase understanding, enhance value and drive understanding of security related risk of operating SAP business services and the customization that business teams may develop.
• Build customized reports with filtering capabilities for identifying proper owners of vulnerabilities. Knowledge required to determine who owns the vulnerabilities either the SAP Basis or SAP Security teams so they can take immediate remediation actions.
• Developed understanding of the various SAP systems S/4, Fiori, PO, GRC, Sidecar, SLT, SolMan, Redwood, ECC, Gateway/Fiori
• Management and oversight of operational service team, to ensure quality delivery, service evolution and staff development and retention approaches.
• Lead tooling deployment and new customer configurations

Relationship Management

• Take the lead in presenting the service to existing and potential new customers, articulating the value and benefits of the service to customers. Ensure appropriate feedback loops are in place with customer to continue enhance services based on customer needs.
• Support member firm liaisons with member firm and DTTL management and technical teams to ensure they are consuming all the offered Services within the Risk Management group across the globe and to ensure member firm expectations are being met
• Collaborates with the Attack Surface Assessment group to understand trends, issues and risks and to exchange expertise

Requirement 

Education

• Bachelor’s degree in computer science, Cyber Security, International Cyber Security, or equivalent education experience.
• Candidates with relevant work experience below would also be considered

Work experience

• Minimum of 5 years of combined experience in Cyber Security, Vulnerability Management or Application Testing
• At least 2 years’ experience conducting assessment and experience of SAP in the following areas.
• SAP Penetration testing
• SAP Code Assessment (ABAP)
• Sap Vulnerability and Compliance
• SAP Development & Engineering
• Experience with SAP assessment tools such as Onapsis, Layer 7, Security bridge will be required.
• Developer skill knowledge of ABAP and Java to support code assessment of SAP business products.
• Risk Management – ability to convey technical risks to business managers and executives.
• Application/Infrastructure/Architecture experience – experience with managing and configuring on-premises scanning tools infrastructure hosted in a cloud environment. Responsibilities for this role include the following: tuning/testing of all Onapsis components, upgrades for both the Onapsis components and Ubuntu Operating System, hardening of servers/appliances, SMTP, OS patching, and consistent management of cloud costs.
• Ability to develop reports, metrics, dashboards, and capability to articulate the data presented within the reports to senior management and technical staff.
• Experience working with variety of cultures across the globe and have the patience, understanding and empathy to work collaboratively and effective.
•  Ability to accurately describe the OWASP Top 10 most common application security vulnerabilities found on most websites or back-end applications.

Professional security management certification required (at least 1 active certification from any of the following), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials