Job Location

Job Description

Overview of the job

Senior Manager – SAP Security Governance: Risk and Compliance Management

This role reports to SAP Platform Security Director.

Your Team

About the SAP Security Governance Team

The SAP Security Governance Team performs P&G’s SAP systems' “second line of defense” activities, ensuring compliance, risk management, and control effectiveness for SAP Security End to End.  The SAP Security Governance Team oversees, assesses, and handles risk and compliance activities, develops, and deploys the Risk and Compliance Management framework, and serves as an expert in the SAP Risk and Compliance domain.

Click here to hear from the Functional Leader!

About P&G IT

Digital is at the core of P&G’s accelerated growth strategy. With this vision, IT in P&G is deeply embedded into every critical process across business organizations comprising 11+ category units globally creating impactful value through Transformation, Simplification & Innovation. IT in P&G is sub-divided into teams that engage strongly for revolutionizing the business processes to deliver exceptional value & growth - Digital GTM, Digital Manufacturing, Marketing Technologist, Ecommerce, Data Sciences & Analytics, Data Solutions & Engineering, Product Supply. 

Job Profile

Technical Leader - IT

Job Location

Mumbai, India

Job Schedule

       Full time

Job Description

Position Overview: 

We are seeking a highly skilled and experienced professional to assume the role of Senior Manager, SAP Basis Security Governance. In this strategic position, you will support our SAP systems' "second line of defense" activities, ensuring compliance, risk management, vulnerability management, and control effectiveness across the entire SAP ecosystem, including the platform, database, and operating system. You will be responsible for establishing P&G’s SAP Security Risk and Compliance Management framework, including controls monitoring and automation. Your expertise will be crucial in maintaining the integrity of our SAP landscape and supporting the organization's overall risk management framework. The SAP Security Governance Team oversees, assesses, and manages risk and compliance activities, develops and deploys the Risk and Compliance Management framework, and serves as an expert in the SAP Risk and Compliance domain.

In your role, you will govern key access management, technology controls, hardening, business continuity, resilience, and cybersecurity efforts in collaboration with the Director of SAP Security Second Line of Defense. You will play a critical role in ensuring the integrity, confidentiality, and availability of our SAP systems by governing the design and implementation of robust security measures, managing SAP vulnerabilities, and ensuring compliance with relevant regulations and standards. Additionally, you will help develop vulnerability remediation and risk management processes, help establish SAP security baseline and oversee its implementation. This role requires strategic partnerships with first line of defense teams, internal stakeholders, and external partners to design, adopt, and integrate effective controls while promoting control automation. The ideal candidate will possess in-depth working knowledge of Basis architecture, industry trends, standards, and proficiency with the latest cybersecurity tools and processes, contributing to a secure and efficient SAP environment that supports our business processes and objectives.

Job Responsibilities:

• Provide technical governance and is responsible for reviewing and further evolving best practices, polices, standards, framework, guidelines and approach
• Contributes to IT project governance reviews and provides the necessary application governance in support of our standards
• Support the SAP Security Strategy and Governance Framework on an operational level, acting as both a controls framework specialist and control monitoring / automation tool specialist, supporting security related tasks across lines of defense
• Support the development, deployment, and continuous improvement of SAP risk management strategies and frameworks.
• Enforce compliance with relevant industry standards, regulations, and internal IT policies related to SAP systems.
• Work closely with internal audit teams to ensure SAP-related audits are conducted effectively and timely, addressing any findings or deficiencies.
• Design and implement robust control frameworks for SAP processes, collaborating with process owners and IT teams to ensure controls are practical and effective.
• Deliver and maintain incident response plans for SAP systems, ensuring the organization is prepared to address potential security breaches or operational disruptions.
• Establish proper governance to control and proactively spot problems, vulnerabilities, and changes in the underlying systems’ risk profile.
• Help application, product, and information owners understand the overall risk profile so that the proper controls may be introduced.
• Proactively identify, assess, and manage inherent risks in our system and promote a risk-mitigating culture.
• Identify threats, risks, vulnerabilities, and relevant mitigation methods to support risk decisions and carry out security risk assessment operations.
• Stay up to date with SAP security trends, patches, and vulnerabilities to ensure the protection of SAP environments.
• Recommend improvements to security policies, role configurations, and user access processes.
• Foster strong working relationships with various customers, including IT, finance, legal, compliance, and external auditors, to align SAP second line of defense activities with broader organizational objectives.
• Support Director of SAP Security Governance: Risk and Compliance Management and be a part of a high-performing team responsible for SAP risk management, controls, and compliance activities.
• Support Director of SAP Security Governance: Risk and Compliance Management communicate risks and outages up to management and across lines of defense for remediation.

Job Qualifications

Qualifications:

• Bachelor’s degree in business, Information Systems, or a related field
• Extensive experience (5+ years) in Security, Basis, Audit, risk management, internal controls, compliance, or a related field, focusing on SAP systems.
• Extensive and broad-based experience and expertise with all stacks of SAP infrastructure and Application stack with demonstrated understanding of SAP Security, Basis, Risk, and compliance control within a large and diverse enterprise environment or business community. 
• Knowledge of SAP systems engineering fundamentals (cloud, storage, operating systems)
• Knowledge of SAP Automation Tools such as SAP Focus Run, SAP Solution Manager, Security Weaver, Security Bridge.
• Solid understanding of SAP processes, modules, and configurations, including ECC, S/4HANA, BTP, SAP Platform Basis, HANA DB, Integration, OS, and related technologies.
• Proficient in SAP security administration, encompassing OS and HANA database environments, including knowledge of authorization concepts, deployment, and implementation of security controls, conducting audits and vulnerability assessments, alignment to standard methodologies, user management, fix, collaboration with multi-functional teams, and risk mitigation.

Preferred

• Master's degree preferred in business, Information Systems, or a related field.
• Ideally, knowledge of the P&G information security framework and the SAP Enterprise Security Control Framework
• Demonstrable record of accomplishment of leading and managing multi-functional teams, fostering collaboration, and achieving results.
• Identifying key risks and controls, knowledge of Sarbanes Oxley readiness controls optimization, and configuring controls around security, business process, and within the GRC modules.
• Knowledge of IT SAP security tools such as code scanners, GRC tools, or tools for SAP SoD monitoring.
• Relevant certifications such as Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), SAP HANATEC or equivalent are a plus. Experience in working with regulatory requirements and industry standards (e.g., SOX, GDPR) about SAP systems.
• Knowledge of the NIST cybersecurity framework.
• Traditional/waterfall and agile project management skills, strong analytical and problem-solving abilities, with keen attention to detail
• Manage incident response for SAP security-related issues, including root cause analysis and preventive measures.

Compensation for roles at P&G varies depending on a wide array of non-discriminatory factors including but not limited to the specific office location, role, degree/credentials, relevant skills, and level of relevant experience. At P&G compensation decisions are dependent on the facts and circumstances of each case. Total rewards at P&G include salary + bonus (if applicable) + benefits.  Your recruiter may be able to share more about our total rewards offerings and the specific salary range for the relevant location(s) during the hiring process.

We are committed to providing equal opportunities in employment. We value diversity and do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

Immigration Sponsorship is not available for this role. For more information regarding who is eligible for hire at P&G along with other work authorization FAQ’s, please click HERE.

Procter & Gamble participates in e-verify as required by law.

Qualified individuals will not be disadvantaged based on being unemployed.

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

Information Technology at Procter & Gamble is where business, innovation and technology integrate to create a competitive advantage for P&G. Our mission is clear - we deliver IT to help P&G win with consumers. As a P&G IT professional your subject knowledge expertise will be applied to diverse business problems delivering groundbreaking, technology advancing, business models and capabilities. Whether your role is to create an IT innovation strategy for a business, protect our critical information systems and assets, or build a completely new way of operating, your technical knowledge will be recognized and rewarded. Your career in IT at P&G will build you through growing your technical, leadership, and influence skills; expand your perspective via experiences across multiple businesses; and cultivate depth of expertise in areas like Engineering, Analytics, Product Management, Security, etc.,

What we offer is an interesting and diverse set of opportunities to solve problems that come with being one of the largest consumer goods companies in the world. You have many interests, and our scale enables you to explore these interests and apply your problem-solving skills.

Visit http://www.pg.com to know more.

About us:

We produce globally recognized brands, and we grow the best business leaders in the industry. With a portfolio of trusted brands as diverse as ours, it is paramount our leaders can lead with courage the vast array of brands, categories and functions. We serve consumers around the world with one of the strongest portfolios of trusted, quality, leadership brands, including Always®, Ariel®, Gillette®, Head & Shoulders®, Herbal Essences®, Oral-B®, Pampers®, Pantene®, Tampax® and more. Our community includes operations in approximately 70 countries worldwide. 

We are an equal opportunity employer and value diversity at our company. We do not discriminate against individuals   on the basis of race, color, gender, age, national origin, religion, sexual orientation, gender identity or expression, marital status, citizenship, disability, HIV/AIDS status, or any other legally protected factor. 

Just so that you know: We are an equal opportunity employer and value diversity at our company. Our mission of Diversity and Inclusion is: “Everyone valued. Everyone included. Everyone performing at their peak.”

"At P&G, the hiring journey is personalized every step of the way, thereby ensuring equal opportunities for all, with a strong foundation of Ethics & Corporate Responsibility guiding everything we do.
All the available job opportunities are posted either on our website - pgcareers.com, or on our official social media pages, for the convenience of prospective candidates, and do not require them to pay any kind of fees towards their application.”

Job Schedule

Job Number

Job Segmentation