We help the world run better
At SAP, we enable you to bring out your best. Our company culture is focused on collaboration and a shared passion to help the world run better. How? We focus every day on building the foundation for tomorrow and creating a workplace that embraces differences, values flexibility, and is aligned to our purpose-driven and future-focused work. We offer a highly collaborative, caring team environment with a strong focus on learning and development, recognition for your individual contributions, and a variety of benefit options for you to choose from.
NS2 COMPANY DESCRIPTION
SAP is the global market leader for business software and related services. SAP National Security Services Inc.® (SAP NS2®) is an independent U.S. subsidiary of SAP. At SAP NS2, we leverage best-in-breed technologies engineered by SAP to protect the lives, assets and information of Americans. We offer SAP solutions with specialized levels of security and support to meet the requirements of U.S. national security and critical infrastructure customers.
This position requires access to customer data; Must be a U.S. citizen. SAP NS2 does not offer Visa sponsorships for this role. All internals must have manager’s approval to transfer.
JOB SUMMARY:
The Senior Risk Specialist plays a pivotal role in NS2’s Office of the Chief Operating Officer (oCOO), working with both internal and external stakeholders to identify, assess, and mitigate business risks. This role involves identifying and remediating deficiencies in the design and operational effectiveness of internal controls to improve business process performance and the quality of products and services.
The Senior Risk Specialist will ensure compliance with SAP's risk management policies and model by facilitating comprehensive risk assessments, monitoring key business risks, and providing expert guidance on managing moderate to high complexity risks associated with opportunities, projects, and business-related issues across all of SAP NS2’s Lines of Business.
KEY RESPONSIBILITIES:
Enterprise Risk Management:
Stay abreast of industry best practices, emerging risks, and regulatory changes to enhance the effectiveness of the Risk & Assurance Program.
Provide expert advice and coaching to management and employees on enterprise risk management matters.
Conduct detailed risk assessments and business impact analyses to identify potential threats and weaknesses within the organization at the enterprise, process, system, and deal levels.
Develop and implement proactive strategies to address identified risks and resolve complex problems.
Identify and assess risks across various organizational areas, including operational, financial, strategic, and compliance domains.
Review and evaluate internal controls and make recommendations for subsidiary audits, including those involving subcontractors and partners.
Identify vulnerabilities, such as fraud risks and operational inefficiencies, and recommend appropriate mitigation measures.
Assist in designing controls using a blend of automated tools, manual procedures, analytics, and reporting mechanisms.
Monitor and evaluate the effectiveness of risk mitigation measures and adjust strategies as needed.
Evaluate the risk management practices of third-party vendors and service providers, including reviewing risk reports and identifying critical risks requiring remediation.
Coordinate the collection of necessary documentation, such as security certifications, audit reports, and compliance evidence.
Develop and report on program performance indicators and metrics related to risk and compliance to leadership.
Assurance (Internal Audit):
Collaborate with security, legal, compliance, and other stakeholders to enforce and assess adherence to compliance requirements.
Monitor and assess the organization’s compliance with legal requirements, guidelines, and industry standards based on applicable frameworks.
Plan, organize, and conduct internal audits, including financial, operational, process, and system audits.
Participate in the development and management of the internal and external audit program and plan.
Assess the effectiveness of internal control systems, including policies and procedures designed to prevent fraud, errors, and mismanagement.
Prepare detailed audit reports, document findings, and provide recommendations to management for process, control, and risk management improvements.
Track the implementation of audit recommendations and evaluate their effectiveness.
Skills, Knowledge, and Experience:
Extensive understanding of compliance and auditing practices and methodologies, such as IAA International Professional Practices Framework (IPPF), ISAE 3000/ISAE 3402/SSAE 18 (SOC 1/SOC), ISO27001, and ISO 9001.
In-depth knowledge of laws, regulations, and management standards relevant to cloud computing and publicly traded companies (e.g., NIST, C5, ISO 27001, SOX)
In-depth knowledge of risk management principles, methodologies, and best practices
Strong analytical and problem-solving skills with a proven ability to assess and mitigate risks effectively.
Excellent theoretical and practical knowledge of common IT Processes (e.g. ITIL) and Cloud Business practices
Experience with internal control frameworks, including COSO, COBIT, NIST, and ISO.
Demonstrated ability to work independently with minimal supervision.
Strong written and verbal communication skills.
Proven track record of teamwork and collaboration.
Education and Requirements:
BS/BA degree in Information Technology, Accounting, or a related field (or equivalent experience).
Minimum of 5 years of business experience in risk management or a relevant field with increasing responsibility.
Fluent in written and spoken English.
Additional Certifications are Desirable:
Certified Public Accountant (CPA)Risk Management Professional (RMP)
Certified Information Systems Auditor (CISA) Certified Risk and Compliance Management Professional (CRCMP) Certified in Risk and Information Systems Control (CRISC) Financial Risk Manager (FRM) Chartered Accountant (CA) Certified Internal Auditor (CIA) Project Management Professional (PMP) Hybird shcedule (1 day per week) in the Herndon, VA or Newtown Square PA office.
Bring out your best
SAP innovations help more than four hundred thousand customers worldwide work together more efficiently and use business insight more effectively. Originally known for leadership in enterprise resource planning (ERP) software, SAP has evolved to become a market leader in end-to-end business application software and related services for database, analytics, intelligent technologies, and experience management. As a cloud company with two hundred million users and more than one hundred thousand employees worldwide, we are purpose-driven and future-focused, with a highly collaborative team ethic and commitment to personal development. Whether connecting global industries, people, or platforms, we help ensure every challenge gets the solution it deserves. At SAP, you can bring out your best.
We win with inclusion
SAP’s culture of inclusion, focus on health and well-being, and flexible working models help ensure that everyone – regardless of background – feels included and can run at their best. At SAP, we believe we are made stronger by the unique capabilities and qualities that each person brings to our company, and we invest in our employees to inspire confidence and help everyone realize their full potential. We ultimately believe in unleashing all talent and creating a better and more equitable world.
SAP is proud to be an equal opportunity workplace and is an affirmative action employer. We are committed to the values of Equal Employment Opportunity and provide accessibility accommodations to applicants with physical and/or mental disabilities. If you are interested in applying for employment with SAP and are in need of accommodation or special assistance to navigate our website or to complete your application, please send an e-mail with your request to Recruiting Operations Team: Careers@sap.com.
For SAP employees: Only permanent roles are eligible for the SAP Employee Referral Program, according to the eligibility rules set in the SAP Referral Policy. Specific conditions may apply for roles in Vocational Training.
EOE AA M/F/Vet/Disability
Qualified applicants will receive consideration for employment without regard to their age, race, religion, national origin, ethnicity, age, gender (including pregnancy, childbirth, et al), sexual orientation, gender identity or expression, protected veteran status, or disability.
Compensation Range Transparency: SAP believes the value of pay transparency contributes towards an honest and supportive culture and is a significant step toward demonstrating SAP’s commitment to pay equity. SAP provides the annualized compensation range inclusive of base salary and variable incentive target for the career level applicable to the posted role. The targeted combined range for this position is 99000 - 216000(USD) USD. The actual amount to be offered to the successful candidate will be within that range, dependent upon the key aspects of each case which may include education, skills, experience, scope of the role, location, etc. as determined through the selection process. Any SAP variable incentive includes a targeted dollar amount and any actual payout amount is dependent on company and personal performance. Please reference this link for a summary of SAP benefits and eligibility requirements: SAP North America Benefits.
Requisition ID: 408470 | Work Area:Administration | Expected Travel: 0 - 10% | Career Status: Professional | Employment Type: Regular Full Time | Additional Locations: #LI-Hybrid