We help the world run better
At SAP, we enable you to bring out your best. Our company culture is focused on collaboration and a shared passion to help the world run better. We offer a highly collaborative, caring team environment with a strong focus on learning and development, recognition for your individual contributions, and a variety of benefit options for you to choose from.
YOUR FUTURE ROLE
SAP GS2 (Government Security) unit is looking for a VS-NfD (restricted) Multicontrolframework Sr. Specialist / Expert (f/m/d) focusing on building a Multicontrolframework for the restricted part of the SAP Cloud Infrastructure in Germany.
Your Future Role
As an Expert Multicontrolframework, you will play a key role in designing, implementing, and managing a comprehensive multicontrol framework on the classification Level of VS-NfD (restricted) that encompasses IT security, physical security controls, and compliance. You will ensure the highest level of security compliance for our cloud solutions provided to public sector and regulated industries customers, aligning with German data classification standards such as VS-NfD (Classified Information – For Official Use Only).
Your primary responsibilities will include:
- Setting up and support in managing a multicontrol framework that integrates IT security (technical and compliance) and physical security controls.
- Ensuring full compliance with VS-NfD and relevant standards such as IT baseline protection (IT-Grundschutz), ISO 27001, and IT Security Products (7164).
- Collaborating with internal teams and external auditors to prepare and provide comprehensive documentation and presentations that ensure conformity with these standards.
- Support to manage the entire security lifecycle for cloud solutions deployed in public sector and regulated industries, ensuring their alignment with the highest security standards.
- Consulting with customers during presales, helping to identify specific security requirements, developing solutions, and demonstrating how our products meet stringent regulatory needs.
- Be involved in maintaining strong relationships with supervisory authorities and ensuring successful external audits.
- Supporting and guiding cross-functional teams on security compliance strategies, particularly for public sector & regulated industries.
- Staying updated on emerging threats and security trends to continuously improve security frameworks.
- Providing leadership and guidance on cloud security best practices and working closely with technical teams to integrate security within cloud solutions.
YOUR PROFILE
You are an experienced and proactive security expert with a strong background in IT and physical security frameworks. Your profile should demonstrate some of the experience below:
- Master’s degree (or equivalent) in a relevant field
- 10+ years of total work experience including IT Security and/or compliance roles
- Experience with IT security frameworks and compliance standards, particularly VS-NfD, ISO 27001, and IT baseline protection (IT-Grundschutz).
- Knowledge and hands-on experience with IT security products (7164) and security architectures for cloud solutions.
- Experience and/or knowledge about working in VS-NfD environments, including familiarity with the requirements of authorities and regulated industries.
- Solid understanding of the public sector and regulated industries' unique security needs, including experience in setting up security controls for cloud solutions.
- Experience working with customers and presales teams, helping to tailor security solutions that meet their regulatory requirements.
- Good communication and presentation skills, with the ability to translate complex security requirements into clear, customer-ready documentation and presentations.
- Demonstrated ability to support or even lead external audits and communicate effectively with supervisory authorities and auditors.
- Cloud knowledge and experience, including the deployment and management of secure cloud environments in regulated industries.
- A high level of self-initiative, coupled with the ability to drive projects independently and within cross-functional teams.
- Track record in analyzing (national) security regulations and translating the requirements into corporate actions.
- Understanding of contractual terms and conditions for identification of required actions to protect government classified information.
- Knowledge about German National Industry Security Manual regulations
- Ability to analyze political situations and interdependencies in Germany.
- End-to-end understanding of government communication
- Fluency in German and English, both written and spoken.
- Willingness to undergo the process for a personal security clearance according to German Security Clearance Act
ABOUT THE TEAM
The SAP Government Security unit is part of the SAP CEO Board Area and ensures strict liability fulfillment of customers’ national security requirements, business enablement in sensitive industries and compliance with Critical Infrastructure and Telecommunications Compliance for SAP world-wide. The position will reside within the GS2 sub team GRIP (Government Resilience & Infrastructure Protection).