Sr Information Security Compliance Analyst Job

Requisition ID: 171275
Work Area: Software-Development Operations
Expected Travel: 0 - 10%
Career Status: Professional
Employment Type: Regular Full Time


As market leader in enterprise application software, SAP helps companies of all sizes and industries innovate through simplification. From the back office to the boardroom, warehouse to storefront, on premise to cloud, desktop to mobile device – SAP empowers people and organizations to work together more efficiently and use business insight more effectively to stay ahead of the competition. SAP applications and services enable customers to operate profitably, adapt continuously, and grow sustainably.


Security and Privacy are vital components of SAP Ariba's success as a cloud company.  Our customers entrust us with their Confidential Business Transactional Data and some Personally Identifiable Information because of the value that we add by processing that data for them. SAP Ariba’s Trust Office team is responsible for identifying, assessing and managing threats, vulnerabilities, and associated risks to Ariba’s information assets and resources. This includes providing expertise and operating and maintaining various integrated security technologies to protect the integrity, confidentiality and availability of all information resources throughout a highly distributed cloud environment. Success will depend upon building rapport and credibility with multiple stakeholders across SAP Ariba. As a leader in Cyber Security, this candidate will have opportunities to mentor, support, and contribute to goals and initiatives that ensure the secure usage of technology, industry standards, and best practices. If you want to be a game changer in building confidence in the cloud for our customers, consider joining our team. We are looking for ambitious people who thrive in a dynamic environment, are passionate about security and ready for a challenge.


The Sr. Information Security Compliance Analyst evaluates, tests, documents, tracks, and improves security controls and collaborates with Operations, General Counsel and Risk Management, Security Services and other stakeholders to ensure compliance requirements and contractual and service level deliverables are met. The Sr. Information Security Analyst, as representative of SAP Ariba, engages and supports both internal and external auditors who are performing audits of security systems used by SAP Ariba. The Sr. Information Security Analyst maintains strong knowledge of applicable security compliance frameworks, standards, and regulatory requirements.



  • Review existing security compliance controls for customer, contractual, regulatory, and policy requirements and perform the necessary gap analysis. Consider future industry certifications such as FedRAMP, HIPAA and ITAR.
  • Prepare control implementation evidence including process, policy, data flow diagrams etc.
  • Support audit/compliance programs, working closely with internal teams to ensure audit readiness, design control language and communicate control strengths and weaknesses.
  • Create and maintain internal and external audit schedules and prioritize, facilitate and track audit related processes, activities, tasks and deliverables.
  • Describe, evaluate and support testing of manual and automated controls throughout the environment, in liaison with internal and external auditors.
  • Performs audit preparation and manage identified remediation required for the compliance standards in scope of SAP Ariba organizational requirements.
  • Interpret results and validate adequacy, reliability and effectiveness of controls.
  • Work with business owners on remediation plans that address identified gaps based on severity of risk and non-compliance.
  • Identify, document and elevate visibility to information risk that creates potential for exposure to the company.
  • Supports the continued development and maintenance of the SAP Ariba Security and Privacy and Compliance Framework.
  • Apply COBIT5, COSO, ITIL, ISF, OWASP, ISO 27K or NIST frameworks to all documentation and remediation efforts



To be successful, the ideal candidate must be passionate about our customers, partners and technology. Success will depend upon building rapport and credibility with multiple stakeholders across SAP Ariba. As a key player in Cyber Security, this candidate will have opportunities to support and contribute to goals and initiatives that ensure the secure usage of technology, industry standards, and best practices.


  • 5+ years of experience in information security audits and risk assessments.
  • Knowledge of Cloud Security concepts, techniques, tools, methods and best practices including DLP, encryption, vulnerability management, GRC, segregation of duties, IT infrastructure and software change management, security, availability, incident handling, and data transmission integrity.
  • Understanding of technology use, trends and risks as it applies in a business context and environment.
  • Ability to communicate complex security risks to non-technical staff
  • Ability to develop and track key performance indicators (KPIs) and metrics for benchmarking and operational success.
  • Strategic mind-set to ensure a clear focus on the go forward agenda and the ability to apply risk based decisions balancing cost/opportunity and risk.
  • Strong knowledge of at least two key security frameworks and standards like, but not limited to SOC 2, PCI-DSS, ISO 27001, NIST,  FedRAMP, HITrust, OWASP, ITIL, and SOX.
  • Knowledge of international and U.S. regulatory requirements such as HIPAA, ITAR, GDPR, and China Cybersecurity Law

    The ideal candidate will have the following qualities:

  • Business acumen and track record of working with internal teams and external parties to see the “big picture”, understand technical architectures, perform gap analysis against requirements and achieve business goals.
  • Knowledgeable in Cloud Security, Application and Web Application Security and the concepts, techniques, tools, methods and practices used to secure them.
  • Demonstrated self-starter qualities of independence, initiative and creativity.
  • Organized and execution/results oriented with excellent planning and multi-tasking abilities.
  • Strong verbal and written communication skills and ability to influence others.



  • Bachelor’s Degree in MIS, Computer Science, or other related field, with focus on Information Security.
  • Industry certifications including relevant SANs, CISSP, CRISC, CISM, CISA, or CCSP


*Location:  Planto, TX, Newtown Square, PA, or Palo Alto, CA




To harness the power of innovation, SAP invests in the development of its diverse employees. We aspire to leverage the qualities and appreciate the unique competencies that each person brings to the company.

SAP is committed to the principles of Equal Employment Opportunity and to providing reasonable accommodations to applicants with physical and/or mental disabilities. If you are interested in applying for employment with SAP and are in need of accommodation or special assistance to navigate our website or to complete your application, please send an e-mail with your request to Recruiting Operations Team (Americas: [email protected] or [email protected], APJ: [email protected], EMEA: [email protected]). Requests for reasonable accommodation will be considered on a case-by-case basis.

Additional Locations

Full time
Plano, Texas 75023, US