SAP Security Specialist, EU leading logistics provider

SAP Security Specialist, EU leading logistics provider, The Hague

The Group has developed into the leading logistics service provider of reusable standard packaging in Europe.

Comprised of two divisions, each with its own history and own expertise in packaging pooling.

Key figures:

900 employees operating in 38 counties, generating a revenue of approx. €500 Mio.

Company values:

• Drive
• Shared success
• Resourcefulness: ‘listen and learn from the world around you’
• Reliability

Mission:

Drive efficiency in the most sustainable way, together with producers, transporters, processing companies and retailers.

Constantly working towards further standardization and integration of solutions within the logistics processes of its customers, delivering sustainable solutions to maximize circular value.

Team:

The Dutch office is approx. 300 staff, with 17 nationalities.

The ICT Team is comprised of 12 internal team members + 40 externals + service providers.

ICT is split in 3 teams:

• ICT Infra
• Business Application and Integration
• Data Analytics & Insights

Background IT Director:

IT director for 1 year now, prior 3 years as IT Infrastructure Lead, extremely focused on standardization and centralization, team building and IT Security. Which is now the highest priority within ICT, across the Group.

Furthermore, he holds the role of Security Officer and is Certified CISM.

Reason of the vacancy:

The position is currently covered by a Contractor, he needs to be replaced by a Permanent employee (FTE).

Interview with the current contractor (the one who will be replaced):

“I joined 3 years ago, when we had nothing, zero Authorization. We are still not fully there, S4 HANA is next. The focus is on Authorization, now and in the future.

Security Authorization is broad, you can also come from being a specialized EC Consultant, with experience working on challenging projects within ESP, one who can properly safeguard the concept, whilst working independently on projects”.

Potential growth path:

You can internally grow towards Auditing or a preferred/specific domain.

Culture:

Team members are an open book, where you legitimately feel you can ask questions, they actually want you to ask questions to understand your thought process and be able to guide you best.

Reporting line:

In this role you will report to the ICT Integration Manager, who in her turn reports to the IT Director, who in his turn reports to the CFO.

Sustainability:

The ambition has been set to reduce the Carbon footprint for each rotation of their trays and pallets by 20% by 2025, in comparison to the baseline in 2017. To achieve this goal, they are committed to strategic projects that focus on optimizing logistics, green energy and their reusable carriers.

Difficult part:

The difficult part is on the one hand Authorization, setting up roles, SoD and on the other hand taking Risk Management into account.

Having said that, seniority must be on role-based access and Security SAP, the risk part is secondary (they’re not looking for a risk manager).

Some selected topics:

Access rights, how do you deal with them?

How long can you do that and are you sure no data has been sent out?

Has the firefighter sent out info, Security Management, Access rights, but then in the SAP environment?

How to deal with complex environments and oversee impact on Security decisions?

Some selected facts:

The Sec Framework they use: ISO

S4/HANA: upgrade is planned

SAP Sec Tools: Security Weaver (a Pathlock company), the rest is default Security, a hosting party delivers for them

Challenges and responsibilities

• Contribute to internal and external IT assessments, reviews, and audits, through coordination with internal and external auditors
• Managing 3rd party risk
• Risk management on projects or landscape changes - it is more about risk engineering and the set up of the policy side, the execution itself is not a priority, they have someone there for the hands-on part
• Understand SAP infrastructure, application, and its configuration (operating systems, network and database technology)
• Report to management on key findings and assessments
• Carrying Authorization is difficult, people still like to have as many rights as possible, so they also stand for that, so not very easy

This is the bridge to Audit, you must act as a Partner on both sides, i.e. what does the question mean, radiate maturity, etc.

• Knowledge of Audit, implement a role-based access step, they not only look at SAP, but also the rest afterwards

They will work with Security Weaver emergency repair module

Controls are made by an external Consultancy; they have their own matrices

Background:

• An experienced professional with at least 5 years’ experience in SAP Security (no specific sector preference)
• Experience with SAP Authorization and/or Security weaver
• How to perform Security audits on SAP applications
• Experienced with IT Governance and Security standards like COBIT, NIST and ISO
• Knowledge of IT Control execution and coordination

Education:

• BSc or MSc level
• Qualifications in CISA, CISM, OSCP or equivalent are a nice to have

Competencies

• Fluent in English (English is the primary language used), Dutch is big plus.
• You are result-oriented, stress resistant and can motivate a team;
• You work well in a team, but can also work autonomously to deliver on-time
• Advisory and monitoring on (structural) improvements and roadmaps
• Assistance with operational activities related to service management processes
• Understand the essence of processes and can translate it to authorizations
• Feel Ownership in the area of authorization, and convey it to other users and parties in the project, also to the layman (leek)
• You are interested in SAP developments, like S/4 HANA and SAP Cloud, and understand how to secure these developments
• Can-do-mentality and passionate about the most secure Authorization schemes
• Experience with SAP GRC, SAP HANA and other SAP solutions is an advantage
• Important to understand Consulting and how a company operates / Process background

Offer:

• Competitive salary and very good secondary benefits. Challenging projects and the opportunity to help shape the IT Security team à have real impact
• Room for personal development à several trainings per year are offered. Important is to keep developing yourself, individually and in the interest of the company

Quote IT Director: “If in the end you decide to leave the firm, then better to leave in great shape with a good CV”

• Nice colleagues and a truly great working atmosphere
• Company with a sustainable DNA
• Working in the heart of the Food Supply Chain
• Interesting (further) career opportunities à organic growth
• An international working environment
• Flexibility
• Cooperation
• Personal budget for professional development

Salary:

Competitive salary: €70-85k + bonus + car + fringe benefits.

Home Office Options:

Hybrid is possible, they are not that strict on actually being at the office, it is more about efficiency and results à output-driven.

Note: It is advisable/preferred to be more regular at the office in the beginning when you start, this to ensure a smooth landing.

Discrete call:

In case you are intrigued, or you wish to have a discrete call, please contact Boudewijn Vellinga under b.vellinga@greifenberg.nl / +31202247600 (landline) or +31612243196 (mobile).

We’d rather have a dialogue to explain more, than for you to conclude it might not be a fit.

The Greifenberg Team is looking forward to your application.