Federal Security Operations (FSO) Manager-FedRAMP
We help the world run better
At SAP, we enable you to bring out your best. Our company culture is focused on collaboration and a shared passion to help the world run better. How? We focus every day on building the foundation for tomorrow and creating a workplace that embraces differences, values flexibility, and is aligned to our purpose-driven and future-focused work. We offer a highly collaborative, caring team environment with a strong focus on learning and development, recognition for your individual contributions, and a variety of benefit options for you to choose from.
Job Overview
The Federal Security Operations Manager will operate as a contributing member of ISBN (Intelligent Spend and Business Network) Product Security Federal Operations team, with responsibility for tracking security requirements, remediations, risk management, reporting, and accreditation of ISBN’s Federal Product Line offerings for the U.S. Government.
Successful candidates for this role must be comfortable taking a cross-functional coordination role to drive the research and implementation of security solutions, data analysis, and strategic security reporting. The candidate must have deep knowledge of and experience with Federal security regulations such as Federal Risk and Management Authorization Program (FedRAMP), CMMC, A and Federal Information System Modernization Act (FISMA).
The Federal Security Operations Manager-FedRAMP works under the direction of the
Information System Security Officer (ISSO), and coordinates with Technical Program Managers, Project Managers, Subject Matter Experts and other key stakeholders cross-functionally on the maintenance of the System Security Plan (SSP)/supporting Plan of Actions and Milestones (POA&M) development / Developing Key Metrics/Driving Stakeholder commitment and leading program strategy for deliverables. The FSO Manager will ensure accuracy in metric reporting, remediation activities, risk management framework analysis, and serves as the primary POC for operational concerns, ensuring that federal operations security requirements are identified and included in all new risk management framework revisions and requirements.
Responsibilities
- Comfortable maintaining professional communications with U.S. Government customers regarding issues, investigations, and emergency directives.
- Assists in programmatic discussions around security requirements and solutions with the ability to apply those concepts and applicable tooling to support business needs.
- Primary duty is ensuring the daily program functionality of the Federal Concur Travel and Expense environment and serving as the Security Operations SME for Agency customers.
- Supports the development and maintenance of system Plan of Actions and Milestones(POA&M), and supports analysis of vulnerability scan results, risk exceptions, and Acceptance of Risk (AoR) / Operational Requirement (OR) deviation reporting as necessary.
- Lead FedRAMP annual accreditation process with facilitating stakeholder compliance.
- Support updates to other accreditation package documentation as necessary to include but not limited to Continuous Monitoring Plan, Configuration Management Plan, Business Continuity Disaster Recovery Plan, Supply Chain Risk Management Plan, etc.
- Supports investigations of potential security incidents.
- Drive security tasks to completion and ensure appropriate ticketing requirements.
- Be aware of and comply with all corporate polices.
- Identifies and escalates potential issues around processes or technology when appropriate.
- Review/analyze data visualization with existing tools such as Tableau, Microsoft Power BI and Atlassian, etc.
- Develops reports or other written communication to support leadership to include: ISSO, ISSM, Director of Federal Information Security.
- Supports security requirements and engages with a variety of cross functional teams.
Education, Experience and Training Required
- BS in Information Systems, Information Security, or equivalent with major coursework in Information Systems, Information Security and Operations.
- 10+ years in Information Technology or Information Security, Project Management, Digital Analysis, and Federal Program Development
- Technical security certifications or project management certifications such as SEC+, COMPTIA, Scrum and Agile certs desired
- Experience managing federal compliance security deliverables.
- Experience evaluating and creating functional analysis documents.
- Comfortable speaking and presenting to Senior leadership.
- Experience with program management in a Software as a Service (SaaS) solution.
- Experience integrating and implementing solutions in a multivendor enterprise environment.
- Demonstrated understanding of the most current revision of the National Institute of Standards and Technology (NIST) cybersecurity standards.
- Demonstrated understanding of one of the following: Federal Risk and Management Authorization Program (FedRAMP) and/or Federal Information System Modernization Act (FISMA).
- Familiarity with System and Organization Controls (SOC) and Payment Card Industry Compliance (PCI) frameworks.
- All offers of employment are contingent on standard background checks. This position will support a federal government contract. Applicants must be able to obtain and maintain a position of Public Trust security clearance as required of federal government contractors to include a background check conducted by the U.S. Government to determine eligibility and suitability for federal contract employment for public trust or sensitive positions. For this level of clearance, applicants must possess U.S. citizenship and be located on U.S. territory.
Job Specific Knowledge or Skills
- Understands U.S. Public Sector security best practices, threats, mitigating techniques and evolving security landscape.
- Management of key components of Risk Management Framework (RMF) for accreditation of a software as a service (SaaS) solution.
- Aptitude for translating complex, security subjects into clear, business-oriented communications.
- Experience supporting public and private cloud and data center hosted technologies.
- Ability to work both as part of a cross-collaborative team and individually.
- Knowledge of risk assessment tools, technologies, and methods.
- Ability to make recommendations and decisions independently.
- Other desired technical skillsets or experience include:Network/vulnerability scanning, Federal Information Processing Standards (FIPS), mobile device security management, Privacy Impact Analysis (PIA), Security Impact Analysis (SIA), Cybersecurity strategy, Cybersecurity risk assessments, configuration benchmarks, Disaster recovery and contingency planning, Security penetration testing.
Value Competencies
- Displays passion for & responsibility for securing customer data.
- Encompasses concepts of team cohesion and ability to self-start when required.
- Displays a passion for security and a drive to improve.
- Displays attention to detail.
- Displays high personal and corporate integrity.
- Desire to not only identify and track issues, but also recommend and drive solutions that are compatible with the needs of the business.
Bring out your best
SAP innovations help more than four hundred thousand customers worldwide work together more efficiently and use business insight more effectively. Originally known for leadership in enterprise resource planning (ERP) software, SAP has evolved to become a market leader in end-to-end business application software and related services for database, analytics, intelligent technologies, and experience management. As a cloud company with two hundred million users and more than one hundred thousand employees worldwide, we are purpose-driven and future-focused, with a highly collaborative team ethic and commitment to personal development. Whether connecting global industries, people, or platforms, we help ensure every challenge gets the solution it deserves. At SAP, you can bring out your best.
We win with inclusion
SAP’s culture of inclusion, focus on health and well-being, and flexible working models help ensure that everyone – regardless of background – feels included and can run at their best. At SAP, we believe we are made stronger by the unique capabilities and qualities that each person brings to our company, and we invest in our employees to inspire confidence and help everyone realize their full potential. We ultimately believe in unleashing all talent and creating a better and more equitable world.
SAP is proud to be an equal opportunity workplace and is an affirmative action employer. We are committed to the values of Equal Employment Opportunity and provide accessibility accommodations to applicants with physical and/or mental disabilities. If you are interested in applying for employment with SAP and are in need of accommodation or special assistance to navigate our website or to complete your application, please send an e-mail with your request to Recruiting Operations Team: Careers@sap.com.
For SAP employees: Only permanent roles are eligible for the SAP Employee Referral Program, according to the eligibility rules set in the SAP Referral Policy. Specific conditions may apply for roles in Vocational Training.
EOE AA M/F/Vet/Disability
Qualified applicants will receive consideration for employment without regard to their age, race, religion, national origin, ethnicity, age, gender (including pregnancy, childbirth, et al), sexual orientation, gender identity or expression, protected veteran status, or disability.
Compensation Range Transparency: SAP believes the value of pay transparency contributes towards an honest and supportive culture and is a significant step toward demonstrating SAP’s commitment to pay equity. SAP provides the annualized compensation range inclusive of base salary and variable incentive target for the career level applicable to the posted role. The targeted combined range for this position is 158,000 -268,700 USD. The actual amount to be offered to the successful candidate will be within that range, dependent upon the key aspects of each case which may include education, skills, experience, scope of the role, location, etc. as determined through the selection process. Any SAP variable incentive includes a targeted dollar amount and any actual payout amount is dependent on company and personal performance. Please reference this link for a summary of SAP benefits and eligibility requirements: SAP North America Benefits.
Requisition ID: 409088 | Work Area:Information Technology | Expected Travel: 0 - 10% | Career Status: Professional | Employment Type: Regular Full Time | Additional Locations: #LI-Hybrid
Bellevue, WA, US, 98004
Nearest Major Market: Seattle
Nearest Secondary Market: Bellevue
Job Segment:
Supply Chain Manager, ERP, Operations Manager, Testing, Cloud, Operations, Technology