Information Technology

Third Party Risk Analyst

Requisition ID: 335970
Work Area: Information Technology
Expected Travel: 0 - 10%
Career Status: Professional
Employment Type: Regular Full Time
Career Level: T3
Hiring Manager: Corinne Gradler 
Recruiter Name: Saurabh Prasad
Additional Locations:


As a Third Party Information Security Compliance Specialist on the Third Party Risk Management Team you will play an integral role in managing the ongoing enterprise program as well as working with stakeholders across SAP to enhance its maturity. The TPRM team’s function is to identify, assess, mitigate, monitor, and report on third party risks to SAP. The goal is to secure customer trust and protect SAP’s reputation by reducing the likelihood of a security incident, business disruption, or unethical actions taken by a third party.


Managing the assessment process:

  • Support all Third-Party Risk Management (TPRM) activities to proactively identify, evaluate, and mitigate cyber security and operational risks.
  • Establish strong partnership with SAP stakeholders and support the facilitation and management of the security risk assessment process and monitoring of remediation plans in accordance with the TPRM standard.
  • Track and monitor the status of assessments and communicate the status with key stakeholders on a regular basis.
  • Participate in the preparation of third-party risk reports to effectively communicate current residual risk status to business stakeholders.
  • Assist in properly classifying the relevance and impact of technical issues identified through ongoing monitoring platforms, such as BitSight or SecurityScorecard. Able to communicate the risk and remediation methods to SAP stakeholders and third parties.

Program reporting

  • Participate in the timely and accurate notification and escalation of actual or potential risks involving third parties.
  • Support the identification and maintenance an on-going list of all critical suppliers while providing status reporting to key stakeholders.
  • Support the delivery of reporting on all aspects of TPRM performance and effectiveness.

Program enhancement

  • Support the continuous assessment of any legal, regulatory, and external certification requirements relating to TPRM.
  • Identify opportunities to improve business resiliency through proactive management of TPRM.
  • Support the collaboration with the global purchasing organization to ensure security requirements are part of the onboarding process and continuously improved based on the ever-changing threat landscape.
  • Support the collaboration with the global legal organization to ensure contractual obligations are met from a security perspective.

Role Requirements

  • University Degree or equivalent (e.g. Risk Management, Cyber Security, Finance, Supply Chain, or Business Administration)
  • Certifications such as CRISC, CISSP, or CISA as well as technical certifications in Microsoft and Linux platforms, as well as networking such as CCNA, CCNP, or Networking+ are a plus.
  • Risk management experience, preferably within TPRM or cyber security profession.
  • Experience with utilizing ongoing Security Risk platforms.
  • Knowledge of TPRM threat scenarios, security controls, concepts, processes and tools.
  • Knowledge of the National Institute of Standards and Technology (NIST) frameworks and NIST controls applicable to supply chain risk management.
  • Excellent communication and presentation skills, both verbal and in writing and an ability to build a network and to collaborate with various teams globally.
  • Fluent in writing and speaking English. Ability to read German and/or Spanish a plus.


We build breakthroughs together

SAP innovations help more than 400,000 customers worldwide work together more efficiently and use business insight more effectively. Originally known for leadership in enterprise resource planning (ERP) software, SAP has evolved to become a market leader in end-to-end business application software and related services for database, analytics, intelligent technologies, and experience management. As a cloud company with 200 million users and more than 100,000 employees worldwide, we are purpose-driven and future-focused, with a highly collaborative team ethic and commitment to personal development. Whether connecting global industries, people, or platforms, we help ensure every challenge gets the solution it deserves. At SAP, we build breakthroughs, together.

We win with inclusion

SAP’s culture of inclusion, focus on health and well-being, and flexible working models help ensure that everyone – regardless of background – feels included and can run at their best. At SAP, we believe we are made stronger by the unique capabilities and qualities that each person brings to our company, and we invest in our employees to inspire confidence and help everyone realize their full potential. We ultimately believe in unleashing all talent and creating a better and more equitable world.
SAP is proud to be an equal opportunity workplace and is an affirmative action employer. We are committed to the values of Equal Employment Opportunity and provide accessibility accommodations to applicants with physical and/or mental disabilities. If you are interested in applying for employment with SAP and are in need of accommodation or special assistance to navigate our website or to complete your application, please send an e-mail with your request to Recruiting Operations Team:
For SAP employees: Only permanent roles are eligible for the SAP Employee Referral Program, according to the eligibility rules set in the SAP Referral Policy. Specific conditions may apply for roles in Vocational Training.

EOE AA M/F/Vet/Disability:

Qualified applicants will receive consideration for employment without regard to their age, race, religion, national origin, ethnicity, age, gender (including pregnancy, childbirth, et al), sexual orientation, gender identity or expression, protected veteran status, or disability.
Successful candidates might be required to undergo a background verification with an external vendor.

Requisition ID: 335970  | Work Area: Information Technology  | Expected Travel: 0 - 10%  | Career Status: Professional  | Employment Type: Regular Full Time   | Additional Locations: #LI-Hybrid.

Requisition ID:  335970
Posted Date:  Jun 23, 2022
Work Area:  Information Technology
Career Status:  Professional
Employment Type:  Regular Full Time
Expected Travel:  0 - 10%

Bangalore, KA, IN, 560066

Job alert

Job Segment: Cyber Security, Compliance, ERP, Network, Cloud, Security, Legal, Technology