SAP NS2 Information Security Compliance Specialist

At SAP, we enable you to bring out your best. Our company culture focuses on collaboration and a shared passion to help the world run better. We prioritize building the foundation for tomorrow and creating a workplace that embraces differences, values flexibility, and aligns with our purpose-driven and future-focused work. We offer a highly collaborative, caring team environment with a strong focus on learning and development, recognition for individual contributions, and a variety of benefit options.

Position: SAP NS2 Information Security Compliance Specialist

Security Analysts (SA) will work as members of the SAP NS2 cyber team. They will assist with creating, updating, and maintaining FedRAMP-required security documentation, artifacts, and Continuous Monitoring (CONMON) requirements such as the Plan of Action and Milestones (POAM). They will also support the Cloud Operations team in identifying and addressing known vulnerabilities. Additionally, SAs provide advisement on changing regulatory, government, and Cloud/FedRAMP policies, including risk assessments, business impact analysis, system categorization, security authorization, and accreditation activities (A&A), security control inheritance, and other artifacts to validate SAP NS2 control compliance.

Required Skills:

• Ability to understand and document information system specifications and security controls, including diagrams and data flow representations.
• Advisement skills for stakeholders on policy environments such as NIST RMF and DISA SRG.
• Experience in documenting multiple courses of action and risk mitigation aligned with FedRAMP and SAP NS2 policies.
• Application of enterprise security frameworks like FISMA and NIST SP 800 series.
• Development and updating of policies to ensure FedRAMP compliance and adherence to NIST 800-171 and other DFAR clauses.
• Understanding of enterprise operating environments and security postures.
• Familiarity with FedRAMP, DoD, and NIST security controls and vulnerability management tools.
• Assessment skills related to Cloud System vulnerabilities, accreditation, and patching mechanisms.

Required Experience:

• Knowledge and ability to analyze systems for cybersecurity compliance.
• Experience working in fast-paced, team-oriented environments.
• Understanding of Federal and DoD policies, risk assessment methodologies, and FedRAMP.
• Experience in writing or executing security documentation, including authorization packages and POA&Ms.
• Technical documentation review and editing skills.
• Strong presentation and communication skills.
• Knowledge of DISA STIGs, SRGs, CNSSI instructions, and NIST RMF.
• Understanding of networking technologies and ability to interpret network diagrams using Visio.
• Experience supporting cybersecurity in testing, development, staging, and pre-production environments.
• Knowledge of Privacy Act regulations.

Education and Certifications:

Bachelor’s degree in computer information systems, mathematics, or sciences.

Inclusion and Equal Opportunity:

SAP promotes a culture of inclusion, focusing on health, well-being, and flexible work models. We believe diversity enhances our strength and are committed to equal employment opportunities, providing accommodations for applicants with disabilities. For assistance, contact: Careers@sap.com.

Compensation Range: The annualized salary range for this role is $84,900 - $185,500 USD, dependent on experience, education, location, and other factors. SAP values pay transparency and offers comprehensive benefits. For details, see SAP North America Benefits.

Requisition ID: 424749 | Work Area: Information Technology | Travel: 0-10% | Employment Type: Full-Time | Location: Hybrid, Washington DC