Arxada is a global specialty chemicals business that's committed to solving the world's toughest preservation challenges through better science. With a proud history of innovation dating back more than a century, we aim to help our customers develop more sustainable solutions that protect and maintain the health and wellbeing of people and extend the life of vital infrastructure while working to reduce our and our customers' ecological footprint.
Sustainable preservation is one of our top priorities. We are making significant strategic investments that will not only decrease our own environmental footprint, but also help customers adapt to long-term environmental and social change through the development of cleaner, greener solutions.
Position: Information Security GRC Lead Arxada is seeking an Information Security GRC Lead that will own global SAP Authorization and Risk Management. The role requires deep knowledge and experience in risk management, information security governance, risk, and compliance, and process development. This role will interface with various cross-functional stakeholders and ensure that:
Information security controls are defined, documented, and aligned with adopted frameworks, policies, and compliance requirements. Security risks are identified, tracked, and managed. Adopted internal controls are regularly monitored for effectiveness and compliance with the goal of continuous process improvement. Drives and manages the technical delivery of SAP GRC and authorization solutions within the SAP environments to meet new business requirements, audit readiness, and protection from both internal and external threats. Manages the external SAP authorization team (service provider). Works closely with the Internal Audit, Business, SAP Functional support and Basis teams in implementing GRC Access Controls. Works closely with the internal control team and internal IT Application team members to manage new authorization requests and troubleshoot issues and implement appropriate solutions. Works with business and project teams to troubleshoot issues with authorization objects and identify and implement appropriate solutions. Establishes, documents, and ensures adherence to SAP security policies and procedures. Performs routine user access and entitlement reviews, including identification of segregation of duties conflicts. Performs enterprise risk assessments, report results to management, and establish/leverage formal risk tracking and acceptance processes. Establishes information security internal control mappings and ensures alignment with adopted security and compliance frameworks. Performs third party service provider/vendor risk assessments. Develops information security and data privacy policies, standards, and procedures; routinely reviews and updates governance documents. Tracks penetration testing remediation efforts to successful remediation as validated by subsequent follow-up testing. Provides documentation and research assistance, as needed, during information security incident response scenarios. Performs research related to emerging solutions and methodologies that will help the organization reduce risk and evolve with a changing threat landscape. Qualifications & Experience: Experience adopting and implementing risk management, cyber security, and compliance frameworks (e.g., NIST CSF 2.0, ISO 27000-series, Swiss Data Protection Act, EU GDPR, GxP). Knowledge of, or experience working with, cloud technologies/environments, including evaluating and implementing controls on Infrastructure as a Service (IaaS) environments. Analytical thinker with strong organizational skills; attention to detail. Prior use and knowledge of GRC tooling (e.g., SAP GRC or similar). Broad knowledge of both information technology and computer security issues, requirements, trends, and industry practices. Outstanding oral and written communication skills in English. Business fluency in German would be desirable. Arxada is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, sex, sexual orientation, gender identity, age, status as a qualified individual with disability, protected veteran status, or any other characteristic protected by law.
#J-18808-Ljbffr
