Federal Security Solutions (FSS) Manager-U.S. Government

We help the world run better

At SAP, we enable you to bring out your best. Our company culture is focused on collaboration and a shared passion to help the world run better. How? We focus every day on building the foundation for tomorrow and creating a workplace that embraces differences, values flexibility, and is aligned to our purpose-driven and future-focused work. We offer a highly collaborative, caring team environment with a strong focus on learning and development, recognition for your individual contributions, and a variety of benefit options for you to choose from. 

The Federal Security Solutions Manager will operate as a contributing member of ISBN (Intelligent Spend and Business Network) Product Security-Federal Operations Team, with responsibility for security, risk management, and accreditation of ISBN federal product line offerings.

Successful candidates for this role must be very comfortable taking a leadership role and drive the research and implementation of security solutions, data analysis, and drive strategic security reporting. The candidate must have deep knowledge of and experience with Federal security regulations such as the Federal Risk and Management Authorization Program (FedRAMP), CMMC, NIST regulations, and Federal Information System Modernization Act (FISMA) regulations.

The FSS Manager works under the direction of the Information System Security Officer (ISSO), and coordinates with Technical Program Managers, Project Managers, Subject Matter Experts and other key stakeholders cross-functionally on the maintenance of the System Security Plan (SSP) / System Security and Privacy Plan (SSPP) and Plan of Actions and Milestones (POA&M). The FSS Manager drives accuracy in the POA&M deliverables by reviewing vulnerability scans, evaluating results, and developing solutions to reduce or remediate the impact of security vulnerabilities. Additionally, the FSS Manager will be paramount in determining security solutions for contractual obligations and new federal regulations.

Responsibilities

• Secondary cybersecurity POC for regular communications with U.S. Government customer and acts in the absence of the ISSO to respond to customer regarding technical issues, investigations, and emergency directives.
• Assists in complex technical discussions around security requirements and solutions for the federal sector with the ability to apply those concepts to current security control planes and make recommendations with documented plans and timelines to align with federal regulations.
• Leads maintenance of the System Security Plan (SSP) / System Security and Privacy Plan (SSPP) and coordinates with key stakeholders cross-functionally to drive updates and maintain accuracy.
• Oversees technical viability of remediations provided in a system Plan of Actions and Milestones (POA&M), and supports analysis of vulnerability scan results, risk exceptions, and Acceptance of Risk (AoR) deviation reporting as necessary.
• Supports investigations of potential security incidents.
• Contributes to security tasks to facilitate completion on time and in line with federal and customer Service Level Agreement deadlines.
• Be aware of, and comply with, all corporate polices.
• Identifies and escalates where appropriate potential issues around process or technology.
• Review/analyze data from security tooling to include vulnerability scanning, configuration management, SEIM logging and CloudTrail/CloudWatch console, Software Inventory, SBOM, and Eol/EoS data.
• Develops reports or other written communication to support leadership to include:ISSO, ISSM, Director of Federal Information Security
• Supports security requirements and engages with a variety of cross functional teams.

Education, Experience and Training Required

• BS in Information Systems, Information Security, or equivalent experience.
• 10+ years in Information Technology or Information Security.
• Technical security certifications such as the CISSP, CAP, CISA, Security+ or similar.
• Experience securing and accrediting cloud hyperscaler hosted systems and services.
• Experience with technical security solutions in a Software as a Service (SaaS) solution.
• Experience integrating and implementing solutions in a multivendor enterprise environment, specifically Federal and Quasi-Federal Contractor systems.
• Demonstrated understanding of the most current revision of the National Institute of Standards and Technology (NIST) 800-53 standards, Federal Risk and Management Authorization Program (FedRAMP), Federal Information System Modernization Act (FISMA) and Payment Card Industry Compliance (PCI).
• All offers of employment are contingent on standard background checks. This position will support a federal government contract. Applicants must be able to obtain Public Trust security clearance as required of federal government contractors to include a background check conducted by the U.S. Government to determine eligibility and suitability for federal contract employment for public trust or sensitive positions. For this level of clearance, applicants must possess U.S. citizenship and be located on U.S. territory.

Job Specific Knowledge or Skills

• Understands U.S. Public Sector security best practices, threats, mitigating techniques and evolving security landscape.
• Technical management of some or all software and hardware remediation requirements for key components of Risk Management Framework (RMF) for accreditation of a software as a service (SaaS) solution.
• Knowledge of configuration baselines to include STIGs/CIS L2 Benchmark requirements and the ability to translate the requirements to ensure operational capability of security tooling required for business operations.
• Experience supporting public and private cloud and data center hosted technologies.
• Working knowledge of DoD, and Federal Civilian regulatory requirements.
• Ability to work as part of a team and individually.
• Knowledge of risk assessment tools, technologies and methods.  Ability to make recommendations and decisions independently.
• Other desired technical skillsets include: Network scanning, Mobile device security management, Privacy Impact Analysis, Cybersecurity strategy, Cybersecurity risk assessments, benchmarking, Disaster recovery and contingency planning, Security Test & Evaluation (ST&E).

Value Competencies

• Displays passion for & responsibility for securing customer data.
• Displays a passion for security and a drive to improve.
• Displays high personal and corporate integrity.
• Displays drive to continue to increase technical acumen and knowledge to remain current with technologies and federal requirements.
• Encompass concepts of team cohesion but also have the ability to self-start when required.

​

Bring out your best

SAP innovations help more than four hundred thousand customers worldwide work together more efficiently and use business insight more effectively. Originally known for leadership in enterprise resource planning (ERP) software, SAP has evolved to become a market leader in end-to-end business application software and related services for database, analytics, intelligent technologies, and experience management. As a cloud company with two hundred million users and more than one hundred thousand employees worldwide, we are purpose-driven and future-focused, with a highly collaborative team ethic and commitment to personal development. Whether connecting global industries, people, or platforms, we help ensure every challenge gets the solution it deserves. At SAP, you can bring out your best.  

We win with inclusion

SAP’s culture of inclusion, focus on health and well-being, and flexible working models help ensure that everyone – regardless of background – feels included and can run at their best. At SAP, we believe we are made stronger by the unique capabilities and qualities that each person brings to our company, and we invest in our employees to inspire confidence and help everyone realize their full potential. We ultimately believe in unleashing all talent and creating a better and more equitable world.
SAP is proud to be an equal opportunity workplace and is an affirmative action employer. We are committed to the values of Equal Employment Opportunity and provide accessibility accommodations to applicants with physical and/or mental disabilities. If you are interested in applying for employment with SAP and are in need of accommodation or special assistance to navigate our website or to complete your application, please send an e-mail with your request to Recruiting Operations Team: Careers@sap.com.
For SAP employees: Only permanent roles are eligible for the SAP Employee Referral Program, according to the eligibility rules set in the SAP Referral Policy. Specific conditions may apply for roles in Vocational Training.

EOE AA M/F/Vet/Disability

Qualified applicants will receive consideration for employment without regard to their age, race, religion, national origin, ethnicity, age, gender (including pregnancy, childbirth, et al), sexual orientation, gender identity or expression, protected veteran status, or disability.

Compensation Range Transparency: SAP believes the value of pay transparency contributes towards an honest and supportive culture and is a significant step toward demonstrating SAP’s commitment to pay equity. SAP provides the annualized compensation range inclusive of base salary and variable incentive target for the career level applicable to the posted role. The targeted combined range for this position is 117,300 - 246,400 USD. The actual amount to be offered to the successful candidate will be within that range, dependent upon the key aspects of each case which may include education, skills, experience, scope of the role, location, etc. as determined through the selection process. Any SAP variable incentive includes a targeted dollar amount and any actual payout amount is dependent on company and personal performance. Please reference this link for a summary of SAP benefits and eligibility requirements: SAP North America Benefits.

Requisition ID: 409085 | Work Area:Information Technology  | Expected Travel: 0 - 10% | Career Status: Professional | Employment Type: Regular Full Time | Additional Locations: #LI-Hybrid

​