Roles and Responsibilities
1. SAP Security Policies & Governance
a. Translation of Requirements: Act as the liaison between IT Security / CISO and the SAP Technical Operations team, transforming abstract security mandates (eg, ISO 27001, NIST) into concrete technical SAP parameters.
b. Policy Design: Create and maintain the SAP Technical Security Policy (“Gold Standard”) for system hardening across the end-to-end SAP environment (OS, DB, SAP Backend Application, SAP Client Application).
c. Monitoring: Define KPIs for security status and report to IT Management.
d. Audit Support: Serve as the IT counterpart for audits, penetration tests, and security assessments (internal & external) related to SAP security.
2. Vulnerability Management & Deep-Dive Analysis
a. Technical Evaluation: Perform deep-dive analyses of vulnerabilities (root-cause analysis).
b. Remediation Guidance: Provide the SAP Basis Operations team with clear remediation instructions and act as a quality gate for implementation.
c. Threat Intelligence: Evaluate SAP Security Notes and potential exploits for relevance and impact.
3. Tooling & Application Ownership
a. Application Owner: Full responsibility for SAP Security Management tools (e.g., Security Bridge, Automatics).
b. Configuration: Fine-tuning audit rules to minimize false positives.
c. Automation: Drive automation of security checks within CI/CD pipelines.
4. System Hardening (Non-Authorization)
a. Focus on hardening of the technical SAP platform, including:
– SNC & SSL/TLS
– Gateway Security (SecInfo/RegInfo)
– RFC Security
– Message Server ALS
– Database Hardening (HANA)
– OS Hardening
b. Execute or participate in SAP penetration tests.

Company Profile
We are one of the world’s largest suppliers of systems and components to the food, beverage, and pharmaceutical industries. The international technology group, founded in 1881, focuses on machinery and plants, as well as advanced process technology, components, and comprehensive services.

We are listed in the German MDAX, the European STOXX® Europe 600 Index, and are one of the companies that make up the DAX 50 ESG, MSCl Global Sustainability, as well as the Dow Jones Sustainability World and Dow Jones Sustainability Europe Indices.