Security and Privacy Manager - Venlo, Netherlands
Posted on Oct 28, 2019 by TechNet IT Recruitment (Permanent)
Security and Privacy Manager required on a permanent basis for a leading retail client in Venlo, Netherlands.
Location: Venlo, Netherlands
Salary: Competitive + benefits
Skills and experience:
- Previous experience in an Security and Privacy Management role (or similar).
- Confident, strict and precise in matters of access and identity maintenance and does not allow non-compliance
- Good understanding of ITIL
- Experience of working in an Agile environment (Kanban, Scrum)
- Experience of working with ITSM tools; knowledge of ServiceNow an advantage
- Knowledge of security management concepts; understanding of ISO 27001 advantageous
- Understanding of how to build and maintain roles in Oracle and is able to perform administrative tasks in Functional Setup Manager (FSM) and Oracle Identify Manager (OIM) is highly desirable.
- Experience of providing ERP security & compliance support to finance teams and a good understanding of OTC, PTP and RTR functions is highly desirable.
- To quickly get to grips with the challenges the company has in bringing the ERP/Financial CoE live, with effective application security and compliance support and communications processes
- To drive applications security and compliance service excellence and manage expectations, continually refining governance and processes to improve overall quality and efficiency
- To create and manage the development of policies and procedures, outlining how security and compliance is applied, that the processes and procedures are documented adhered to, regarding how breaches of, or potential breaches of security and compliance are recorded and that corrective actions are identified and applied, ensuring that such documentation is electronically stored and easily referenced in the documentation repository and KDB.
- Non-compliance and security incident management processes - define how this works within the CoE team & how the non-compliance and security incident management processes flow from CoE into other teams
- Applications security and compliance Change Management - define how this works, to account for patch updates/revision upgrades from Oracle, enhancement requests from the business and in collaboration with HR, follow due process to ensure timely and correct access adjustments associated with changes in functional roles eg new starters, movers and leavers etc.
- Define/agree sensible and SLAs/OLAs and set up appropriate KPIs to assist in identifying opportunities for security and compliance process enhancements
- To understand the structure of the company's organisation and how it relates to Oracle's access and identity management and is able to ensure that changes in job positions/HR will be translated to the right Oracle roles/authorisations
- To support the business in determining adjustments in access rights/authorisations that occur due to changes in the process and perform these role adjustments accordingly
- To analyse and evaluate security and compliance risks and prevent these in collaboration with the support teams and the business
- Works together with the business and other Oracle Experts to adjust approval flows in case of changes in the business processes or business authorisations eg Delegation of Authority
- To build and deliver regular reports to the IT Director, Corporate Services; Head of ICT and other key stakeholders as required, including an audit summary of periodic access checks; application security and compliance risks and status; and a summary of occurring breaches and corrective actions taken, overall providing insight and recommendations
- Work with the Service Delivery Manager and Oracle Technical Expert to maintain the security & compliance knowledge database (KDB) and known error database (KEDB) to support the efficiency of the team
- To ensure all security & compliance ERP/Financial technology/process risks are logged in the Risk Register, helping to identify and apply mitigating actions to reduce or eliminate the risk (probability and impact)
About the role:
Ensure that the right people in the company have the correct access and authorisation levels in the applications in scope for the corporate functions eg Oracle, Concur, Workday, Manual Master, Spark, etc. The role also ensures compliance of the applications, adhering to rules and regulations such as segregation of duties. You will support the company in compliance and security from an Oracle perspective and will monitor and report on adherence to agreed governance.
You will ensure that all users are aware of and understand the Oracle security and compliance requirements and governance within the parameters of their role and their responsibility to comply as appropriate. The role includes being the first point of contact for Oracle security and compliance breaches and to facilitate the quick resolution of such issues, working with the Service Delivery Manager and other support teams to complete root cause analysis, ensuring that any gaps in processes and application security vulnerabilities are identified and tracked, ensuring that closure and agreed follow-up actions are managed to completion.