CHIEF APPLICATION SECURITY OFFICER / LEAD SECDEVOPS ENGINEER (F/M/D)

Have you always wanted to build up a multi-million company and really understand and experience what it takes to run a business? But working in a start-up feels too risky for you? Do you like to be fully responsible for your area of expertise and are comfortable with making decisions that shape the business environment of more than 1.000 colleagues? If your answer is yes, we have a unique opportunity for you.

We are SAP Fioneer a strategic partnership between SAP and the investment company DEDIQ. Our vision is to become a leading global provider of Financial Services software solutions and platforms. We enable customers to innovate and transform their business by combining premier technology with development expertise and a broad ecosystem of partners.

We went live on September 1, to build on a great portfolio of products, a big customer base, sustainable funding, and operations in 13 countries around the globe. The only thing that is missing is you, helping us to define our long-term strategy and build a state-of the art corporate center to ensure our business success.

Possible working locations for this role are Central Europe (Germany, Austria, Switzerland) at our office locations or home office combined with a willingness to travel (Local working permit required).

YOUR RESPONSIBILITIES

  • build the right working model for SAP Fioneer. How can we ensure Security of cloud solutions, applications and products we build and deliver for the Financial services industry around the globe?
  • establish and lead Application Security Operations in a shift-left approach defining guard rails, methods and automation tooling incl. Thread modeling, Security by Design, Privacy by Design, Vulnerability Management, Open Source security, Service dependency governance, CI/CD pipelines, code reviews, static and dynamic code testing, DevOps red-teaming 
  • implement AppSec automation for continuous assurance along the SSDLC and DevOps cycles
  • act as a business partner to enable the Sec in SecDevOps
  • collaborate closely with engineering and other teams to conduct regular security assessments including vulnerability assessments, penetration testing, deeper design reviews and code reviews
  • establish and certify the Information Security Management System (ISMS) and Quality Management System (QMS) based on industry standards incl. ISO9001, ISO27001, ISO27034 and NIST Secure Software Development Framework (SSDF)
  • collaborate effectively with Data Privacy and Information Security and DevOps functions on an integrated automated policy control and reporting framework
  • support the Customer Office with Security expertise and enablement.

YOUR PROFILE

  • Bachelor, Master, MBA or similar qualified education 
  • Minimum of 10 years professional experience
  • 5+ years of experience in modern AppSec in software industry or leading consultancy 
  • Entrepreneurial mind-set
  • High motivation to build up a business from scratch and take long term ownership
  • “Get things done” attitude and hands-on experience
  • Strong organizational and interpersonal skills
  • Team leadership experience and passion
  • Excellent written and verbal communication skills in English; additional languages are an advantage
  • A sense of humor

WHAT WE OFFER

  • Start-up vibes embedded in a secured environment
  • Opportunity to make your own decisions
  • Freedom of acting straightforward: Implement your concepts throughout SAP Fioneer
  • Be part of a small, high-performance corporate center team and create new ways of steering successful companies