Head of SAP Security (m/f/d)

METRO is a leading international food wholesaler which specialises in serving the needs of hotels, restaurants, and caterers (HoReCa) as well as independent merchants (Traders). Around the world, METRO has approx. 15 million customers who benefit from the wholesale company’s unique multichannel mix: customers can purchase their goods in one of the large stores in their area as well as by delivery (Food Service Distribution, FSD) – all digitally supported and connected. In parallel, METRO MARKETS is being developed as an international online marketplace for the needs of professional customers which has been growing and expanding continuously since 2019. Acting sustainably is one of the company principles of METRO which has been listed in various sustainability indices and rankings, including MSCI, Sustainalytics and CDP. METRO operates in more than 30 countries and employs over 85,000 people worldwide. In financial year 2023/24, METRO generated sales of €31 billion.

At METRO, we have set ourselves ambitious goals with our “sCore” growth strategy which is closely accompanied by our Fundamentals. These shared values provide us with rules of conduct that are binding for everyone at METRO, in all countries and companies. Our commitment to wholesale is at the forefront of our mission, and we are constantly striving to improve. With our ONE METRO spirit, everyone stands together, bringing curiosity, determination, courage, drive, commitment, and trust. Find out more about METRO at careers.metroag.de.

The purpose of the Head of SAP Security is to oversee and drive the definition, implementation, and strategic direction of SAP Security across METRO. The role of SAP Security Head oversees the security framework and ensures the protection of SAP applications across METRO. This role requires strong leadership and technical expertise in SAP systems, security protocols, and risk management.

Key Task:

Security Strategy & Governance:

• Develop and implement a comprehensive security strategy and governance for SAP applications in use across METRO (e.g., SAP S/4HANA, SAP ERP, SAP Fiori, etc.).
• Engage, support and educate SAP system owners and business  process owners in different METRO entities about their roles and responsibilities and in implementing METRO requirements
• Establish and enforce security policies, standards, and procedures for SAP systems.
• Lead risk assessments and threat modeling of SAP applications.
• Ensure compliance with industry regulations and security frameworks (e.g., GDPR, SOX, ISO 27001, NIST)

Security Architecture & Risk Management:

• Define and enforce security architecture for SAP landscapes to ensure the confidentiality, integrity, and availability of data.
• Monitor and analyze potential vulnerabilities within SAP systems and third-party applications.
• Lead vulnerability management initiatives for SAP applications (patching, remediation, etc.).
• Implement and oversee access control systems, authentication protocols (e.g., SAML, Single Sign-On), and role based access control (RBAC) for SAP users.

Auditing and Compliance:

• Collaborate with internal and external auditors to meet compliance requirements.
• Ensure SAP systems adhere to relevant security regulations and best practices.

Security Tools & Technology:

• Implement and manage security tools specific to SAP environments (e.g., SAP GRC, SAP Solution Manager, SAP Security Optimization Service).
• Keep abreast of new security technologies and methodologies to enhance SAP security posture.

SAP Systems Knowledge: Deep understanding of SAP applications, modules, and platforms (e.g., SAP S/4HANA, SAP ERP, SAP Fiori, SAP BW).
Application Security: Expertise in securing applications, particularly within complex enterprise environments like SAP.
Risk Management: Ability to assess, prioritize, and mitigate risks related to SAP applications.
Security Standards and Compliance: Knowledge of security regulations and compliance frameworks (ISO 27001, SOC 2, NIST, GDPR).
Security Standards and Compliance: Knowledge of security regulations and compliance frameworks (ISO 27001, SOC 2, NIST, GDPR).

• Bachelor’s degree or similar qualification in information security, Cybersecurity, Computer Science, or a related field. Master’s degree is a plus.
• SAP Certifications (e.g., SAP Security, SAP GRC).
• Security Certifications (e.g., CISSP, CISM, CISA, or equivalent).
• 8+ years of experience in Information Security, with at least 5+ years in SAP security management.
• Proven experience in leading security operations within SAP environments.
• Experience with cloud-based SAP solutions (e.g., SAP S/4HANA on Cloud) is a plus.
• Strong leadership skills to lead and motivate a team of SAP professionals, including developers, product owners and BAU Operations Team.
• Effective communication with technical and non-technical stakeholders to articulate SAP Security strategies, policies, and issues.
• Strong documentation skills for creating policies, procedures, and reports.
• Ability to inspire and motivate the IAM team to achieve departmental and organizational goals.
• Ability to provide clear direction, set expectations, and foster a positive work environment.

• Work-life balance: Flexible working hours with the option of mobile working in agreement with your line manager, 30 days of holidays.
• Training: A comprehensive training offer via our own training center or externally.
• Well-being: Health days with lots of health checks and information about your well-being, company medical care including a range of preventive services, such as flu shots, OTHEB employee assistance program. 
• Exciting life on campus: Free gym and sports classes, Rioba coffee bar, canteen with discounted meals for employees, many campus events.
• Discounts: discounted Jobticket as well as discounts in our wholesale stores and at many partner companies.
• Comfort: Good transport connections, free parking spaces, JobBike. 
• Company pension plan: You will receive a contribution to your company pension. 
• Family driven: Three daycare centers for children on campus, support of holiday camps for children of employees.