Hy-Vee, Inc. is an employee-owned grocery store chain with more than 285 retail stores and over 80,000 employees. With sales of more than $13 billion, Hy-Vee ranks among the top 25 supermarket chains and the top 50 private companies in the United States. Its slogan, “A Helpful Smile in Every Aisle,” expresses the foundation of the company’s operating philosophy. Visit itcareers@hy-vee.com to apply or https://innovate.hy-vee.com to learn about all the exciting things our IT organization does! Are you ready to smile, apply today. Employment is contingent upon the successful completion of a pre-employment drug screen.
Associate SAP Security Administrator
Location
United States
Posted
10 days ago
Salary
0
Seniority
Mid Level
Job Description
Associate SAP Security Administrator
Hy-Vee, Inc.
Role Description Provide knowledge of SAP and the administration needs to accommodate technical planning, installation, and user access management. Contributes to moderately complex aspects of a project. Work is generally independent and collaborative in nature. Primary Responsibilities - Participate in small to large SAP implementations. - Contribute to maintenance activities related to security and access management. - Generate access review documents to support internal/external audits. - Ensure compliance to security policies and procedures. - Perform SAP user administration and role development tasks. - Provide security direction to business units and engineers. - Provide security support for system upgrades and testing cycles. - Create and contribute to technical documentation and diagrams. Secondary Responsibilities - Participate in off-hours on-call rotation. - May provide second level troubleshooting support and assistance to other admins and engineers. - Attends and is prepared to participate in department and company meetings. - Performs other job related duties and special projects as required. Qualifications - Demonstrable technical ability to execute system security tasks for SAP and implement strategies for future solutions. - Introductory knowledge of SAP authorization concepts and transactions like SU01, SU10, SU24, SUIM. - Maintain and support a strong SAP security environment. - Provide security reporting on users, roles, and critical object access. - Support security aspects of system builds, upgrades, patching, client copies, refresh, etc. - Introductory experience with the SAP GRC Access Control, segregation of duties, and audit processes. - Introductory experience with implementing and managing core GRC modules ARA, ARM, EAM, BRM. - Define risks, conduct risk analysis, and monitor for continuous improvements and compliance. - Knowledge of implementing SAP Fiori catalog/groups and their relationship with roles. - Excellent communication skills and ability to work with business directly on gathering requirements, designing solutions, and troubleshooting issues. - Building and maintaining up-to-date knowledge about company and industry trends and strategy, and advising customers on approaches to optimize business success. - Change control procedures. - Adherence to regulatory requirements. - Writing technical documentation. - Debugging, troubleshooting, and performing root cause analysis. - Organization skills with the ability to effectively meet deadlines. Requirements - Associates Degree or higher plus 0-2 years in information technology; or related experience. Worker Characteristics - Commitment to the Hy-Vee Mission and a willingness to promote the values of the company. - Excellent verbal and written communication skills. - Excellent interpersonal skills; ability to relate to and interact with other people in a friendly, professional manner. - Ability to identify problems, develop and execute solutions. - Self-starter; willingness to dive in without being instructed. Working Conditions - The duties of this position are performed in a general office setting. - There is the occasional need to travel. - There is frequent pressure to meet deadlines and handle multiple priorities. Equipment Used to Perform Job - Desktop and/or laptop computer. - Third party applications, printers, and telephone. Physical Requirements - Visual requirements include: ability to see detail at near range with or without correction. - Must be physically able to perform sedentary work: occasionally lifting or carrying objects of no more than 10 pounds, and occasionally standing or walking, reaching, handling, grasping, feeling, talking, hearing, and repetitive motions. Confidentiality - Has access to confidential information including payroll, inventory costs, sales, accounts payable and receivable, pharmacy data, e-mail messages, and all data related to operations. Financial Responsibility - Responsible for company assets including maintenance of software solutions. No authority to make purchases or commitments. Contacts - Frequent contact with office personnel in other departments related to the position as well as occasional contact with users and customers. Company Description Hy-Vee, Inc. is an employee-owned grocery store chain with more than 285 retail stores and over 80,000 employees. With sales of more than $13 billion, Hy-Vee ranks among the top 25 supermarket chains and the top 50 private companies in the United States. Its slogan, “A Helpful Smile in Every Aisle,” expresses the foundation of the company’s operating philosophy. Visit itcareers@hy-vee.com to apply or https://innovate.hy-vee.com to learn about all the exciting things our IT organization does! Are you ready to smile? Apply today. Employment is contingent upon the successful completion of a pre-employment drug screen.
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
Security, RMF Lead
Essnova Solutions, Inc.Federal contracting company specializing in technical, geospatial, healthcare, and administrative solutions.
• Maintain System Security Plans (SSPs) as living documents for all NCHS systems, ensuring timely updates after security-impacting changes. • Manage Plan of Action & Milestones (POA&Ms) with quarterly progress reviews, closure evidence, and remediation tracking. • Remediate vulnerabilities within mandated timelines, track findings through closure, and provide retesting evidence. • Prepare Authorization to Operate (ATO) packages—including SSPs, POA&M status, assessment results, and risk analysis—for Authorizing Official review. • Conduct annual security assessments of one-third-plus-key-controls using CSAM or equivalent tools. • Submit monthly authenticated vulnerability and application scan results by the fifth business day. • Coordinate among developers, system owners, and security staff, and liaise with CDC CSPO, NCHS SSPO, and CDC Enterprise Architects. • Follow CDC CSPO Change Management SOP, including security impact analysis for post-ATO changes. • Support implementation of the Risk Management Framework (RMF), FISMA compliance, and OMB directives. • Produce security-related EPLC artifacts for governance and stage-gate reviews. • Lead SSP development during the 30-day transition-in activation sequence and support SSP submission within 30 days of contract award. • Support PTA/PIA activities with CDC privacy officials.
Head of IT Security
NOVENTI Health SE / Berg-am-LaimNOVENTI ist der führende Anbieter von Abrechnung, Software, Finanzdienstleistungen und digitalen Plattformen im europäischen Gesundheitsmarkt. Gegründet vor 125 Jahren umfasst das Unternehmen mit Hauptsitz in München heute über 1.600 Mitarbeitende.
Role Description Sie möchten IT-Security nicht nur verwalten, sondern aktiv weiterentwickeln und strategisch mitgestalten? In dieser Rolle übernehmen Sie Verantwortung für den Ausbau der IT-Sicherheit, führen ein spezialisiertes Team und arbeiten eng mit internen Stakeholdern sowie externen Partnern zusammen. - Die fachliche und disziplinarische Führung eines IT-Security-Teams mit aktuell fünf Mitarbeitenden liegt in Ihrem Verantwortungsbereich. - Gemeinsam mit dem Head of IT-Services und in Abstimmung mit dem CISO entwickeln Sie die unternehmensweite IT-Security-Strategie weiter und sorgen für deren nachhaltige Umsetzung. - Definition, Pflege und kontinuierliche Optimierung von Sicherheitsrichtlinien, Standards und Prozessen. - Verantwortung für das IT-Security-Budget inklusive Investitionsplanung für Tools, Lizenzen und externe Dienstleister. - Interne Fachbereiche beraten in allen Fragestellungen rund um Informations- und Cybersicherheit und fördern eine unternehmensweite Sicherheitskultur. - Identifikation und Bewertung neuer Bedrohungslagen sowie Ableitung geeigneter Gegenmaßnahmen. - Verantwortung für die Sicherheitsarchitektur in den Bereichen Netzwerk, Endpoint, Cloud sowie Identity & Access Management. - Steuerung des externen Security Operations Centers (SOC) sowie externer Dienstleister, Vendoren und Beratungspartner im Security-Umfeld. - Unterstützung des Incident-Response-Prozesses inklusive Krisenkommunikation bei sicherheitsrelevanten Vorfällen. - Verantwortung für Vulnerability Management, Penetrationstests sowie Red- und Blue-Team-Aktivitäten. - Begleitung interner und externer Audits sowie Zertifizierungen und strukturierte Vor- und Nachbereitung. - Enge Zusammenarbeit mit IT-Infrastruktur, IT-Governance, IT-Entwicklung sowie weiteren Fachbereichen. Qualifications - Mehrjährige Berufserfahrung im IT-Security-Umfeld – idealerweise mindestens drei bis fünf Jahre. - Abgeschlossenes Studium im Bereich Informatik, IT-Security oder einer vergleichbaren Fachrichtung oder entsprechende praktische Erfahrung. - Erste Führungserfahrung, beispielsweise in der Leitung eines kleineren Teams. - Weiterbildungen oder Zertifizierungen im Security-Umfeld sind wünschenswert. - Erfahrung in regulierten Branchen wie Factoring oder Financial Services. - Vertrautheit mit regulatorischen Anforderungen und Standards wie DORA, NIS2 oder CRA. - Erfahrung in der Zusammenarbeit mit externen Partnern, Dienstleistern und Vendoren. - Strategisches Denken und Motivation, IT-Security-Strukturen aktiv weiterzuentwickeln. - Kommunikationsstärke, Durchsetzungsvermögen sowie souveränes Auftreten auf unterschiedlichen Ebenen. - Strukturierte Arbeitsweise, Verantwortungsbewusstsein und ausgeprägte Teamfähigkeit. - Reisebereitschaft innerhalb Deutschlands. Benefits - Altersversorgung. - Speziell auf unsere Branche zugeschnittene Konzepte und attraktive Zuschüsse. - Belonio Gutscheine. - Monatliches Guthaben von bis zu 50€ für namhafte Gutscheinpartner. - Individuell planbarer Brauchtumstag als zusätzlichen freien Tag. - NOVENTI bezuschusst das Deutschlandticket mit 25€. - Vergünstigte Mitgliedschaft für Bewegung, Ausgleich und Gesundheit (EGYM WELLPASS). - Fahrradleasing eines hochwertigen (E-)Bikes mit Steuervorteil. - Profitiere von attraktiven Mitarbeiter-Rabattprogrammen. - Frei an Heiligabend und Silvester (HASI-Tag). - 15 Tage pro Jahr mobiles Arbeiten im europäischen Ausland (Workcation). Company Description NOVENTI ist der führende Anbieter von Abrechnung, Software, Finanzdienstleistungen und digitalen Plattformen im europäischen Gesundheitsmarkt. Gegründet vor 125 Jahren umfasst das Unternehmen mit Hauptsitz in München heute über 1.600 Mitarbeitende.
Security Engineer I
UiPathUiPath is a software company specializing in Robotic Process Automation (RPA). As an employer, UiPath looks for resourceful candidates who are self-motivated and passionate about e
• Triage and investigate incidents across SIEM, EDR, network, identity, and cloud telemetry; support containment, eradication, and incident communications under senior guidance. • Contribute to root cause analysis and close the loop with Threat Intelligence and Detection Engineering to produce durable detections, controls, or playbook updates. • Participate in proactive threat hunting across enterprise and cloud telemetry under the direction of senior analysts. • Help maintain IR playbooks and runbooks and participate in drills and tabletop exercises. • Recommend and help tune the detection and response tooling stack (SIEM, EDR, SOAR, case management) in both environments • Actively seek mentorship from senior IR engineers and grow toward independent ownership of incidents over time. • Follow strict procedures and requirements for but not limited to the authorized IR Plan, NIST 800-53 IR controls, CISA notifications, chain of custody, data classification handling, and event classification and reporting requirements.
Head of Security & Risk
decircleTalent Partner for decentralized organizations and projects that are building Web3.
• Build M0’s enterprise risk program from scratch covering security, operational, regulatory, and counterparty risk, including the risk register, annual assessments, scenario analyses, and escalation framework across all entities. • Own M0's compliance posture across SOC 2, ISO 27001, and other applicable frameworks — driving all non-technical workstreams (policy writing, auditor coordination, vendor risk, access reviews, third-party SaaS vendor evaluations) and keeping the organization audit-ready at all times. • Design and maintain M0's incident response framework, ISMS documentation, and security policies — own external security vendor relationships, facilitate tabletop exercises covering IR, BCP, and DR scenarios, and drive the selection of a security advisory firm for on-call support. • Serve as M0's primary point of contact for institutional partner security due diligence and inbound security questionnaires, build and maintain the reusable documentation package for responding to partner requests, and coordinate with Senior Counsel on information security representations in commercial agreements. • Design and own M0's security awareness training program, ensure all employees understand their security obligations, and build a proactive security culture across engineering, operations, legal, and business teams.
