• Experience conducting vulnerability assessments, system audits, and risk analysis using industry-standard scanning tools (e.g., Nessus, Azure security tools, Tenable, Burpsuite, etc…) to support a proactive security posture. • Manage and implement continuous monitoring processes to ensure the organization maintains compliance with a variety of information security frameworks, including ISO 27001:2022 and SOC 2 Type II. Experience with government compliance standards such as FedRAMP (NIST SP 800-53) and CMMC is preferred. This role focuses on ensuring robust security practices and adapting to evolving compliance requirements. • Collaborate closely with IT, DevOps, Engineering, and Compliance teams to enforce security policies, procedures, and best practices. • Actively monitor, analyze, and respond to security alerts and incidents, performing investigations, incident handling, and recommending corrective actions. • Provide expert guidance on security matters to support secure development and operations.

• Coinvolgimento in attività di design, integrazione e governance di soluzioni CyberSecurity in contesti enterprise complessi

• Design and implement SAP security and authorization frameworks for SAP S/4HANA Public Cloud. • Define role-based access control (RBAC) models aligned with business processes. • Configure and maintain: Business Roles Business Catalogs Business Spaces Authorization Assignments Fiori Launchpad Access User Access Controls • Ensure secure access to SAP applications and business processes. • Support security design during Fit-to-Standard workshops. • Define authorization concepts aligned with SAP Best Practices. • Support SAP Central Business Configuration (CBC) security requirements. • Perform Segregation of Duties (SoD) assessments. • Identify and mitigate security and compliance risks. • Develop security documentation and access control procedures. • Manage user provisioning, deprovisioning, and access reviews. • Troubleshoot authorization and access-related issues. • Provide post-go-live support and hypercare.

• serves as a cybersecurity Subject Matter Expert (SME) with regards to Assessment and Authorization (A&A) of information systems and all associated cybersecurity policies and procedures. • performs a DOD cybersecurity process while either authorizing an information system or serving as a SME for an information system undergoing authorization. • possesses an understanding of how the security controls identified in the NIST 800-53 apply to the process of assessing and authorizing a large organization’s IT infrastructure such as DLA’s. • determines the applicable severity value for an identified vulnerability (e.g., non-compliant security control). • determines the possible ramifications on the system’s current or future authorization. • briefs senior management on the progress or results of an information system undergoing the Risk Management Framework (RMF) process.