• Coinvolgimento in attività di design, integrazione e governance di soluzioni CyberSecurity in contesti enterprise complessi

• Design and implement SAP security and authorization frameworks for SAP S/4HANA Public Cloud. • Define role-based access control (RBAC) models aligned with business processes. • Configure and maintain: Business Roles Business Catalogs Business Spaces Authorization Assignments Fiori Launchpad Access User Access Controls • Ensure secure access to SAP applications and business processes. • Support security design during Fit-to-Standard workshops. • Define authorization concepts aligned with SAP Best Practices. • Support SAP Central Business Configuration (CBC) security requirements. • Perform Segregation of Duties (SoD) assessments. • Identify and mitigate security and compliance risks. • Develop security documentation and access control procedures. • Manage user provisioning, deprovisioning, and access reviews. • Troubleshoot authorization and access-related issues. • Provide post-go-live support and hypercare.

• serves as a cybersecurity Subject Matter Expert (SME) with regards to Assessment and Authorization (A&A) of information systems and all associated cybersecurity policies and procedures. • performs a DOD cybersecurity process while either authorizing an information system or serving as a SME for an information system undergoing authorization. • possesses an understanding of how the security controls identified in the NIST 800-53 apply to the process of assessing and authorizing a large organization’s IT infrastructure such as DLA’s. • determines the applicable severity value for an identified vulnerability (e.g., non-compliant security control). • determines the possible ramifications on the system’s current or future authorization. • briefs senior management on the progress or results of an information system undergoing the Risk Management Framework (RMF) process.

• Lead a team of risk, compliance, and privacy experts who partner with global technology teams and business leaders in the execution of Ryder’s Information Security Management System • Lead the development and ongoing management of common control and risk management frameworks for measuring the organizational security posture based on industry, regulatory, and customer needs • Serve as a trusted partner to educate and collaborate on information security and risk management best practices with stakeholders in Corporate Compliance, Enterprise Risk Management, Internal Audit, Physical Security and Safety, Legal, and IT • Lead the development and ongoing management of global information security policies and corporate standards throughout the organization that align with industry guidance and result in effective methods to reduce security risks • Lead the development and management of a global third-party risk management program to evaluate new and existing vendors on a regular basis based on their criticality to the business • Lead the development and management of a global information security customer compliance program which facilitates the processes for handling customer requests for information security attestations, audits, on-site reviews, and remediation of security findings • Lead the development and management of a modern, engaging, global information security training and awareness program to provide ongoing information security education to all levels of the organization • Lead the development and management of an IT enterprise risk register to properly catalog, manage, communicate, and assess global IT risks