Job Description

與我們攜手施展你的超能力！

準備好接受挑戰，探索更多可能性嗎? 我們跟你一樣希望精益求精，持續突破! 我們全球的夥伴熱衷於科技創新，透過我們醫藥保健、生命科學和電子科技業務的解決方案豐富人們的生活。讓我們一起環抱著熱情和夢想關懷我們的員工、客戶、病患和這個世界。這就是我們不斷尋找具備好奇心的新血加入的原因，與我們一起大膽想像各種可能。

我們在電子科技領域裡所做的一切，都是為了能成為眾多企業身後推動數位化生活的推手。我們致力於成為值得信賴的供應商，為電子、汽車和化妝品行業提供高科技材料、服務和特種化學品。我們培養了一個全球協作的組織，每位員工都擁有取勝的熱情、秉持客戶至上的態度、充滿好奇心且行事果決。我們齊心努力突破科學的極限，為客戶創造更多的可能性。

The Senior SAP ERP Security Specialist is responsible for leading the security architecture across SAP S/4HANA and SAP ECC landscapes, ensuring alignment with enterprise security frameworks. This role involves managing user access governance, compliance management, and integrating security controls into critical business processes. Additionally, the specialist will monitor SAP systems for vulnerabilities, conduct risk assessments, and drive continuous improvement in security processes. Collaboration with cross-functional teams and strategic leadership in security governance are key aspects of this position, ensuring effective communication of security risks to stakeholders.

Your Role

Process and System Responsibility

• Enterprise SAP Security Strategy & Architecture Ownership-Own and lead the end-to-end security architecture across SAP S/4HANA and SAP ECC landscapes. Define and govern role design standards, authorization concepts, Fiori security architecture, and cross-system integration controls. Ensure alignment with enterprise security frameworks and business process requirements.

• Access Governance & Compliance Management- Manage user access provisioning, modifications, and de-provisioning in line with internal policies and regulatory standards (e.g., SOX, GDPR where applicable). Perform regular access reviews, SoD analysis, and audit support to ensure ongoing compliance.

• Process Ownership & Security Integration- Act as the security process owner for SAP ERP environments, embedding security controls into business processes such as Finance, Procurement, Supply Chain, and HR. Collaborate with functional teams to ensure secure configuration and change management practices.

• System Monitoring & Risk Management- Monitor SAP systems for security risks, vulnerabilities, and unauthorized activities. Conduct risk assessments, support remediation plans, and ensure timely resolution of security incidents related to SAP ERP platforms.

• Continuous Improvement & Stakeholder Collaboration- Drive continuous improvement of SAP security processes, including automation, Cybesecurity tool optimization, and documentation updates. Provide guidance and training to business users, IT teams, and management on SAP security best practices and governance standards.

• Implement and enforce Zero Trust – enable security principles within SAP ERP landscapes, ensuring strict identity verification, least-privilege access, and continuous authentication across SAP applications, users, and integrated systems. Learn the new trend, threat, and new challenges in cybersecurity area. Like Zero Trust, Double Zero

Leadership and Collaboration

• Security Leadership & Governance Stewardship- Provide strategic leadership for SAP security governance across S/4HANA and ECC platforms. Chair security review boards, define policy standards, and ensure consistent enforcement of global SAP access and control frameworks. Act as the escalation point for critical security and compliance decisions.

• Cross-Functional & Executive Collaboration- Partner closely with Business Process Owners, IT leadership, Internal Audit, Risk & Compliance, and external auditors to align SAP security with enterprise risk strategy. Translate technical security risks into business-impact language for executive stakeholders and steering committees.

• Transformation & Change- Lead security workstreams during SAP implementations, upgrades, rollouts, and S/4HANA and ECC transformation programs. Drive organizational change by promoting secure-by-design principles, influencing stakeholders, and ensuring security requirements are embedded early in project lifecycles

Impact and Performance Management

• Is accountable for the liaison & enablement team’s results, impacting performance of related Cybersecurity Operation teams through effective demand, capacity and change management.

• Defines and tracks key KPIs (e.g., demand throughput, lead times, change success rate, capacity utilization, compliance) and drives performance improvements.

• Develops and applies policies and guidelines to enhance cybersecurity operational efficiency and process consistency in Cybersecurity Operation liaison and enablement.

• Supports resource and capacity planning and provides regular reporting on demand, capacity and change status transparent.

Complex Problem-Solving

• Analyzing skills-Analyzes complex information (e.g., audit findings, security advisories, demand/capacity data, vendor input) to support sound decision-making.

• Sustanable and Reslience solution- Addresses operational challenges across demand, security, testing, release and lifecycle processes with sustainable solutions.

Strategic Impact and Accountability

• Aligns sector needs with organizational capabilities and strategic priorities in the Cybersecurity Operation domain, acting as key advisor on feasibility, impact and trade-offs.

• Ensures that Cybersecurity Operation demand and change portfolios adhere to cost, risk and compliance frameworks and related policies/standards.

Communication and Stakeholder Management

• Owns daily operational performance of the Cybersecurity Operation liaison & enablement team, including demand handling and operational governance.

• Work closely with Internal and External Audit and propose the new updated cybersecurity solution to leadership team.

• Sets clear objectives, manages performance and oversees reward outcomes in line with organizational policies.

• Proactively manages stakeholder expectations across LS, IT DES, sectors and internal teams, ensuring transparent communication on priorities, risks, costs and timelines.

Technology Skills

• Minimum 3 years of experience in SAP solution consulting, with a strong track record in solution design, and full-cycle product implementations.

• Deep understanding of SAP security and authorization concepts, including access control, authentication and data protection.

• Hands-on experience with SAP security administration and risk management (roles/profiles, provisioning, policy maintenance, risk assessment) and relevant security/compliance standards (e.g., NIS, KRITIS, GDPR, SOX).

• Proficiency with test and release management tools, ticketing systems, SAP security tools/transaction codes and ABAP for security-related custom solutions and troubleshooting

• Need the cybersecrutiy knowledge or skills related to SAP framework-OS security, DB security, Firewall concept, SAP Netowrk zone design, Network infra knowledge, Vulnerability, SAP application design security, encryption, Cloud cybersecurity architecture. Data privace and Integrity, Data protection.

• Advanced certifications in SAP Security, SAP Architecture, or Service Management technologies (e.g., SAP Certified Technology Associate)
• Knowledge on SAP DevSecOps- Deep SAP Security & Architecture Expertise, strong knowledge of SAP platforms and security architecture, including: SAP S/4HANA, SAP NetWeaver, SAP BTP, and SAP Fiori, SAP transport management and secure configuration, SAP-specific vulnerabilities and patch management. Integration of Security into DevSecOps Pipelines - Automating SAP code security scans (ABAP, UI5, integrations), Implementing security gates in pipelines, Supporting secure transport and release management, Implement continuous monitoring and compliance controls, SAP security monitoring and logging (SIEM integration), Compliance with standards such as ISO 27001, NIST, KRITS and GDPR, Managing identity governance and access risk analysis.

Who You Are

• Bachelor's degree in Business Informatics, IT technology, or a comparable field.

• Graduate degree in a relevant discipline (IT Technolocy or Computer Science)

• Several years of experience in SAP-based Authorization, BASIS, Cyberscurity, Techical integration and Cyberscurity areas.

• Understanding about SAP system profiles, Authentication, Patching, Secure Network Communication, Encryption, Database security, Infra security.
• Good knowledge on information security policy, cybersecurity issue response, disaster recovery, industrial policy and compliance, physical security, OS security, MFA, Netowrk architecture, vulnerability management, log and monitoring, OWASP Top 10, Secure configuration.
• Proven experience in managing teams and driving operational performance in a technology-driven environment.

• Any certifications-CISSP, CCSP, SSCP and Secruity+ is plus.

• Strong analytical and problem-solving skills, capable of navigating complex issues.

• Excellent communication and interpersonal skills, with the ability to influence stakeholders at all levels.

• Proven ability to develop and implement effective strategies and policies, supported by an in-depth understanding of industry trends, market dynamics, and the competitive landscape.

我們來自不同背景、視角與生活經歷，因對世界的好奇心而聚集在一起。我們深信，多元能夠催生卓越與創新，並持續強化我們在科學與技術領域的領導地位。我們致力於為每一個人創造機會，讓大家能依自己的節奏發展與成長。加入我們，一同打造一個充滿包容與歸屬感的文化，影響數百萬人的生活，攜手推動人類的進步！

立即申請，成為這個致力於激發探索精神、提升人類未來的團隊一員！