Date: Mar 25, 2021
Location:Columbus, OH, US, 43202
Company: American Chemical Society
CAS uses intuitive technology, unparalleled scientific content and unmatched human expertise to help companies create groundbreaking innovations that benefit the world. As the scientific information solutions division of the American Chemical Society, CAS manages the largest curated reservoir of scientific knowledge, and for 113 years, has helped innovators mine, assess and apply that information to keep businesses thriving. The CAS team is global, diverse, endlessly curious and strives to make scientific insights accessible to innovators worldwide.
CAS is currently seeking a Security Analyst. This position will be located in our headquarters in Columbus, Ohio.
As our company grows and we expand our team, ACS is looking for exceptional Security Analyst specialized in locking down our corporate assets and network. You'll be joining a team where you have real ownership and a charter to champion best practices, drive change and determine future policy and architecture.
Responsible for securing and administering access to the organization's SAP business system and other business systems. Also responsible for administering access on the organization’s Single-Sign-On (SSO) Identity Provider system. Must be available to address problems during off-hours (i.e., during ACS working hours). Responsible for providing technical assistance in all aspects of information security.
This position requires background knowledge of the organization's business processes and deep technical knowledge of SAP and other applications’ security administration functionality.
The position requires an ability to translate stated business requirements into the minimal access rights needed in order to meet those requirements.
Hands-on experience with SalesForce, PeopleSoft and other business applications, as well as configuring Single-Sign-On for them via an Identity Provider, is also required.
Plans, designs, coordinates, and implements the organization's user and access management for the SAP enterprise resource planning and business warehouse applications;
Protects critical proprietary databases against unauthorized access
Administers the organization’s Identity Provider to provide Single Sign-On access to a variety of business applications;
Ensures that end-user access is properly aligned with and limited to each user's assigned business processes;
Consults with management across divisions and partner organizations to ensure that staff members and/or contractors are authorized according to established procedures and usage guidelines;
Collaborates with Enterprise Business Systems developers to roll out new functionality in response to Business Analysts’ requests;
Troubleshoots and solves users' problems accessing the system or using functionality required for their positions;
Assists SAP Basis Administrator & Enterprise Business Systems developers to support application of software patches and system upgrades, ensuring changes in authorizations required to provide continuous, uninterrupted functionality;
Locks and inactivates access for users who leave the organization or change positions and no longer need access to SAP applications;
Conducts periodic review of users' access and provides input to capacity planning for software budgeting
Responsible for the execution and implementation of the organization's information security strategy/program's daily operations, goals and objectives by developing and monitoring security standards and best practices for the organization. Recommend security enhancements as needed and build solutions to meet those needs as appropriate.
Define, build and track risk ratings, models, and hierarchies to identify the impact, severity, likelihood, and overall risk assessments of identified threats and/or vulnerabilities. Take action decisively and quickly working with various stakeholders on the appropriate tactics.
Provide operational governance for technology and business leadership to help ensure a continued alignment between the information security and privacy program, business architecture, technology architecture and the associated product, project, and program portfolios.
Advises business stakeholders, partners and Technology leadership in the identification, analysis and/or implementations of technologies, scope, requirements, benefits and risks of proposed initiatives/solutions as it relates specifically to information security and privacy goals/objectives.
Proactively works with partners and suppliers to achieve objectives on time and within budget. Directs and/or takes appropriate action when necessary with partners/suppliers to build enterprise class solutions, respond to issues/threats, and/or communicate to stakeholders all utilizing efficient and effective tools and techniques.
Actively engages in the greater information security and privacy community (e.g. peer groups, seminars, conferences, etc.) to help identify new technologies, new techniques and new partners. Demonstrates a positive, proactive and thought leadership attitude to CAS and the greater security community.
7+ years’ of relevant experience is required in SAP
1+ years’ experience user provisioning experience with large organizations products such as SalesForce, PeopleSoft, SAP, etc.
3+ years’ experience with deploying Workforce member SSO/SAML applications
3+ years’ experience working with 3rd Party Auditors
Bachelor's degree in Computer Science, Information Systems, Computer Engineering, Information Security or equivalent is required.
Abilities and Soft Skills
Experience with and ability to implement security best practices
Experience with Windows and Linux operating systems
Able to work independently and as part of a team
Strong interpersonal, written, and verbal communication skills
Demonstrated experience working with a team to solve problems
Ability to focus on and achieving results
Demonstrated reliability and follow through on commitments and assignments
Demonstrate professionalism and courtesy in all interactions
Demonstrated ability to implement security best practices
Experience being an Information Security generalist
Work well under pressure (i.e. a critical system is down)
Solid communications and customer service skills, written/verbal, and the ability to “speak at the audience level”
Nice to have:
Cyber Security Certifications (e.g. CISSP, GIAC certifications, etc.) are preferred.
Recent working experience with the following compliance programs: ISO 27001, PCI-DSS, NIST is required.
CAS offers a competitive salary and comprehensive benefits package, including a generous vacation plan, medical, dental, vision insurance plans, and employee savings and retirement plans. Candidates for this position must be authorized to work in the United States and not require work authorization sponsorship by our company for this position now or in the future. EEO/Minority/Female/Disabled/Veteran
Nearest Major Market: Columbus
Job Segment: ERP, Information Systems, Computer Science, SAP, PeopleSoft, Technology
Equal Opportunity Employer: Minorities/Females/Veterans/Disabled