Technology Specialist - Security & Quality Assurance

The Digital & Technology Team (D&T) is an integral division of the HEINEKEN Global Shared Services Center. We are committed to making Heineken the most connected brewery. That includes digitalizing and integrating our processes, ensuring best-in-class technology, and embedding a data-driven culture. By joining us, you will work in one of the most dynamic and innovative teams and have a direct impact on building the future of Heineken!

Would you like to meet the Team, see our office, and much more? Visit our website: Heineken (https://heineken-dt.pl/en)

Global Digital & Technology (D&T) has a worldwide responsibility for all IT processes, solutions, and services. The aim is to further enhance HEINEKEN Global Functions.

The Digital Security department is part of TS&O Global D&T and has the overall responsibility of assuring that HEINEKEN’s IT Risks are properly managed, and information assets & technology are properly secured. 

The Security by Design Chapter is a team of highly skilled application security and authorisation specialists that help Agile Products, Functional Domains, and Global Programs achieve compliance with the HEINEKEN Cyber Security Policy. This covers a range of different elements. 

Your responsibilities would include:

• coordinating ERP Domain Product Security & Authorization team activities (IBM), ensuring work is done OTIF in accordance with Heineken Cybersecurity Policy and Security by Design principles
• supporting the ERP Domain Product, Functional, and Technical streams in performing their work in accordance with Heineken Cybersecurity Policy
• overseeing User Management, Role Management, and IT control activities to keep ERP systems secure and in compliance with Heineken Security Standards
• managing Central IT Audits & Security Control Effectiveness Assessment (SCEA)
• driving remediation and mitigation activities based on CITA, SCEA, and internal audit/controls execution findings.
• ensuring ERP Domain works in line with the security roadmap defined by the TS&O Digital Security department
• ensuring operational user management and monitoring across the D&T ERP systems (e.g., mapping SAP IDM / MyAccess Enterprise roles to ERP authorisation roles, supporting user and role attestation process, SoD/CA reviews, etc.)
• challenging D&T and business parties on a technical and functional level in case of potential security breaches.
• escalating to D&T MT level in case of (imminent) security breaches
• aligning regularly with global security governance bodies (e.g., Global Audit, P&CI, and external auditors) on security governance, ownership, and relevant HEINEKEN MT assurance topics, connecting the dots, and translating the general requirements into actual, practical solutions at the ERP level.

You are a good candidate if you have:

• 5+ years of working experience in the work with ERP systems within the Security & Authorizations area.
• excellent understanding and strong security expertise within SAP ECC / S4H, SAP Business Technology Platforms & ERP Microsoft Dynamics Navision / Business Central 365
• practical work experience with GRC, IAM, and SIEM solutions
• general level of functional knowledge of business processes, understanding their importance and relation with ERP application security & authorizations
• knowledge of the NIST Cybersecurity framework, and how this can be applied to ERP security.
• experience in working with auditors, knowledge of audit procedures, audit phases, and techniques of risk management.
• excellent consulting and communication skills to be applied at a large range of different stakeholder levels.
• Agile / Scrum work experience in a big multinational organization
• strong architectural skills (both software and landscape) to understand the impact of the different elements on each other and D&T in general
• Bachelor’s or master’s degree in business information technology or a related field
• good communication skills
• fluent English.

You are a perfect fit if you also have:

• relevant knowledge and certifications in the field of Security of SAP S4H, SAP Business Technology Platforms, SAP Cloud Identity Services, Identity & Access Management, Governance, Risk, and Compliance
• relevant knowledge and certifications in the field of Security, e.g., CISSP / CCSP / CISM / CISA / CRISC / ISO27001 / COBIT 5.

At HEINEKEN Kraków, we take integrity and ethical conduct seriously. If someone has concerns about a possible violation of legal regulations indicated in the Polish Whistleblowing Act or our Code of Business Conduct, we encourage them to speak up. Cases can be reported to the global team or locally (in line with the local HGSS Whistleblowing procedure) by selecting the proper option in this tool or by communicating it on the hotline. #LI-HYBRID

We Offer: