Previous Job
Enterprise Security Consultant
Ref No.: 18-02909
Location: Palo Alto, California
Enterprise Security Consultant - Data Protection and Privacy Analyst
Palo Alto, CA, USA
Contract to Hire

Department: Infrastructure and Security

Ariba, Inc. is the leading provider of collaborative business commerce solutions. Ariba combines industry-leading software as a service (SaaS) technology to optimize the complete commerce lifecycle with the world's largest web-based community to Client, connect and collaborate with a global network of trading partners and expert capabilities to augment internal resources and skills, delivering everything needed to control costs, minimize risk, improve profits and enhance cash flow and operations ? all in a cloud-based environment. Whether you're buying, selling or managing cash, you can do it more efficiently and effectively in the Ariba® Commerce Cloud. Over 300,000 companies, including more than 80 percent of the Fortune 500, use Ariba's solutions to drive more efficient inter-enterprise commerce.

Security and Privacy are vital components of SAP Ariba's success as a cloud company. Our customers entrust us with their Confidential Business Transactional Data and some Personally Identifiable Information because of the value that we add by processing that data for them. SAP Ariba?s Trust Office team is responsible for identifying, assessing and managing threats, vulnerabilities, and associated risks to Ariba?s information assets and resources. This includes providing expertise and operating and maintaining various integrated security technologies to protect the integrity, confidentiality and availability of all information resources throughout a highly distributed cloud environment. Success will depend upon building rapport and credibility with multiple stakeholders across SAP Ariba. As a leader in Cyber Security, this candidate will have opportunities to mentor, support, and contribute to goals and initiatives that ensure the secure usage of technology, industry standards, and best practices. If you want to be a game changer in building confidence in the cloud for our customers, consider joining our team. We are looking for ambitious people who thrive in a dynamic environment, are passionate about security and ready for a challenge.

The Data Protection and Privacy analyst is accountable for the development, implementation, and maintenance of the privacy program across the SAP Ariba products, operations and services, in alignment with the SAP Data Protection and Privacy Office (DPPO) and Legal team. This will involve establishing process and tools for monitoring program compliance; investigation and tracking of incidents and breaches privacy related aspects; providing privacy support for deals and contract negotiations; and helping ensure SAP Ariba compliance with applicable laws and regulations globally including GDPR (EU).
  • Partner with Legal team and DPPO to monitor and interpret the various data privacy laws, regulations, contractual obligations and industry best practices relating to data privacy.
  • Develop and enhance the existing program, policies, procedures and guidance for data privacy to continually improve our compliance.
  • Work closely with Product Management and Engineering on data privacy requirements relating to the design and delivery of products and services and ensure compliance. Implementation of data protection by design and by default in SAP Ariba products.
  • Global, company-wide assessment and tracking of all personal data processing activities within Ariba products and services as well as sub-processors and implementation of required changes. Provide a comprehensive worldwide registry for internal processes where personal data could be processed
  • Develop ongoing data privacy training and communications to all SAP Ariba employees.
  • Collaborate with international stakeholders in order to develop privacy programs tailored specifically for local countries.
  • Address all aspects necessary for compliance including auditing and certification based on ISO 27018, SOC 2 Privacy, BSI, etc.
  • Partner with the Security Operations team to investigate and report inappropriate access and disclosure of personal information. Notify controller, supervisory authority and data subject upon data breaches
  • Perform Data Protection and Privacy assessments for all product, service and infrastructure components through interviews and questionnaires to analyze personal data processing.
  • Evaluate technical and operational threats to the rights of customer users, review control design and implementation evidence, analyze the effectiveness of safeguards, identify gaps, assess and quantify risks, and, manage the risk register and risk mitigation and remediation plans.
  • Implement processes to cover enhanced data subject rights, re-collect consents and update information notices including privacy statement (right to be forgotten, portability of personal data, withdraw a consent, inform about re-purposing of data, purpose of use of data, where to complain, profiling etc.)
  • Advise commercial teams for new software deals and renewals and serve as an escalation path in the negotiation of privacy aspects of customer agreements.
  • Maintain documentation and reporting on SAP Ariba privacy program.

To be successful, the ideal candidate must be passionate about our customers, partners and technology. Success will depend upon building rapport and credibility with multiple stakeholders across SAP Ariba. As a leader in Privacy, this candidate will have opportunities to mentor, support, and contribute to goals and initiatives that ensure the secure usage of technology, industry standards, and best practices.
  • 5+ years of experience in data protection and privacy compliance and risk management.
  • Understanding of technology use, trends and risks in a business context and environment.
  • Demonstrated experience working with regulatory requirements and standards (PCI-DSS, SOC 2, BSI, GDPR etc.) and frameworks (ISO 27000, COBIT, ITIL, NIST, ISF, OWASP, etc.).
  • Deep understanding of International privacy laws, regulations and best practices.
  • Experience in building and maintaining privacy programs and controls.
  • Technical writing skills to prepare the required process and policy documentation based on discussions with subject matter experts
  • Must have a strategic mind-set to see the ?big picture? and ensure a clear focus on the go forward agenda and the ability to make decisions balancing cost/opportunity and risk.
  • Strong verbal and written communication skills and ability to influence others

The ideal candidate will also have the following qualifications and skills:
  • Excellent planning ability and business acumen.
  • Impeccable ethics and judgement.
  • Demonstrated ability to learn quickly, prioritize multiple urgent tasks, and deliver results in a fast-paced environment with extremely tight deadlines.
  • Must be organized and goal/execution oriented

  • Bachelor's Degree in MIS, Computer Science, or other related field.
  • At minimum one of the following industry certifications: CIPP, CIPM and/or CIPT

Ariba, Inc. is an EEO/Affirmative Action employer and does not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, disability, veteran status, or any other protected category.

Thanks & Regards
Pawan Kumar

** 10 time INC 500/5000, 10 time BBJ "Pacesetter ", 5 time SIA-fastest growing**
Pawan Kumar| Technical Recruiter |
TalentBurst, Inc.
Boston | San Francisco | Miami | Tampa | Toronto | New Delhi | Bangalore
Work: 647 559-2730, Mobile:414 214-1492| Email:
679 Worcester Road | Natick, MA 01760 |
Certified Minority Business Enterprise (MBE)