SAP Security Lead

About BridgeBio

BridgeBio is a biopharmaceutical company founded to discover, create, test, and deliver transformative medicines to treat patients who suffer from genetic diseases and cancers with clear genetic drivers. We bridge the gap between remarkable advancements in genetic science in academic institutions and the delivery of meaningful medicines to patients. Founded in 2015, the company has built a portfolio of 20+ drug development programs ranging from preclinical to late-stage development in multiple therapeutic areas including genetic dermatology, precision oncology, cardiology, endocrinology, neurology, pulmonology, and renal disease, with two approved drugs.

Our focus on scientific excellence and rapid execution aim to translate today’s discoveries into tomorrow’s medicines. We have U.S. offices in San Francisco, Palo Alto, and Raleigh, with small satellites in other parts of the country. We also have international offices in Montreal, Canada, and Zurich, Switzerland, and are expanding across Europe.

To learn more about our story and company culture, visit us at https://bridgebio.com

Who You Are

We are actively seeking a seasoned SAP Security Lead to architect and manage the security framework for our SAP S/4HANA Private Cloud Edition, Fiori, Business Technology Platform (BTP), and Cloud Identity Access  Governance (IAG). As part of our RISE with SAP journey, this role is central to driving security strategy, governance, and compliance to ensure our SAP environment remains secure, scalable, and aligned with industry best practices. In this position, you will collaborate closely with cross-functional teams to maintain a robust security infrastructure that supports BridgeBio’s mission of advancing transformative work in the life sciences sector. Experience in a GxP-validated environment is essential to meet the compliance and security requirements across our SAP ecosystem. 

In this role, you will have the opportunity to make a direct impact on BridgeBio’s secure digital foundation, supporting innovations in genetic medicine and patient safety. As BridgeBio continues its growth, you’ll have the chance to expand your leadership and influence within our SAP security landscape. 

Responsibilities

Access Control and Advanced User Management:

• Design and oversee the SAP authorization framework, emphasizing role-based access control, user and role types, and roles/activity groups across SAP S/4HANA Private Cloud, Fiori, BTP, and Cloud IAG
• Advise and manage SAP Identity and Access Control and integration with overall IAM & SSO architecture
• Apply advanced knowledge of SAP’s private cloud security model to manage user administration, ensuring appropriate levels of access while adhering to segregation of duties (SoD) standards
• Collaborate with SAP and third-party vendors to ensure user access configurations align with SAP’s best practices for Private Cloud Edition and are optimized for a cloud-based environment

Compliance and Regulatory Adherence (GxP Validated Environment):

• Define, implement and maintain SAP security policies and procedures to support compliance with SOX, GxP, GDPR, and life sciences industry standards, ensuring all processes meet rigorous requirements for a validated environment
• Develop metrics and dashboards, reporting on the effectiveness of policies, procedures and controls for all SAP Security platforms
• Use SAP tools for access control, risk analysis, and remediation (RAR), applying SoD mitigation strategies specific to private cloud deployment
• Advise supporting processes as the SAP security subject matter expert
• Ensure audit readiness and establish protocols for continuous access review and regulatory compliance specific to SAP’s Private Cloud Edition, with a focus on GxP standards and validated environments

Security Architecture and Solution Design in Private Cloud:

• Serve as a security solution architect, defining SAP security strategies for a private cloud environment and supporting technical designs for cloud security functions
• Assess and address security risks specific to SAP’s Private Cloud Edition, implementing scalable solutions that adhere to cloud security principles and meet complex business and regulatory requirements
• Work closely with cloud operations teams to ensure secure configurations and compliance within the SAP private cloud infrastructure, proactively strengthening security postures
• Deliver guidance, collaborate and partner with IT Security and Infrastructure team on SAP Cryptography, Key Management, and SAP Data Protection

Project Leadership and Security Governance:

• Lead SAP security tasks across full lifecycle projects, from initial workshops and UAT to regression testing, cutover, and hypercare activities, ensuring projects meet both security and compliance needs in a validated environment
• Establish governance processes for role-based access control and SAP’s Cloud IAG, driving periodic access reviews and certifications for continuous security monitoring
• Partner with project teams and consultants to embed SAP security standards in new implementations, upgrades, and change management processes within a private cloud context

Risk Management and Incident Response:

• Implement a risk management framework for SAP private cloud security, identifying potential threats and defining response strategies to mitigate risks, especially in a validated GxP environment
• Serve as the escalation point for SAP security incidents, conducting root-cause analysis, coordinating remediation, and refining protocols to strengthen security across SAP cloud environments
• Actively monitor SAP security alerts and vulnerabilities, enhancing incident response processes tailored to cloud-based SAP architecture

Cross-functional Collaboration and Influence:

• Foster a security-first culture by engaging with cross-functional teams and embedding security best practices into daily operations
• Act as a trusted advisor to business and IT stakeholders, guiding them on SAP security compliance in a cloud-based environment
• Mentor and support team members, sharing expertise on SAP security and compliance best practices

No matter your role at BridgeBio, successful team members are:

• Patient Champions, who put patients first and uphold strict ethical standards
• Entrepreneurial Operators, who drive toward practical solutions and have an ownership mindset
• Truth Seekers, who are detailed, rational, and humble problem solvers
• Individuals Who Inspire Excellence in themselves and those around them
• High-quality executors, who execute against goals and milestones with quality, precision, and speed

Education, Experience & Skills Requirements

• Bachelor’s degree in Information Technology, Computer Science, or a related field
• 8+ years of experience in SAP Security, with a strong background in S/4HANA Private Cloud Edition, Fiori, BTP, and Cloud IAG
• Experienced in SAP GRC (Access Control and Process Control) design and implementation for Security
• Experienced in running SAP vulnerability assessment tool used in CyberSecurity and audit and compliance activities
• In-depth knowledge of SAP’s authorization concepts and security policies, focusing on role-based access, user administration, and compliance within private cloud environments
• Proven experience in GxP or equivalent validated environments, with a commitment to maintaining compliance and security across SAP systems
• Demonstrated capability to serve as a security solution architect, defining cloud security solutions and technical designs aligned with project needs and RFP requirements
• Extensive experience with end-to-end SAP security project lifecycles, including workshops, UAT, regression testing, cutover, and hyper care
• Familiarity with SAP’s Private Cloud Edition, along with the specific security and compliance nuances for cloud-hosted SAP systems
• Strong understanding of SOX compliance, GXP compliance, and regulatory standards
• Excellent communication and interpersonal skills to effectively collaborate with cross-functional teams and stakeholders

Preferred Skills:

• SAP Security certifications in S/4HANA Private Cloud, Fiori, and BTP
• Experience with life sciences or pharmaceutical industry regulatory frameworks and security standards
• Proficiency with SAP GRC and advanced SAP security tools, including experience with cloud-based identity governance

What We Offer

• Patient Days, where we are fortunate to hear directly from individuals living with the conditions we are seeking to impact throughout the year and learn how we can improve our efforts
• A culture inspired by our values: put patients first, think independently, be radically transparent, every minute counts, and let the science speak
• An unyielding commitment to always putting patients first. Learn more about how we do this here
• A de-centralized model that enables our program teams to focus on advancing science and helping patients. Our affiliate structure is designed to eliminate bureaucracy and put decision-making power in the hands of those closest to the science
• A place where you own the vision – both for your program and your own career path
• A collaborative, fast-paced, data-driven environment where we inspire ourselves and each other to always perform at the top of our game
• Access to learning and development resources to help you get in the best professional shape of your life
• Robust and market-competitive compensation & benefits package (Base, Performance Bonus, Equity, health, welfare & retirement programs)
• Flexible PTO
• Rapid career advancement for strong performers
• Potential ability to work on multiple BridgeBio Pharma programs across multiple therapeutic areas over time 
• Partnerships with leading institutions
• Commitment to Diversity, Equity & Inclusion