Architect,SAP SECURITY - GRC

Overview

This role supports in the execution of day-to-day activities for SAP GRC deliverables for the PIRT and individual PGT projects. This role requires close collaboration with SAP Security project lead, SAP GRC lead and Global SAP GRC Manager to determine priorities of work intake around access provisioning and recertification and ensure that requirements are reviewed, solutions developed and implemented according to the project timelines. The role will also closely work with the PMO, SAP Security, myidM, portal, Global GRC, design authority, technical and control teams to design solutions coming in through work intake processes and provide periodic updates on activities.

The scope of the role includes

• Being hands on in GRC system to develop solutions and workflows and well versed with configuration and BRF+

• Ensure SAP project work while in project phase are addressed in a timely manner; in sustain phase are addressed within SLA

• Serves as the liaison between Application Support, Security and GRC teams in understanding the requirements and building a solution

• Maintain SAP GRC systems to be in compliance with the Security standards and policies

• Execute the Quarterly SOX reporting

• Analyzing SOD risks in partnership with the Control Organization Creative thinker with ability to apply analytical skills to different issues

• Should be able to clearly communicate and articulate requirements with good presentations skills

• Be able to work with a geographically spread team

Responsibilities

Management of SAP GRC workflows and master data in compliance with controls.

• Facilitate and execute GRC workflow and master data change activities including providing assistance/ guidance to functional/ technical teams

• Define and maintain GRC configuration standards

• Monitor the GRC workflow and master data design to support Sarbanes-Oxley Compliance (SOX), including Segregation of Duties (SoD) and business/ technical sensitive transactions

• Work with SAP Security and SAP Governance team to define GRC solutions and influence role build strategy in line with system capabilities

• Provide recommendations on ways to simplify/ streamline existing processes and controls to gain productivity

• Ensures SOX controls compliance by executing SAP security sector procedures

• Reviews OSS Notes, security patches; implements and tests those patches

Manages the execution of SAP GRC reporting approach and adoption, including risk assessment processes, continuous monitoring, training and reporting (Providing consultation)

• Train users in IT processes and procedures; provide assistance during external and internal audits

• Participate and drive workshops and team discussions between SAP security and GRC teams

• Integrate security governance within overall control environment and sustain activities with the impacted parties

• Interaction with audit, risk, and control personnel to explain and evaluate the structure and design of GRC processes

• Plan, communicate and coordinate key control (e.g., SOX) activities such as the quarterly related IT application control reporting

• Reinforce correct SAP security and GRC procedures with project teams and third party provider teams

• Participates in security reviews

Manage internal/ external audit relationships to maintain a positive outlook on the progression of SAP GRC processes (being informed)

• Work with Controls Governance and IT teams to ensure holistic approach is taken to remediate Corporate Audit findings

Qualifications

Years of Experience:

• Bachelor's/Masters Degree in Business, Information Systems, Computer Science (or equivalent) is required

• Minimum 9+ years of Total experience

• Minimum 5+ years SAP security and 3+ years of GRC experience

• Minimum of 2 full life cycle implementations

Mandatory Tech Skills:

• Technical proficiency with security build and requirements analysis/definition across multiple SAP systems (e.g., ECC, BI/BW, CRM, SCM, Process Orchestration, Fiori, SAP HANA etc.)

• Competent in GRC configurations, Access Controls, BRF+ , Emergency Access Management, Converged solution for cloud

• Good to have GRC 12.0 experience

• Multiple years of IT system support experience

• Broad understanding of internal controls, segregation of duties (SoD), sensitive transactions analysis, basic SAP development (e.g., ABAP integration points), SAP modules, SAP Transport Management System, SAP Web Application Server, NetWeaver, HANA

Mandatory Non Tech Skills:

• Analytical, motivated, and self-confident with communication to business users, IT partners, and managers

• Proficient knowledge in Microsoft office tools including MS Access

• English proficiency required

• Product certification(s) in SAP Security Administration and or SAP GRC

• Preferred to have Information Security certifications such as CISA, CISM, CGEIT, CRISC

• Knowledge of COBIT, IT risk frameworks, and experience with ITIL processes

• Experience in an IT customer facing role; comfort and confidence interacting with various levels of users, including frontline management

• Ability to communicate solutions and impacts to customers and stakeholders

• Ability to contribute towards design and brainstorming sessions with larger Infosec group

• Ability to excel in an aggressive, change oriented environment

• Ability to support weekend and off-hours activities to support projects

• Service oriented attitude