Job Description :
- Must be available for an onsite interview in NYC
- (depending on experience
- Must have excellent communication skills
Responsibilities:
Serve as the IT Security subject matter expert (SME) in the planning, design, and implementation of SAP security architecture for technical, operational, and administrative activities.
Support account setup and maintenance, role development, authorization management in SAP landscape (ECC and HANA
Develop and drive the implementation of security best practices and standards.
Provide production support of existing security roles and functions. Troubleshoot, analyze, debug issues for access issues and role authorizations and associated T-codes.
Review security for Audit exceptions or Segregation of Duty issues.
Support, design, and assess SAP GRC Access Control suite of programs, including user provisioning, segregation of duty management, emergency access, and role management.
Work with the Information Security team and administration to identify and address SAP risks and areas of concerns. (specially from SOX Audit perspective)
Translate business functional requirements into a technical design for security roles.
Document SAP Security design and management processes, creating and updating operational guides, and monitoring existing operational guides for consistency and completeness.
Oversee and peer reviews the security changes done by other team members to make sure the changes adhere to SAP best practices.
Partner with IT Information Security, Risk & Compliance and Infrastructure COEs
Support Audit Readiness lead during external and internal audit Activities.
Capable of running SAP Security/SUIM reports to obtain information for audit inquiries and reviews. Knowledge of where to obtain various sources of audit information within an SAP environment.
Performance of weekly review, documentation and follow-up of SAP Firefighter system access.
Must be capable to generate, review, and perform follow up on exceptions for SAP Firefighter Access or elevated system access privileges.
Manage, support and coordinate privileged access request process. Maintain documentation of approvals, AUPs, training materials.
Provide governance monitoring of privileged access review. Document reviews, approvals and maintenance of documentation for Audit Readiness purposes. Ability to use SAP system and Service Now to research Firefighter history usage to gain information about individual activities.
Demonstrated familiarity with SAP tables and queries to generate user data for role reaffirmation efforts.
Ability to manage several priorities simultaneously.
Demonstrates senior level technical competence for SAP Security Concepts, including understanding of data privacy concepts, compliance and GRC
Supports projects by translating functional security requirements into technical security role and authorization designs
Perform annual SAP System Access reaffirmation efforts, to include dialog and system IDs as well as other technical assessments to support customer requirements. Ability to execute SOD and Critical Action reports using GRC tools.
Ability to review SOD and CA reports for exceptions and to make recommendations to remediate SOD conflicts.
Understanding of SAP Security authentication concepts.
Ability to diagnose SAP access and authorization issues and provide corrective recommendations.
Recommend process improvements to improve access controls and overall compliance infrastructure.
Provide technical assistance in training all levels of SAP users, including translation of ERP system technical literature in terms understandable to end users.
Skills & Abilities:
6+ years of experience in designing and assessing SAP GRC Access Control suite of programs, including user provisioning, segregation of duty management, emergency access, authorization management and role management (Master, Composite, Derived and Custom Roles
Conducted minimum 2 SAP R/3 & HANA Security audit and analysis.
Worked as a Subject Matter Expert (SME) for the Information Security team and management to identify and address SAP risks and areas of concerns.
Experience in developing and enhancing SAP security governance policies, procedures, processes and guidelines using leading industry practices (Audit compliance & reporting (SOX/Internal IT)
Performed GRC configuration and used GRC tools to analyze access and provide emergency access to team members, maintenance of Application Security Profiles.
Provided production support of existing security roles and functions.
Triage issues for role authorizations and associated T-codes.
Develop and drive the implementation of Security best practices and standards to mature the SAP program.
Able to understand the business process and having automated controls knowledge.