Job Description
The Position The SAP Security and GRC Specialist is responsible for the administration, configuration, and support of SAP security and GRC (Governance, Risk, and Compliance) Access Control. This role ensures the security of SAP systems, compliance with internal and external regulations, and effective risk management. The specialist will work closely with various stakeholders to implement and maintain security policies, manage access controls, and oversee GRC activities within the SAP landscape.
Responsibilities SAP Security & GRC AdministrationUser Management: Administer SAP user accounts, roles, and authorizations. Ensure that users have appropriate access levels based on their roles and responsibilities.Role Design: Design and implement SAP roles and authorizations to align with business processes and security policies.Security Configuration: Configure and maintain security settings in SAP systems, including single sign-on (SSO), encryption, and other security features.Audit and Monitoring: Perform regular security audits, monitor for suspicious activities, and address any security vulnerabilities or breaches.GRC Configuration: Configure and maintain SAP GRC modules, including Access Control and process controls.Compliance Management: Ensure that SAP systems and processes comply with relevant regulations and standards (e.g., SOX, GDPR).Risk Assessment: Conduct risk assessments and manage risk mitigation activities within SAP environments.Audit Support: Assist in internal and external audits by providing necessary documentation and reports related to SAP security and compliance.Incident ManagementIncident Response: Respond to and investigate security incidents and coordinate with other IT teams, as necessary.Resolution: Implement corrective actions to address security issues and prevent future occurrences.Documentation and ReportingDocumentation: Maintain comprehensive documentation of security configurations, policies, procedures, and compliance requirements.Reporting: Generate and present reports on security status, compliance metrics, and risk assessments to management and stakeholders.Collaboration and SupportStakeholder Interaction: Work closely with business units, IT teams, and external vendors to understand requirements and ensure effective security and compliance measures.Training: Provide training and support to end-users and IT staff on SAP security best practices and GRC processes.Leadership: Work with operation and project consultants for day-to-day tasks and cover as needed.Continuous ImprovementBest Practices: Stay updated on the latest trends and best practices in SAP security and GRC. Propose and implement improvements to enhance security and compliance posture.Tool Enhancement: Evaluate and recommend tools and technologies to improve SAP security and GRC processes.Required Education, Experience, and Skills Education: Bachelor's degree in computer science, Information Technology, Cybersecurity OR at least 10 years of related field experience.Relevant certifications are a plus (e.g., SAP Certified Technology Associate, CISM, CISA).Experience: At least 7 years of experience in SAP security and GRC roles.At least 2 full SAP implementations with hands-on technical experience.Experience with SAP Modules: Hands-on technical experience with SAP S/4 HANA with embedded (Fiori, MDG, Group reporting, etc.), BW/4 HANA, IBP, ARIBA, SAC, HANA DB, BTP (Business Technology Platform), SAP GRC Access Control 12.0x or IAG (Identity, Access & Governance).Security Tools: Familiarity with security and compliance tools and technologies.Skills: Technical Skills: Strong knowledge of SAP security configuration, user roles, and authorizations. Experience with SAP GRC modules, risk management, and compliance practices.Analytical Skills: Ability to analyze complex security and compliance issues and develop effective solutions.Preferred Skills: Detail-oriented and organized with the ability to manage multiple tasks and projects.Strong ethical standards and a commitment to maintaining high levels of security and compliance.Communication: Excellent verbal and written communication skills. Ability to interact with various stakeholders effectively.Problem-Solving: Strong problem-solving skills with a proactive approach to security and compliance challenges.Ideal to have Big4 experience (EY, PWC, KPMG, Deloitte).Background in the pharmaceutical industry preferred and/or experience in a public global organization.Working Conditions Hybrid role.Travel: Occasional travel may be required for training, meetings, or project implementations.
#J-18808-Ljbffr