Tracking Code 219512-021
This position leads and oversees all SAP Application Security strategy, development and management related to SAP vulnerabilities, releases, patches, and notes. This position has hands on experience in leading and managing special projects like SAP license management and submission including proper classification of users and submission to SAP, SAP Security patch notes, SAP Upgrade and refresh projects . This position is charged with the enforcement of security policies and procedures aligned with best practices. This position thrives by working with diverse set of teams and stakeholders requiring complex solutioning to achieve an integrated SAP Application Security solution that works best for the enterprise.
- Research and evaluate security management software and make recommendations on how to improve and optimize existing security procedures.
- Work closely with relevant stakeholders both business and technology to drive design, architecture and deployment of Security and Access Control Solutions.
- Collaborate with internal teams to help streamline all security-related changes across landscapes for SAP ECC, BI/BO, Solution Manager, PI, Fiori and GRC system amongst others.
- Define the security model for various existing and planned SAP application implementations by assisting with project status updates, defining mitigation plans, and resolving issues.
- Conform to IT Governance and Compliance audit requirements including the composing of policy documentation, recording of acknowledgment and compliance.
- Collaborate with internal security and audit teams to ensure proper SAP controls are in place for SAP roles and authorizations and that ongoing governance is in place and occurring.
- Recommend options to optimize security roles and avoid SOD violations. Translate functional requirements into technical designs for security roles.
- Perform daily security investigations to determine core issues, provide corrective action, and implement preventive controls to avoid similar issues going forward.
- Participate in the planning and coordination of releases to production.
- Administer and configure Governance Risk and Compliance within SAP; including risk and usage analysis along with emergency access management.
- Bachelor's degree - Computer Science, Engineering, System Security or related field; 8-10 years of hands on experience implementing and supporting SAP Security and GRC solutions. Well versed with security administration in systems like SAP ECC, BI/BO, Solution Manager, PI, Fiori and HANA; or Equivalent combination of education and experience. - - Experienced with various SAP Security implementation methodologies, role design, requirement gathering, creating user role authorization matrix, SOD matrix, and risk remediation/mitigation framework. Expert knowledge configuring/designing SAP Roles.
- Experienced with GRC AC 10.1 end to end support and maintenance, upgrade and implementation along with hand on experience in GRC AC SOD Remediation process and ruleset customization, User provisioning Workflow Customization using BRF+ etc.
- Experience with SAP User admin automation, knowledge of ABAP knowledge, SECATTs, a big plus in managing user provisioning across large SAP landscapes.
- Strong understanding of security concepts and risk mitigation strategies. Hands on experience with Fiori Security.
- Excellent oral and written communication skills along with ability to work independently as well as in a team environment.
- Strong self-management to manage and prioritize multiple project activities. Strong analytical thinking, documentation, design skills along with strong problem-solving and troubleshooting skills.
or equivalent combination of education and experience
Very good working conditions. No unusual health hazards, requires no special precautions. Probability of injury is remote.
Little or no physical demands. Minimal handling of light materials and tools (less than 25 lbs).
Schedule: Monday – Friday – minimal travel
The duties listed are representative of the job; however, it in no way states or implies that these are the only duties a person may be required to perform. The omission of specific statements of duties does not exclude them from the position if the work is similar, related or is an essential function of the position.
We are proud to be an EEO/AA employer/Veteran/Disabled. We maintain a drug-free workplace and perform pre-employment substance abuse testing.