SAP GRC Security Engineer

PetSmart   •  

Phoenix, AZ

5 - 7 years

Posted 272 days ago

This job is no longer available.

Job Responsibilities

Do you have a natural curiosity and desire to understand how data and events can be related? Do you have an interest in compliance and cybersecurity? Do you love pets?

PetSmart is looking for an SAPSecurity Engineer that will be hands on and provide business and technical expertise on a wide variety of compliance and information security topics. This position is for an individual with a strong background in information securityarchitecture, technologies, and processes. This position will have a focus on SAPSecurity, GRC, and Identity and Access Management systems as well as help support application security teams. The SAPSecurity Engineer will participate in all aspects of security from securityarchitecture designs, regulation and compliance, to vulnerability management and incident response. They will have strong integration with project management in implementing new secure solutions for the business. Their activities will range from conceptual security design to hands on engineering and security operations.


• Work on the Security Engineering team to design, develop, implement, and support SAPSecurity

  • Provide SAPSecurity and SAP GRC subject matter expertise
  • Support Internal Audit and IT Compliance functions
  • Work with Risk Management team to assess IT Systems, recommend and design securityarchitecture and security controls
    • Participate on the PetSmart Computer Security Incident Response Team (P-CSIRT) that responds to various application security incidents such as application misuse, unauthorized access, and internal fraud
    • Participate in annual security audits, such as PCI and SOX
    • Determine whether in-house information systems are in compliance with existing policies, standards, architectures, procedures, laws, regulations, and other requirements
    • Participate as a technical security advisor for a variety of IT projects


• Four-year degree in Computer Science/MIS, engineering, or related field, and 5+ years relevant industry experience in information security, or the equivalent combination of education, technical training or work/military experience
• Security certifications a plus: CISSP, CISM, CISA, SANS, SAP


  • Extensive prior experience in SAP authorization concept, role design and implementation
  • At least one full cycle implementation of SAP ECC, BW or GRC security
  • Extensive prior SAP GRC 10 experience including solid understanding of GRC AC: setup of MSMP workflow, configuration of logical systems and connectors to SAP and non-SAP systems. Experience creating and assigning UME Roles. Configuration of BRF+ decision tables. Configuration of rulesets, functions, access risks and mitigations. Configuration of SAP fire fighter.
  • Experience assisting business and technical teams in developing concepts of Segregation of Duties and Critical Access
  • Experience with ABAP and JAVA security tools
  • Experience with Central User Administration
  • Experience with structural authorizations and position based role assignments
  • Experience performing SAPsecurity upgrades, leveraging SU25 and maintaining SU24
  • Prior experience with SAP Enterprise Portal, Fiori, HANA, and S/4 HANA Security
  • Best practice understanding of SAPsecurity configurations, parameters, and architectural design
  • Strong understanding of LDAP and authorization technologies such as SAML, OAuth, WS-Fed


  • Experience implementing and managing multi-factor authentication systems
  • Experience performing administrative functions in Unix/Linux environments
  • Experience administrating Microsoft Active Directory environments
    • Strong technical understanding of network fundamentals and common Internet protocols
    • Strong understanding of web protocols and common vulnerabilities
    • Ability to work independently on enterprise projects and communicate effectively with both technical and non-technical personnel
  • Knowledge of industry laws and regulations mandating information security and information risk management requirements (PCI, Sarbanes-Oxley, GLB, HIPAA)
  • Excellent verbal and written communication skills coupled with ability to explain security topics to a business audience

ID IT-18-5920