SAP GRC Security Lead
£75,000 per annum + benefits
2 days per week in Basingstoke office
Job Description Summary
The SAP GRC Security Lead will sit within the SAP CoE and report to the Principal SAP Delivery Lead. They will be responsible for all governance, risk and compliance activity within SAP. This includes ownership of roles and authorisations across SAP ECC, BW, BPC, Success Factors, Ariba and Concur. The SAP GRC and Security Lead will work closely with the wider SAP CoE team and internal and external stakeholders to ensure that all SAP solutions are compliant with our SoD framework, internal security policies, IT general controls, RACM framework and external audit. This will include the building and maintenance of SAP ECC, BW and BPC roles and the annual user recertification processes and the management of tickets and change requests in the roles and authorisation space.
The SAP GRC lead will be required to implement proactive controls to mitigate and manage risk across all SAP applications and will also support external audit processes.
· Will take full ownership of roles & authorisations which will include designing, building, maintaining, and supporting roles and authorisations in SAP ECC, BW and BPC in accordance with best practices
· Will also provide support and guidance to the functional teams that administer roles & authorisations on Success Factors, Ariba, Concur
· Will be responsible for maintaining the integrity of our SAP SoD framework and manage the maintenance and assignment of roles in the live system.
· Will proactively implement robust controls to support the integrity of the SoD framework. Including the provision of periodic reports to key stakeholders
· Full end to end ownership of periodic user recertification processes for all SAP applications
· Will utilise our existing GRC tool (Profile Tailor Dynamics) to design and implement ensure full end to end controls for roles and authorisations in our SAP systems.
· Work with functional leads from within the SAP CoE and business stakeholders to provide security advice and guidance and support projects.
· Will be the SPOC and CoE conduit for all SAP risk, audit, security and IT general control actions.
· Ownership and maintenance of internal SAP risk register
· Work with internal risk and audit teams and external auditors to ensure all actions are managed in a timely manner
· 10 years + hands on experience with SAP roles and authorisation
· Strong consulting or audit background would be highly desirable
· Extensive experience working with SAP GRC tooling
· Experience of designing and implementing new authorisation models (or role refreshes)
· Exceptional communication and customer facing skills
· Good knowledge of SAP ECC, BW, BPC, Solution Manager
· Strong understanding of business processes within FI, CO,SD and MM
· Good knowledge or experience of working with Success Factors, Ariba and Concur
· Good experience of working with risk, audit, and compliance teams
· Strong exposure to IT general controls and RACM framework