Solution Delivery Advisor - Application Security - SAP Security and GRC

at Deloitte in Arlington Heights, Illinois, United States

Job Description

Solution Delivery Advisor – Application Security – SAP Security and GRC

Unanticipated risks have great consequences for clients. That’s especially true today as new risks and complexities brought on by regulatory mandates, rapidly evolving technologies, and the digitalization of business operations are disrupting traditional business models. Deloitte Risk and Financial Advisory’s Hybrid-Operate teams deliver next-generation managed services and advanced technology products to help organizations solve complex problems on a long-term basis. Teams do this by bringing together advanced analytics, robust domain knowledge and experience, and strong technology products to help clients monitor, manage, and measure their operational environment for risk.

If you are seeking a role that within enterprise-level software implementations and variety to your day-to-day routine while allowing you to develop personally and professionally, Deloitte Risk and Financial Advisory’s Cyber practice may be the place for you.

Work you’ll do

As a part of Cyber Application Security team, you will be part of our SAP practice and will be responsible for steady state maintenance and enhancements of SAP ECC, S/4 HANA Security and SAP GRC Access and Process Control work-areas.

+ Troubleshooting security access issues, interacting with key functional/business stakeholders for providing a resolution to SAP Security/GRC errors/exceptions

+ Keeping oneself constantly abreast of the latest advancements on S/4 HANA and other emerging authorization concepts

+ Knowledgeable on risks associated with application security exposures and solution proposals to eliminate/ minimize risk

+ Quickly understand, adapt, and implement various role design concepts, delivering in a short period of time

+ Understanding of various SAP authorization concepts catering to SAP ECC, SAP S/4 HANA systems and SAP GRC Access & Process Control (10.x and 12.x)

+ Experience in Security/GRC activities for minor enhancements and support pack/version upgrades

+ Experience working on maintenance of GRC master data, running risk analysis, batch job monitoring, audit & compliance support activities (user management controls, access certification, etc.), BRF+ and MSMP workflows maintenance

+ Understanding on SOX Compliance, SOD and SAP IT General Computer Controls

+ Understands various compliance requirements that impact security and provide solutions to address them

+ Knowledge of business process, user provisioning process, and security maintenance processes

+ Excellent communication, listening & facilitation skills

The team

The Application Security team provides a holistic approach to privacy, control, and compliance requirements. Leveraging process optimization, automation, service levels, self-service, organizational consolidation, and global centers of excellence, this team services deliver end-to-end solutions that encompass innovation delivery through digital technologies such as robotics and cognitive and mobile apps. This is an unparalleled time of change with new information security challenges arising each day. Our teams bring industry experience, confidence, and technical knowledge to help our clients tackle those unique challenges.

Required Qualifications

+ BA/BS Degree is required. Ideally in Computer Science, Cyber Security, Information Security, Engineering, Information Technology.

+ Minimum 3 years’ experience in managing SAP security and SAP GRC Access & Process Control for the client’s SAP landscape (across development, quality assurance, sandbox, training and production systems)

+ Ability to travel up to 50%, on average, based on the work you do and the clients and industries/sectors you serve

+ Limited immigration sponsorship may be available

+ Previous Consulting or Big 4 experience preferred.

+ Certifications such as: CISSP, CISM, or CISA certification a plus

+ Experience working on HANA DB Security as well as understanding of leading practices as it relates to ERP security. Security experience with BW/4 HANA, C/4HANA, SRM, CRM, SCM, HR, SAP Cloud products (SCP, Ariba, Success Factors, Hybris, Concur) will be a plus

+ Deep expertise working on SAP Fiori authorization concepts – Catalogs, Groups, oData services, etc.

+ Exposure to SAP Hana Cloud Platform is an added advantage

+ Experience in configuration and implementation of SAP GRC 10.x Access Control modules. Process Control knowledge will be a plus.

+ Strong understanding of Segregation of Duties frameworks

+ Exposure to ticketing tools like ServiceNow, Remedy is a plus

Information for applicants with a need for accommodation: https://www2.deloitte.com/us/en/pages/careers/articles/join-deloitte-assistance-for-disabled-applicants.html

The wage range for this role takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled. At Deloitte, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is $80,370 to $141,000.

You may also be eligible to participate in a discretionary annual incentive program, subject to the rules governing the program, whereby an award, if any, depends on various factors, including, without limitation, individual and organizational performance.