Equal Plus Consulting has been engaged to search for an SAP Security Senior Analyst to work on a full time/permanent basis for a client based in Atlanta, GA.

Title: SAP Security Senior Analyst

Location: Atlanta, GA, US, 30328

Department: Information Technology

Travel: Up to 25%

Non local candidates willing to relocate to Atlanta will be considered
REPORTING TO: Director, IT Risk Management and Application Security

POSITION SCOPE:

The SAP Security Senior Analyst works under the direction of the SAP Security Manager and will require working out of our HQ location in Atlanta. This position is responsible for maintaining SAP security roles and profiles within the SAP landscape and keeping it aligned with Information Security policies and IT General Controls framework. The Sr. Analyst partners with cross functional teams to ensure a secure and auditable SAP environment. The Sr. Analyst works to achieve security and audit compliance and provides input to all SAP Security related policies, procedures, control sets, and best practices. The Sr. Analyst will support and administer the SAP GRC application and ensure it is operating effectively and efficiently.

POSITION RESPONSIBILITIES:

Provide 2nd and 3rd level support for SAP security incidents and SAP provisioning requests.

Execute SAP provisioning requests leveraging the SAP GRC Access Control capabilities.

Scope and collect SAP security requirements for business and technology sponsored projects or enhancements.

Develop SAP security solutions to support business needs and in alignment with the financial controls framework.

Maintain existing SAP users, security roles and SAP GRC processes.

Provide training and documentation for SAP security and SAP GRC processes.

Provide support for SAP instances related to security.

Represent the IT Governance, Risk & Compliance team as a subject matter expert on the topics of SAP Security and SAP GRC system.

Lead small projects and key project tasks on large projects.

Work with internal and external auditors to provide evidence requests via the AuditBoard system.

Act as the primary responsible person for supporting and administering the SAP GRC Access Control application and ensure it is configured, maintained, and operating effectively and efficiently.

Ensure emergency access provisioning procedures and operations in SAP GRC Access Control remain compliant with established Information Security policies.

Ensure that SAP Security and SAP GRC processes comply with security methodology and technical standards.

Manage to resolution all SAP Security audit exceptions as reported by Internal Audit department.

Assist with SAP License measurement and audit rounds.

Resolve break-fix items related to authorizations and access in SAP systems.

Document role, objects, and user access for auditing purposes.

Coordinate necessary testing of security changes.

Ensure that proper change control around SAP security activities is followed.

Participate in change management calls and present SAP security related changes to the change advisory boards when required.

Train control owners on use of SAP GRC for elevated access reviews.

Document and maintain standard operating procedures for SAP Security processes.

Use of the Service system for tracking incidents and changes.

Use of the OneTrust GRC platform for tracking of control owner reviews.

Maintain the SAP GRC control matrices and mappings used for segregation of duties evaluations conducted at the company.

POSITION SPECIFICATIONS:

General Knowledge & Skills

Excellent written and verbal communication skills.

Ability to effectively communicate up, down and across, including and not limited to, presenting new ideas and solutions pertaining to SAP Security and GRC to leadership.

Ability to handle highly confidential information in a strictly professional manner.

Ability to work well under pressure.

Strong analytical skills.

Proven ability to self-manage and work with minimal supervision.

Strong understanding of prevailing practices in the SAP Security and GRC domain.

Technical Knowledge & Skills:

10 years' experience with SAP Security Design, Implementation and Administration. Demonstrated experience in a leading capacity defining SAP security on SAP implementations is required.

Solution experience in a manufacturing industry is desired.

5 years' experience in configuring, deploying, integrating, and maintaining SAP GRC 12.x. Experience in using and/or implementing third-party bolt-on GRC enhancements would be a plus. The ideal candidate would have a proven experience integrating GRC with SAP, non-SAP, on-prem and SaaS applications for user access provisioning, SOD risk analysis, KPIs, etc.

Strong and proven experience with all aspects of SAP authorizations in ECC, APO, BI/BW, CRM, SCEM, S/4HANA, SAP Enterprise Portal, HANA database, Fiori, SLT, MDG, Business Objects, HCM, SuccessFactors.

Experience with Organizational Level creations and maintenance.

Strong understanding of Structural Profiles.

General knowledge of business processes within Finance, Financial Close, Sales, MM/IM, Order-To-Cash, Purchase-To-Pay, and Employee Central is a plus.

Expertise in analyzing and resolving complex authorization problems utilizing SAP standard tools.

Good handle on controls principles, risks, and overall awareness of the corporate security posture.

Education & Professional Credentials:

Bachelor's degree in a relevant discipline (Computer Information Systems, Information System Technologies, Management Information Systems, Computer Science, or equivalent experience).

Relevant certifications from SAP or those from other professional organizations such as CISA, CISM, CISSP, etc. would be a plus.

POSITION COMPETENCIES:

Integrity and Trust

Action Oriented

Customer Focus

Planning

Timely Decision Making

Problem Solving

Learning on the Fly

Composure

Dealing with Ambiguity

Business Acumen

People skills

#LI-Hybrid