"Alerted.org

Senior Consultant - Application Security - SAP Security and GRC

Our Deloitte Cyber team understands the unique challenges and opportunities businesses face in cybersecurity. Join our team to deliver powerful solutions to help our clients navigate the ever-changing threat landscape. Through powerful solutions and managed services that simplify complexity, we enable our clients to operate with resilience, grow with confidence, and proactively manage to secure success.

Work you'll do

As a part of Cyber Application Security team, you will be part of our SAP practice and will be responsible for steady state maintenance and enhancements of SAP ECC, S/4 HANA Security and SAP GRC Access and Process Control work-areas.

+ Troubleshooting security access issues, interacting with key functional/business stakeholders for providing a resolution to SAP Security/GRC errors/exceptions

+ Keeping oneself constantly abreast of the latest advancements on S/4 HANA and other emerging authorization concepts

+ Knowledgeable on risks associated with application security exposures and solution proposals to eliminate/ minimize risk

+ Ability to quickly understand and adapt to various role design concepts and deliver in a short period of time

+ Support and enable junior team members across both technical and management leadership capacities

+ Provide internal SAP security technical training to Advisory personnel as needed

+ Support the team on proposals, whitepapers, proof of concepts, technical eminence materials and firm initiatives.

The successful candidate will possess:

+ Understanding of various SAP authorization concepts catering to SAP ECC, SAP S/4 HANA systems and SAP GRC Access & Process Control (10.x and 12.x)

+ Experience in Security/GRC activities for minor enhancements and support pack/version upgrades

+ Extensive experience working on maintenance of GRC master data, running risk analysis, batch job monitoring, audit & compliance support activities (user management controls, access certification, etc.), BRF+ and MSMP workflows maintenance

+ Understanding on SOX Compliance, SOD and SAP IT General Computer Controls

+ Understands various compliance requirements that impact security and provide solutions to address them

+ Knowledge of business process, user provisioning process, and security maintenance processes

+ Excellent writing and verbal communication skills

+ Strong project management and organizational skills

The team

Our Cyber Operate offering Operates clients' critical cyber assets as a fully managed service or working in partnership with clients. Provides talent, leading technologies, and processes to operate client cyber capabilities, including the identity lifecycle, security operations, threat intelligence, application security business transformation, and continuous compliance

Required Qualifications

+ BA/BS Degree is required. Ideally in Computer Science, Cyber Security, Information Security, Engineering, Information Technology.

+ 6+ years' experience in managing SAP security and SAP GRC Access & Process Control for the client's SAP landscape (across development, quality assurance, sandbox, training and production systems)

+ Ability to travel up to 50%, on average, based on the work you do and the clients and industries/sectors you serve

+ Limited sponsorship may be available

Preferred:

+ Previous Consulting or Big 4 experience preferred.

+ Certifications such as: CISSP, CISM, or CISA certification a plus

+ Experience working on HANA DB Security as well as understanding of leading practices as it relates to ERP security. Security experience with BW/4 HANA, C/4HANA, SRM, CRM, SCM, HR, SAP Cloud products (SCP, Ariba, Success Factors, Hybris, Concur) will be a plus

+ Deep expertise working on SAP Fiori authorization concepts - Catalogs, Groups, oData services, etc.

+ Exposure to SAP Hana Cloud Platform is an added advantage

+ Experience in configuration and implementation of SAP GRC 10.x Access Control modules. Process Control knowledge will be a plus.

+ Strong understanding of Segregation of Duties frameworks

+ Exposure to ticketing tools like ServiceNow, Remedy is a plus

Information for applicants with a need for accommodation: https://www2.deloitte.com/us/en/pages/careers/articles/join-deloitte-assistance-for-disabled-applicants.html

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.