GRC Analyst

Location: Houston, TX | Job Type: Full Time | Salary: $75K - $90K

Job Duties:

1. Application maintenance and Support 20%
   • This includes coverage of security incident support and other routine maintenance activities which will be expand based on the knowledge of the future deployment's application.
   • Identify opportunities for improving GRC processes and systems.
   • Implement best practices and innovative solutions to enhance the organization's GRC capabilities.
   • GRC SOD rule-set customization.
2. Applications in scope 20%
   • SAP ECC, SAP BW/BI, SAP CRM. SAP Fiori and SAP GRC.
3. GRC Management Support 20%
   • This includes activities to support Access Control.
   • Access Risk Analysis (ARA).
   • Emergency Access Management (EAM).
   • ITGC support which are the key area in the success of on-going GRC Operations.
4. Supplemental services 10%
   • This includes any work e.g. major functionality changes or (deployment support beyond testing) The value here is being to leverage resources between 'build' and 'run' activities to achieve efficiency in.
   • GRC AC, PC and RM Customization to meet the organization-specific business requirement.
5. SAP security analysis 10%
   • SAP Security implementation, Segregation of Duties, SAP Security role redefinition, SAP GRC Implementation, SAP Pre and post implementation security and control review.
   • Authorizations testing at Transaction, Object/Activity Level.
   • SOD review across SAP landscape, User Management/Password Policies, Transport Management System, IMG settings, Application Server Parameters etc,
6. Responsible for preparation of business blueprint for SAP GRC AC implementation and go live activities. (10%)
   • Preparing Business Blueprint Document for Access Control.
   • Preparing Business Blueprint Document for Process Control.
   • Preparing Business Blueprint Document for Risk Management.
   • Generating SOD Reports.
7. Define the configuration strategy for Access risk and analysis (ARA),
   Access request Management (ARM), Business Rule Management (BRM), and Emergency Access Management (EAM), Business Rule Framework (BRF+), Multi Stage Multipath Workflow (MSMP), Sod Rule-set customization, Risk Remediation, Risk Mitigation, Automated controls , Semi automated controls and Manual controls. (10% )

Job Requirements:

• Big 4 consulting experience is a MUST.
• Bachelor's degree in Information Technology, Computer Science, or related field.
• Strong understanding of SAP security concepts, including user authentication, authorization objects, roles, profiles, and user management.
• Hands-on experience with SAP security tools and technologies, such as SAP GRC (Governance, Risk, and Compliance), SAP Security Notes, and SAP Solution Manager.
• Familiarity with industry standards and regulations related to SAP security, such as SOX, GDPR, and PCI DSS.
• Excellent analytical, problem-solving, and communication skills, with the ability to collaborate effectively with crossfunctional teams.
• Relevant certifications such as SAP Certified Technology Associate - Security with SAP NetWeaver or SAP Certified Application Associate - SAP Security.
• Strong leadership skills with the ability to mentor and develop team members, manage projects, and drive initiatives to completion. SAP Security Administration skills.
• Role Design and Authorization Management skills.
• Security Policy Development and Implementation skills.
• Risk Assessment and Compliance Management skills.
• Incident Response and Security Monitoring skills, Desired Skills & Experience - Collaboration and Stakeholder Engagement skills.
• Continuous Learning and Adaptability skills. Project management experience.