Deloitte SAP Security & GRC Solutions Delivery Manager in Charlotte, North Carolina
Manager - Application Security - SAP Security and GRC
Unanticipated risks have great consequences for clients. That's especially true today as new risks and complexities brought on by regulatory mandates, rapidly evolving technologies, and the digitalization of business operations are disrupting traditional business models. Deloitte Risk and Financial Advisory's Hybrid-Operate teams deliver next-generation managed services and advanced technology products to help organizations solve complex problems on a long-term basis. Teams do this by bringing together advanced analytics, robust domain knowledge and experience, and strong technology products to help clients monitor, manage, and measure their operational environment for risk.
If you are seeking a role that within enterprise-level software implementations and variety to your day-to-day routine while allowing you to develop personally and professionally, Deloitte Risk and Financial Advisory's Cyber practice may be the place for you.
Work you'll do
As a part of Cyber Application Security team, you will be part of our SAP practice and will be responsible for steady state maintenance and enhancements of SAP ECC, S/4 HANA Security and SAP GRC Access and Process Control work-areas.
Troubleshooting security access issues, interacting with key functional/business stakeholders for providing a resolution to SAP Security/GRC errors/exceptions
Keeping oneself constantly abreast of the latest advancements on S/4 HANA and other emerging authorization concepts
Knowledgeable on risks associated with application security exposures and solution proposals to eliminate/ minimize risk
Quickly understand, adapt, and implement various role design concepts, delivering in a short period of time
Lead internal SAP security technical training to Advisory personnel as needed
Contribute to walkthrough discussions to recommend improvements on end-to-end business processes and functional requirements based on latest Cyber trends
Execute services and supervise staff in delivering engagement services
Strive to exceed client expectations; build and nurture positive working relationships with clients
Manage day-to-day interactions with clients and internal Deloitte team
Display leadership and business judgment in anticipating client/project needs and developing alternative solutions
Actively mentor and train team members across both technical and management leadership capacities
Provide counseling/coaching, oversight, and support for delivery teams and staff
Participate actively in staff recruitment and retention activities, providing input and guidance into the staffing process
Adopt a pragmatic approach to dealing with situations where confidentiality is important or where our work is of a sensitive nature. Helping maintain our client's strong professional relationships is integral to our business.
Partner with the team on proposals, whitepapers, proof of concepts, technical eminence materials and firm initiatives.
The successful candidate will possess:
Understanding of various SAP authorization concepts catering to SAP ECC, SAP S/4 HANA systems and SAP GRC Access & Process Control (10.x and 12.x)
Experience in Security/GRC activities for minor enhancements and support pack/version upgrades
Extensive experience working on maintenance of GRC master data, running risk analysis, batch job monitoring, audit & compliance support activities (user management controls, access certification, etc.), BRF+ and MSMP workflows maintenance
Understanding on SOX Compliance, SOD and SAP IT General Computer Controls
Understands various compliance requirements that impact security and provide solutions to address them
Knowledge of business process, user provisioning process, and security maintenance processes
Excellent communication, listening & facilitation skills
Proven leadership skills demonstrating strong judgment, problem-solving, and decision-making abilities
Experience mentoring and coaching others
The Application Security team provides a holistic approach to privacy, control, and compliance requirements. Leveraging process optimization, automation, service levels, self-service, organizational consolidation, and global centers of excellence, this team services deliver end-to-end solutions that encompass innovation delivery through digital technologies such as robotics and cognitive and mobile apps. This is an unparalleled time of change with new information security challenges arising each day. Our teams bring industry experience, confidence, and technical knowledge to help our clients tackle those unique challenges.
BA/BS Degree is required. Ideally in Computer Science, Cyber Security, Information Security, Engineering, Information Technology.
10+ years' experience in managing SAP security and SAP GRC Access & Process Control for the client's SAP landscape (across development, quality assurance, sandbox, training and production systems)
Ability to travel 50%, on average, based on the work you do and the clients and industries/sectors you serve
US Citizenship required
Previous Consulting or Big 4 experience preferred.
Certifications such as: CISSP, CISM, or CISA certification a plus
Experience working on HANA DB Security as well as understanding of leading practices as it relates to ERP security. Security experience with BW/4 HANA, C/4HANA, SRM, CRM, SCM, HR, SAP Cloud products (SCP, Ariba, Success Factors, Hybris, Concur) will be a plus
Deep expertise working on SAP Fiori authorization concepts - Catalogs, Groups, oData services, etc.
Exposure to SAP Hana Cloud Platform is an added advantage
Experience in configuration and implementation of SAP GRC 10.x Access Control modules. Process Control knowledge will be a plus.
Strong understanding of Segregation of Duties frameworks
Exposure to ticketing tools like ServiceNow, Remedy is a plus
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.