Deloitte Jobs

Manager - Application Security - SAP Security and GRC

Unanticipated risks have great consequences for clients. That's especially true today as new risks and complexities brought on by regulatory mandates, rapidly evolving technologies, and the digitalization of business operations are disrupting traditional business models. Deloitte Risk and Financial Advisory's Hybrid-Operate teams deliver next-generation managed services and advanced technology products to help organizations solve complex problems on a long-term basis. Teams do this by bringing together advanced analytics, robust domain knowledge and experience, and strong technology products to help clients monitor, manage, and measure their operational environment for risk.

If you are seeking a role that within enterprise-level software implementations and variety to your day-to-day routine while allowing you to develop personally and professionally, Deloitte Risk and Financial Advisory's Cyber practice may be the place for you.

Work you'll do

As a part of Cyber Application Security team, you will be part of our SAP practice and will be responsible for steady state maintenance and enhancements of SAP ECC, S/4 HANA Security and SAP GRC Access and Process Control work-areas.

• Troubleshooting security access issues, interacting with key functional/business stakeholders for providing a resolution to SAP Security/GRC errors/exceptions

• Keeping oneself constantly abreast of the latest advancements on S/4 HANA and other emerging authorization concepts

• Knowledgeable on risks associated with application security exposures and solution proposals to eliminate/ minimize risk

• Quickly understand, adapt, and implement various role design concepts, delivering in a short period of time

• Lead internal SAP security technical training to Advisory personnel as needed

• Contribute to walkthrough discussions to recommend improvements on end-to-end business processes and functional requirements based on latest Cyber trends

• Execute services and supervise staff in delivering engagement services

• Strive to exceed client expectations; build and nurture positive working relationships with clients

• Manage day-to-day interactions with clients and internal Deloitte team

• Display leadership and business judgment in anticipating client/project needs and developing alternative solutions

• Actively mentor and train team members across both technical and management leadership capacities

• Provide counseling/coaching, oversight, and support for delivery teams and staff

• Participate actively in staff recruitment and retention activities, providing input and guidance into the staffing process

• Adopt a pragmatic approach to dealing with situations where confidentiality is important or where our work is of a sensitive nature. Helping maintain our client's strong professional relationships is integral to our business.

• Partner with the team on proposals, whitepapers, proof of concepts, technical eminence materials and firm initiatives.

  The successful candidate will possess:

• Understanding of various SAP authorization concepts catering to SAP ECC, SAP S/4 HANA systems and SAP GRC Access & Process Control (10.x and 12.x)

• Experience in Security/GRC activities for minor enhancements and support pack/version upgrades

• Extensive experience working on maintenance of GRC master data, running risk analysis, batch job monitoring, audit & compliance support activities (user management controls, access certification, etc.), BRF+ and MSMP workflows maintenance

• Understanding on SOX Compliance, SOD and SAP IT General Computer Controls

• Understands various compliance requirements that impact security and provide solutions to address them

• Knowledge of business process, user provisioning process, and security maintenance processes

• Excellent communication, listening & facilitation skills

• Proven leadership skills demonstrating strong judgment, problem-solving, and decision-making abilities

• Experience mentoring and coaching others

The team

The Application Security team provides a holistic approach to privacy, control, and compliance requirements. Leveraging process optimization, automation, service levels, self-service, organizational consolidation, and global centers of excellence, this team services deliver end-to-end solutions that encompass innovation delivery through digital technologies such as robotics and cognitive and mobile apps. This is an unparalleled time of change with new information security challenges arising each day. Our teams bring industry experience, confidence, and technical knowledge to help our clients tackle those unique challenges.

Required Qualifications

• BA/BS Degree is required. Ideally in Computer Science, Cyber Security, Information Security, Engineering, Information Technology.

• 10+ years' experience in managing SAP security and SAP GRC Access & Process Control for the client's SAP landscape (across development, quality assurance, sandbox, training and production systems)

• Ability to travel 50%, on average, based on the work you do and the clients and industries/sectors you serve

• US Citizenship required

  Preferred:

• Previous Consulting or Big 4 experience preferred.

• Certifications such as: CISSP, CISM, or CISA certification a plus

• Experience working on HANA DB Security as well as understanding of leading practices as it relates to ERP security. Security experience with BW/4 HANA, C/4HANA, SRM, CRM, SCM, HR, SAP Cloud products (SCP, Ariba, Success Factors, Hybris, Concur) will be a plus

• Deep expertise working on SAP Fiori authorization concepts - Catalogs, Groups, oData services, etc.

• Exposure to SAP Hana Cloud Platform is an added advantage

• Experience in configuration and implementation of SAP GRC 10.x Access Control modules. Process Control knowledge will be a plus.

• Strong understanding of Segregation of Duties frameworks

• Exposure to ticketing tools like ServiceNow, Remedy is a plus

  All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.