Deloitte SAP Security & GRC Solution Sr. Consultant/Solution Delivery Lead in Richmond, Virginia
Senior Consultant - Application Security - SAP Security and GRC
Unanticipated risks have great consequences for clients. That's especially true today as new risks and complexities brought on by regulatory mandates, rapidly evolving technologies, and the digitalization of business operations are disrupting traditional business models. Deloitte Risk and Financial Advisory's Hybrid-Operate teams deliver next-generation managed services and advanced technology products to help organizations solve complex problems on a long-term basis. Teams do this by bringing together advanced analytics, robust domain knowledge and experience, and strong technology products to help clients monitor, manage, and measure their operational environment for risk.
If you are seeking a role that within enterprise-level software implementations and variety to your day-to-day routine while allowing you to develop personally and professionally, Deloitte Risk and Financial Advisory's Cyber practice may be the place for you.
Work you'll do
As a part of Cyber Application Security team, you will be part of our SAP practice and will be responsible for steady state maintenance and enhancements of SAP ECC, S/4 HANA Security and SAP GRC Access and Process Control work-areas.
Troubleshooting security access issues, interacting with key functional/business stakeholders for providing a resolution to SAP Security/GRC errors/exceptions
Keeping oneself constantly abreast of the latest advancements on S/4 HANA and other emerging authorization concepts
Knowledgeable on risks associated with application security exposures and solution proposals to eliminate/ minimize risk
Ability to quickly understand and adapt to various role design concepts and deliver in a short period of time
Support and enable junior team members across both technical and management leadership capacities
Provide internal SAP security technical training to Advisory personnel as needed
Support the team on proposals, whitepapers, proof of concepts, technical eminence materials and firm initiatives.
The successful candidate will possess:
Understanding of various SAP authorization concepts catering to SAP ECC, SAP S/4 HANA systems and SAP GRC Access & Process Control (10.x and 12.x)
Experience in Security/GRC activities for minor enhancements and support pack/version upgrades
Extensive experience working on maintenance of GRC master data, running risk analysis, batch job monitoring, audit & compliance support activities (user management controls, access certification, etc.), BRF+ and MSMP workflows maintenance
Understanding on SOX Compliance, SOD and SAP IT General Computer Controls
Understands various compliance requirements that impact security and provide solutions to address them
Knowledge of business process, user provisioning process, and security maintenance processes
Excellent writing and verbal communication skills
Strong project management and organizational skills
The Application Security team provides a holistic approach to privacy, control, and compliance requirements. Leveraging process optimization, automation, service levels, self-service, organizational consolidation, and global centers of excellence, this team services deliver end-to-end solutions that encompass innovation delivery through digital technologies such as robotics and cognitive and mobile apps. This is an unparalleled time of change with new information security challenges arising each day. Our teams bring industry experience, confidence, and technical knowledge to help our clients tackle those unique challenges.
BA/BS Degree is required. Ideally in Computer Science, Cyber Security, Information Security, Engineering, Information Technology.
6+ years' experience in managing SAP security and SAP GRC Access & Process Control for the client's SAP landscape (across development, quality assurance, sandbox, training and production systems)
Ability to travel 50%, on average, based on the work you do and the clients and industries/sectors you serve
US Citizenship required
Previous Consulting or Big 4 experience preferred.
Certifications such as: CISSP, CISM, or CISA certification a plus
Experience working on HANA DB Security as well as understanding of leading practices as it relates to ERP security. Security experience with BW/4 HANA, C/4HANA, SRM, CRM, SCM, HR, SAP Cloud products (SCP, Ariba, Success Factors, Hybris, Concur) will be a plus
Deep expertise working on SAP Fiori authorization concepts - Catalogs, Groups, oData services, etc.
Exposure to SAP Hana Cloud Platform is an added advantage
Experience in configuration and implementation of SAP GRC 10.x Access Control modules. Process Control knowledge will be a plus.
Strong understanding of Segregation of Duties frameworks
Exposure to ticketing tools like ServiceNow, Remedy is a plus
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.