Norton Rose Fulbright Careers
Job Description
SAP Access and Control Security Lead
Job Location
Johannesburg
Practice Group/Department
Information Technology
Role
Business Services
Job Title
SAP Access and Control Security Lead
Work Type
Full Time
Description
SAP Access and Control Security Lead
Job description
NRF implemented SAP as a global practice management and finance
solution for 3 regions - EMEA (Europe, Middle East and Asia), the US
and Canada. Since then NRF Global IT has been working on a number of
initiatives to deliver improvements to the system and roll out the SAP
solution to new NRF offices. This work continues to expand in order to
meet the business demand, to deliver further enhancements and
integrate the existing solution with new systems introduced in the
wider business areas.
The Team
In Febuary 2021 the SAP Centre
internal team was formed. This was to establish an internal team of
SAP Technical and Functional SMEs and associated functions. The
primary objective of this team is establishing best practice SAP
solutions to satisfy the business requirements. The team work
closely with the NRF Global Process Owners (who facilitate the
business requirements and priority) and the technical delivery team
which includes 3
rd
party IT vendors. The team has a
global remit and will be required to work across different time
zones to meet the business needs and utilize all the available
communication tools.
The Role
The SAP Access and Control Security
Lead is expected to provide technical expertise and organizational
support in the SAP GRC, Authorizations, Organizational structure,
Maintenance, Risk and Compliance Areas.
Responsibilities for the role
include, but are not limited to:
-
Create and maintain SAP Authorization
roles as per business requirements ahdering to the role
methodology implemented in the Norton Rose Fulbright Business
systems (ECC, Gateway/Fiori, Enterprise Portal, Process
Orchestration, BW, GRC and Solution Manager).
-
Maintain the SAP GRC System across all
the modules implemented, including Access Control.
-
Directly or indirectly create, change,
or delete users on the SAP Business Systems according to Joiners,
Movers, Leaver's information, and other sources of information.
-
Perform authorization's role assignment
(direct or indirect).
-
Maintain the Access Control Ruleset to
identify key access controls in conjunction with the business.
-
Define and maintain an Access Risk and
Control Strategy for Norton Rose Fulbright in conjunction with the
various business stakeholders
-
Manage the 3rd party vendor to deliver
SAP Authorisations and SAP GRC technology implementations
-
Perform Access Risk Analysis and liaise
with the relevant Business Partners to remediate reported risks
-
Perform periodic Access Risk reporting
to provide evidence of compliance to external and internal
stakeholders including audits
-
Systems monitoring and resolving GRC and
authorizations related issues across the system landscape
-
End-user support for any authorizations
related issues
-
Execute ticket resolution according to
Standard Operating Procedures, SLA's and audit output
-
Identify continuous business improvement
and automation opportunities in the SAP GRC and Authorizations
environments, converting them into projects, and lead/assist the
implementation
-
Periodic consistency checks to ensure
user master data integrity, compliance to the authorizations
concept and methodology.
-
Liaise with external consultants on
support cases and projects where necessary
-
Document and maintain documentation
relating to the SAP Authorizations methodology as implemented by
Norton Rose Fulbright.
-
Other duties as required by NRF
Global IT team.
Required technical & specialist knowledge:
Mandatory
- Valid certification for SAP Authorizations or Governance, Risk and
Compliance Experience.
-
Minimum of 7 years' experience in
building SAP Authorizations roles using SAP Best Practise.
-
Minimum of 7 years' experience in
maintaining SAP GRC systems Access Control.
-
Good knowledge of SAP Authorizations
objects and application thereof in the business environment.
-
Excellent knowledge of SAP Business
Systems, application of role-based authorizations, GRC System and
Access Control ruleset maintenance.
-
Good knowledge of Risk and Compliance Processes.
-
Proven experience working with project
teams and SAP functional teams with significant integration requirements.
-
Effective customer-facing verbal and
written communication skills, with ability to bring across
abstract concepts and build rapport with the business to ensure
positive results in a multi-stakeholder organization.
-
Excellent Excel skills.
-
Structured, efficient and
self-organizing skills.
-
Experience in managing multiple SAP audits.
-
Understanding and knowledge of
applications support and operations.
-
Full SAP life cycle implementation
experience on projects i.e. requirement gathering, architectural
design, technical role build and test (PFCG), technical design
documentation, realisation.
-
Expert understanding of SAP SU24 objects
and values in roles.
-
Able to create / map Fiori catalogs /
groups and allocate to a user role.
-
Experience, knowledge and understanding
of user provisioning, role mapping and access governance.
Nice to have
-
Exposure to S4/HANA
-
Experience of SAP HANA DB
-
Exposure to Workday
-
Integration of Service Now to SAP
-
Experience of using Solman
Competencies:
- Self-starter with the proven ability to multitask and work under pressure
- Excellent oral and written communication skills with strong
attention to detail
- Flexible approach to working hours and travel
- Dynamic, positive and committed, keen to demonstrate initiative
- Dedication and openness to change and learning
- Ability to take ownership, accountability and resolution abilities
- Willingness to work as a member of and influence the global team
- Customer centric and results driven
Apply
Not currently receiving applications. For agency users and internal applicant, please login.