Governance, Risk and Authorisation Analyst at RCL Foods

About the Job

Job Description

• RCL FOODS is on the lookout for an experienced Governance, Risk, and Authorisation Analyst to join our Group Services team.

The purpose of the role is to:

• understand risks exposed to the business if user access is not appropriately provisioned with the correct business role.
• have a good understanding of business processes and be able to convert these to technical specifications.
• analyse the business requirements of the group and configure business roles with the minimum amount of risk exposure to the group.
• advise on business risk mitigation and remediation strategies/controls for risk exposed by the business.
• facilitate user provisioning for access to systems across the group.
• recommend best practices to the group for user access across all key IT & financial systems.

This role will be based at the National Office in Westville and report to the Governance and Authorisation Manager.

Duties & Responsibilities

Governance Risk and Compliance (GRC)

• Analyse and gain an understanding of the Group business requirements for User Access Management, Emergency Access Management, Business Role Management and Access Risk Analysis.
• Identify potential risk to the business for user access (segregation of duties) and business role development.
• Implementing authorised best practice strategies documented in Group blueprints in the GRC space.
• Manage relationships with internal and external stakeholders. Provide risk analysis reports to Internal and external audit.
• Assist Business Process Owners to understand key security and privacy issues, risks, exposures and vulnerabilities using workshops and assessments to develop security business needs.
• Identify identical or similar objects spread across the local systems for enabling best practice around building authorisations.

User Access

• Administer and manage user provisioning and authorisations across the SAP and other ERP technology platforms and key IT Systems
• Maintain access to securable SAP and other ERP resources
• Troubleshoot and resolve security problems/failures for user access.
• Implement and document measures to safeguard the SAP and other ERP operating environments against accidental or unauthorized modification, destruction, or disclosure.
• Developing and updating access control tables for licenses and groupings.
• Ensuring appropriate licence classifications are assigned to users thus preventing any additional costs the group may incur.
• Setting up user logon ids and assigning/resetting/revoking passwords and access.
• Provide user statistics on respective systems (e.g. created users, deleted users, locked users, users not logged in 90 days).
• Understanding of and commitment to internal control.
• Assess risks and controls and identify, construct, and implement opportunities for improvement.
• Act as both SAP and other ERP systems Security, providing troubleshooting and problem resolution while supporting the active user environment.

Business Role and User Management

• Develop, configure, and administer system Security components for all SAP and other ERP applications for the Group
• Proactively engages in automating and streamlining security and the appropriate control processes.
• Manage security administration, role design, and compliance for SAP and other ERP systems and other applications within the group.
• Developing good working relationships with other Managers, Architects, and other Leads across the organisation as well as external consultants, customers, and auditors.
• Work with business owners to identify, define and document business roles.
• Convert business roles to technical roles.
• Build business/technical roles to meet business requirements.
• Analyse and identify risks within these business roles.
• Provide guidance and recommend remediation/ mitigation controls for risks identified within business/technical roles.
• Redesign roles for remediation and advise on technical changes.
• Implement technical changes by building revised roles.
• Design, develop & document mitigation controls for business roles that have risk.
• Investigate opportunities to improve system capabilities based on observed risks or gaps.
• Run monthly risk analysis reports to identify risk exposure to the business.
• Responsible for the day-to-day security administration and maintenance including tasks such as the creation of roles, profiles, IDs, and assigning roles to users.

Policy and Procedure Compliance

• Technical design, development, testing, implementation, support, and documentation of system security around user access, business role management, and risks within a SAP environment and other ERP systems.
• Work with various business and technical teams to build and maintain system security, participate in problem-solving, monitoring/resolving technical incidents, researching and implementing best practice methods for role building, and user access.
• Technical and team member for IT Security within the group.
• Responsible for providing standards for system security.
• Provide guidance and direction to other team members and ensure the technical competency of the team is maintained.

Reporting

• Provide reports, information and technical insight to business managers as and when required.
• Provide advisory services to other business entities that fall into the Rainbow Foods group.
• Provide information for monthly key performance indicators.

Minimum Requirements

Qualification

• Relevant IT/BCom degree or equivalent 3-year diploma
• Strong understanding of Internal Audit with related Internal Audit experience
• Demonstrate thorough knowledge of segregation and associated risk and compliance
• Experience working on SAP or Syspro (Preferable)