IT Risk and Security Specialist (SAP GRC) at Astron Energy (Pty) Ltd.

Responsible for identifying and implementing the necessary security controls across all SAP systems, thus ensuring that appropriate access and segregation of duties is maintained. They will be responsible for designing, developing and maintaining access rights, aligned to security policies and internal control requirements as well as external regulations. Provides analysis and expertise for access governance related activities involving access entitlement reviews and certification, access procedure development, process improvement, and application/system on-boarding. Ensures that only authorised individuals have access to IT assets.

Key Responsibilities (but not limited to) :

• Responsible for the access management process across all SAP systems
• Track and monitor SOD conflicts and any inappropriate use of IT systems. Escalate immediately where required
• Work with HR to implement, track and monitor all changes required as a result of “Joiner, Mover, Leaver” requirements
• Engage BA’s and domain architects on all teams in terms of matters related to SAP authorisation to ensure a full understanding of the business security requirements from a process and risk perspective.
• Validate legitimacy of requests; ensure proper approvals and execute per the access policies, regulations and procedures
• Develop and maintain user access application inventory
• Distribute access control reports to support periodic reviews
• Provide required Management Information Reports
• Work with business stakeholders and participate in company projects to ensure that on-boarding of new applications is managed in alignment with data governance policies.
• Work with the various architects to provide deep technical SAP advice, to influence the development of integrated solutions
• Work with system or application owners to develop and document new user roles and permissions when needed.
• Develop and implement regular access control process improvements
• Performs security assessments; security authorisation, security planning, security policy development, security training, vulnerability assessments, security controls testing and risk assessments. Required to implement controls, conduct security awareness training, research new security tools and best practices and direct IT teams on how best to protect corporate information assets.
• Review and build awareness of IT security standards and policies on effectiveness
• GRC:- Responsible for all the work flows in GRC access control; SOD risks mitigation and remediation, responsible for UAR and SOD reporting, role uploads and mass roles modifications, responsible for all the GRC activities and authorization issues
• SAP Authorizations: responsible for creating and maintaining security roles and profiles, ensuring users have proper authorization to perform tasks, support SAP projects, document security details for role design and modification procedures, evaluate alternative approaches, prototype as needed, recommend solutions, create and maintain SAP security documentation

Professional Qualification and Certifications:

• Bachelor’s Degree in Computer Science, Information Systems or other related field, or equivalent work experience.

Work Experience: 

• 8 or more years SAP GRC Working Experience
• 5-7 years’ experience gained in the effective design and implementation of SAP security controls and SAP authorisations 

Knowledge and skills:

• Strong knowledge of SAP, GRC, IT infrastructure, applications, business processes and technology supplier community
• Experience in security management, security and network architecture and/or design
• Experience in implementing and maintaining IT security processes
• Experience in creating and reviewing IT security policies for compliance
• Skills and knowledge in data privacy, best practices such as; defence in-depth, least privileges, need-to-know, separation of duties, access controls, encryption
• Security testing experience
• Expertise on SAP GRC Access Control 10.1, Process Control 10.1, Risk Management & policy Management will be added advantage. Good exposure to other Compliance tools will be an advantage.
• Experience in conducting or participating in IT audits across the various areas within the information technology function

Application deadline:

18 July 2023