Summary
The Cyber Security Analyst will work within SRP's Identity and Access Management (IAM) team, with specific focus on securing SRP's ERP applications including BI, ECC, S/4HANA, GRC, Fiori Gateway, Concur, SuccessFactors Employee Central, Payroll, etc.
Successful candidate will be able to apply technical expertise and cyber security best practices to identify opportunities to reduce risk, streamline operations, and improve the user experience. This role involves assisting SAP application users with access requirements and troubleshooting security issues.
What You'll Do
- Facilitate with design, build, test, and deployment of security for production and non-production systems
- Provide well researched, specific, relevant and reasonable input to secure and enable new technology initiatives
- Collaborate with cross functional teams - must have effective communication skills, verbal and written
- Manage SAP security roles and authorizations, ensuring compliance with internal and external audit requirements
- Ensure that account and access management operations occur efficiently and effectively through both automation and manual intervention.
- Facilitate the implementation of IAM solutions, including access governance, role-based access control (RBAC) and single sign-on (SSO) systems/applications
Additional Information
- Role requires participation in department on-call rotation which involves responding to emergency callout during non-business hours, as needed.
- Role requires occasional contact with vendors of software, equipment, and services, and occasional travel to industry organization functions.
- Role requires interaction with confidential data such as payroll, employee, and customer information.
What It Takes To Succeed
- Knowledge of cyber security functions, especially identity and access management
- Ability to identify and implement improvements to the management of cyber accounts and access throughout their lifecycle
- Understanding of IT general controls and ICFR/SOX
- Ability to drive cyber security considerations during the software development lifecycle and technology deployment projects
- Deep understanding of SAP authorization concepts, objects and values for secure access control
- Willingness to constantly learn through industry involvement as well as formal and informal training
- Make decisions quickly, often based on imperfect information
Skills and Responsibilities
- Implement and maintain Access Control for SAP modules, e.g. BI, ECC, S/4HANA, GRC, Fiori Gateway, Concur, SuccessFactors Employee Central, etc.
- Identify and mitigate segregation of duty risks and coordinate remediation or mitigation with necessary user and business partners
- Manage and secure SAP transports across landscapes, ensuring appropriate security in all tiers
- Ensure SAP systems meet regulatory and internal/external audit requirements
- Understand technical constructs to properly secure programs, function modules and interface with SAP technical teams
- Proficiency with SAP GRC modules particularly Access Control to handle Access Requests, Risk Analysis and Role Management
- Configure and manage Firefighter roles and IDs to provide temporary access for critical or emergency tasks
- Conduct regular Access Risk Analysis to identify and address segregation of duties conflicts or other access risk
- Identify and implement new solutions or improvements to existing solutions to reduce risk, increase efficiency, and improve user experience.
Industry security certifications preferred, including CISSP, CISA, CISM, CEH, CPA, CRISC, OSCP, PMP, ITIL, SANS GIAC, SEI-CMMI or SSCP.
Experience
- Promotion to level 2 requires a minimum of two years of experience at level 1; demonstrated capability to perform advanced and more difficult work as determined by the supervisor.
- Promotion to senior level requires a minimum of three-years of experience at level 2; is fully competent in all aspects of functional area of assignment and as such would be recognized as a specialist in area of assignment and may have periodic or occasional lead responsibilities.
Education
Completion of a Bachelor's Degree from an accredited institution that prepares the employee for the assignment.
SRP
Arizona United States
www.srpnet.com