GRC Functional Consultant

Your Responsibilities:
Global Applications & Development (GA&D) Tech is responsible for development, deployment, business partnering and support of all global business applications including ERP, Workday and myLearning. The ERP programme is driving the transformation of GSK's standard financial, commercial and manufacturing processes to a common SAP software platform, for around 80% of the organisation. We are responsible for delivering GSK's ERP strategy, focused on improving service, transforming the delivery model and simplifying processes.

Global Applications & Development Tech Team
Integrated cross-functional support and delivery organisation. We are a 1,000-strong global organisation, working with many vendor partners, with main operations in the UK, Malaysia & India.
GSK had a large, established SAP landscape that consists of over 27,000 users across 9 landscapes. At the beginning of 2010, the GSK Executive team approved a major ERP implementation programme that will upgrade, standardise and extend the current landscape for its Commercial, Financial and Manufacturing users. GSK's ERP strategy is acknowledged to be one of the most ambitious, globally.

As a GRC Functional Consultant you will:
• Define and drive the realisation of a best in class enterprise SAP security environment.
• Manage the end-to-end operation of the Enterprise SAP GRC solution with a focus on SAP GRC Risk Management and Process Control components.
• Lead technical resources to ensure the delivery of secured application access throughout the organisation.
• Define and drive the future state architectural security roadmap with a focus on automation.
• Defines processes and procedures for monitoring security across all the SAP landscape in support of SOX, GxP, and audit requirements.
• Design and build SAP security monitoring mechanisms.
• Define and track KPIs to measure quality and efficiency of security operations.

Why You?

Basic qualifications:
• Strong expertise in designing and building highly automated SAP security frameworks.
• Proven experience in deploying SAP GRC solutions (10.0 and 10.1) and helping expand and optimise usage.
• Deep knowledge and proven experience in implementing and/or operating SAP GRC Process Control and Risk Management components.
• Ideally, proven experience in deploying SAP Audit Management solution.
• Experience in designing and building automated business rules in SAP Process Control for continuous monitoring purposes including understanding of BRF workbench for complex business rule development.
• Experience in integrating SAP GRC solutions (Risk Management with SAP GRC Process Control and/or SAP Access Control with SAP Process Control).
• SAP Security Audit - experience in analysing issues and conducting remediation activities.
• SAP Penetration Testing and Cyber - ideally experience in conducting Pen Testing and ideally knowledge of SAP Enterprise Threat Detection solution.
• SAP HANA Security - ideally experience in implementing HANA Security.
• Additional experience with SAP Business Objects would be favourable for this role.

Preferred qualifications:
• Knowledge of security framework for SAP Portal.
• Knowledge of security framework for SAP Fiori.
• SAP Virtual Forge - ideally experience in defining security rules/ events.
• SAP Concur and SAP Ariba - ideally experience in designing a security model for role/user management.
• Basic knowledge of ISO 27001, GDPR and SOX.
• Preferably knowledge of Agile project methodology.
• Extensive experience in SAP Security.
• Extensive experience in SAP GRC solutions with emphasis on SAP GRC Risk Management and/or Process Control.


Application End Date 21st Aug 2018

Why GSK?:
GlaxoSmithKline is a science-led global healthcare company that researches and develops a broad range of innovative medicines and brands. We discover, make and market life-enhancing products that are used by millions of people around the world, helping them to do more, feel better and live longer.

Contact information:
You may apply for this position online by selecting the Apply now button.
Important notice to Employment businesses/ Agencies

GSK does not accept referrals from employment businesses and/or employment agencies in respect of the vacancies posted on this site. All employment businesses/agencies are required to contact GSK's commercial and general procurement/human resources department to obtain prior written authorization before referring any candidates to GSK. The obtaining of prior written authorization is a condition precedent to any agreement (verbal or written) between the employment business/ agency and GSK. In the absence of such written authorization being obtained any actions undertaken by the employment business/agency shall be deemed to have been performed without the consent or contractual agreement of GSK. GSK shall therefore not be liable for any fees arising from such actions or any fees arising from any referrals by employment businesses/agencies in respect of the vacancies posted on this site.

Back to top