Manager ERP Security
Site Name: India - Karnataka - Bangalore R&D
Posted Date: Dec 4 2019
- At least 10 years of experience in SAP GRC solutions with emphasis on SAP GRC Risk Management and/or Process Control.
- Previous Consulting or Big 4 experience preferred
- Experience developing security solutions that address Sarbanes-Oxley requirements.
- Strong expertise in designing and building highly automated SAP security frameworks.
- Proven experience in deploying SAP GRC solutions (10.x) and helping expand and optimise usage.
- Strong expertise in SAP security design architecture. The candidate should be a subject matter expert in SAP security design, being able to solve complex technical issues.
- Experience in designing and building SAP security monitoring mechanisms at database, operating system and application layers.
- Experience in integrating SAP GRC solutions (SAP Access Control with SAP Process Control).
- SAP Security Audit - experience in analysing issues and conducting remediation activities.
- SAP HANA Security - ideally experience in implementing HANA Security.
- Knowledge of security framework for SAP Portal and SAP Fiori will be a plus.
- Basic knowledge of ISO 27001, GDPR and SOX.
- Preferably knowledge of Agile project methodology.
- Experienced leader of people, able to engage, inspire and manage the ERP Team both on and offshore as well as influencing and communicating with various internal stakeholders within this wide-reaching business and at all levels.
- Experience of project management or service delivery background & ideally with experience working within a large, rapid organization who aspire to push boundaries and standards to achieve their goals.
- Security focused with ability to deliver at a fast pace environment and the ability to recognize, utilize and grow the existing talent and expertise within the team to successful, and industry leading service delivery.
Minimum Level of Education Required
- Graduate in related discipline or equivalent experience.
- ITIL Foundation Certification
Preferred Level of Education
- CISA, SAP Certified Technology Professional (System Security with SAP NetWeaver), ITIL Certification, CISM will be a plus.
• Day to day management of the team (direct & indirect reports) to provision user access in the ERP applications using the respective ticketing system.
• Responsible for designing, documenting standards and procedures for SAP user administration, outlining security creation and maintenance
• Responsible for the approval of designs for new ERP security roles
• Responsible for supporting the SAP security and authorization environment. This includes support for all security roles, profiles, Portal groups and detailed knowledge of Profile Generator within the SAP systems.
• Engage with the wider business obtaining role build requirements
• Provide detailed process improvement ideas
• Responsible for identifying, reporting and managing to resolution any non-compliances with mySAP security policy, coordinating the actions of Business users, the service provider and Controls and Compliance team Execute and maintain ERP security controls.
• Work with the internal Controls and Compliance team to support SOX compliance in relation to General IT Controls over the SAP landscape.
• Responsible for responding to, and acting on, compliance related issues, including those raised by internal and external audit
• Drive innovation within the area of mySAP security and controls, with a view to optimizing the control environment to enhance the security of our mySAP landscape
• Work closely with our Information Services team around technical activity and contract management, supporting in BAU and on a project basis as required including supporting new ERP platform implementations as required
• To ensure all activities that are completed in the system are fully auditable
• Provide periodic reports to the Head of ERP Security
• Develop relationships with stakeholders within the business
• Provide support for incidents relating to ERP Security
Develop areas for improving the current processes
Our goal is to be one of the world's most innovative, best performing and trusted healthcare companies. We believe that we all bring something unique to GSK and when we combine our knowledge, experiences and styles together, the impact is incredible. Come join our adventure at GSK where you will be inspired to do your best work for our patients and consumers. A place where you can be you, feel good and keep growing.
Important notice to Employment businesses/ Agencies
GSK does not accept referrals from employment businesses and/or employment agencies in respect of the vacancies posted on this site. All employment businesses/agencies are required to contact GSK's commercial and general procurement/human resources department to obtain prior written authorization before referring any candidates to GSK. The obtaining of prior written authorization is a condition precedent to any agreement (verbal or written) between the employment business/ agency and GSK. In the absence of such written authorization being obtained any actions undertaken by the employment business/agency shall be deemed to have been performed without the consent or contractual agreement of GSK. GSK shall therefore not be liable for any fees arising from such actions or any fees arising from any referrals by employment businesses/agencies in respect of the vacancies posted on this site.
It has come to our attention that the names of GlaxoSmithKline or GSK or our group companies are being used in connection with bogus job advertisements or through unsolicited emails asking candidates to make some payments for recruitment opportunities and interview. Please be advised that such advertisements and emails are not connected with the GlaxoSmithKline group in any way.
GlaxoSmithKline does not charge any fee whatsoever for recruitment process. Please do not make payments to any individuals / entities in connection with recruitment with any GlaxoSmithKilne (or GSK) group company at any worldwide location. Even if they claim that the money is refundable.
If you come across unsolicited email from email addresses not ending in gsk.com or job advertisements which state that you should contact an email address that does not end in "gsk.com", you should disregard the same and inform us by emailing firstname.lastname@example.org, so that we can confirm to you if the job is genuine.
Back to top