Sap Grc Ac Functional Consultant

3+ months agoBangalore, India

Site Name: India - Karnataka - Bengaluru
Posted Date: Dec 4 2019

  • Minimum Experience
  • At least 10 years of experience in SAP Security & GRC Access Control solutions.
  • Previous Consulting or Big 4 experience preferred
  • Experience developing security solutions that address Sarbanes-Oxley requirements.
  • Strong expertise in designing and building highly automated SAP security frameworks.
  • Proven experience in deploying SAP GRC solutions (10.x) and helping expand and optimise usage.
  • Strong expertise in SAP security design architecture. The candidate should be a subject matter expert in SAP security design, being able to solve complex technical issues.
  • Experience in integrating SAP GRC solutions (SAP Access Control with SAP Process Control).
  • SAP Security Audit - experience in analysing issues and conducting remediation activities.
  • SAP HANA Security - ideally experience in implementing HANA Security.
  • Knowledge of security framework for SAP Portal and SAP Fiori will be a plus.
  • Basic knowledge of ISO 27001, GDPR and SOX.
  • Preferably knowledge of Agile project methodology.
  • Experience of project management or service delivery background & ideally with experience working within a large, rapid organization who aspire to push boundaries and standards to achieve their goals.
Minimum Level of Education Required
  • Graduate in related discipline or equivalent experience.
  • ITIL Foundation Certification
Preferred Level of Education
  • CISA, SAP Certified Technology Professional (System Security with SAP NetWeaver), ITIL Expert Certification, CISM will be a plus.
Key Responsibilities:
  • Define and drive the realisation of best-in-class enterprise SAP security and access management environment.
  • Manage the end-to-end operation of the Enterprise SAP GRC solution with a focus on SAP GRC Access Control components.
  • Defines processes and procedures for monitoring security across all the SAP landscape in support of SOX, GxP, and audit requirements.
  • Responsible for designing, documenting standards and procedures for SAP user administration, outlining security design and maintenance
  • Define and track KPIs to measure quality and efficiency of security operations.
  • Develop relationships with stakeholders within the business & engage with the wider business for obtaining role build requirements
  • Provide detailed process improvement ideas
  • Responsible for identifying, reporting and managing to resolution any non-compliances with mySAP security policy, coordinating the actions of Business users, the service provider and Controls and Compliance team Execute and maintain ERP security controls.
  • Work with the internal Controls and Compliance team to support SOX compliance in relation to General IT Controls over the SAP landscape. Responsible for responding to, and acting on, compliance related issues, including those raised by internal and external audit
  • Drive innovation within the area of mySAP security and controls, with a view to optimizing the control environment to enhance the security of our mySAP landscape
  • Work closely with our Information Services team around technical activity and contract management, supporting in BAU and on a project basis as required including supporting new ERP platform implementations as required
Provide periodic reports to the Head of ERP Security & provide support for incidents relating to ERP Security


Our goal is to be one of the world's most innovative, best performing and trusted healthcare companies. We believe that we all bring something unique to GSK and when we combine our knowledge, experiences and styles together, the impact is incredible. Come join our adventure at GSK where you will be inspired to do your best work for our patients and consumers. A place where you can be you, feel good and keep growing.

Important notice to Employment businesses/ Agencies

GSK does not accept referrals from employment businesses and/or employment agencies in respect of the vacancies posted on this site. All employment businesses/agencies are required to contact GSK's commercial and general procurement/human resources department to obtain prior written authorization before referring any candidates to GSK. The obtaining of prior written authorization is a condition precedent to any agreement (verbal or written) between the employment business/ agency and GSK. In the absence of such written authorization being obtained any actions undertaken by the employment business/agency shall be deemed to have been performed without the consent or contractual agreement of GSK. GSK shall therefore not be liable for any fees arising from such actions or any fees arising from any referrals by employment businesses/agencies in respect of the vacancies posted on this site.

It has come to our attention that the names of GlaxoSmithKline or GSK or our group companies are being used in connection with bogus job advertisements or through unsolicited emails asking candidates to make some payments for recruitment opportunities and interview. Please be advised that such advertisements and emails are not connected with the GlaxoSmithKline group in any way.

GlaxoSmithKline does not charge any fee whatsoever for recruitment process. Please do not make payments to any individuals / entities in connection with recruitment with any GlaxoSmithKilne (or GSK) group company at any worldwide location. Even if they claim that the money is refundable.

If you come across unsolicited email from email addresses not ending in or job advertisements which state that you should contact an email address that does not end in "", you should disregard the same and inform us by emailing, so that we can confirm to you if the job is genuine.

Job ID: glaxo-229209-en-us