Helping create and maintain JHI’s SOX control environment across all in-scope SAP SOX systems.
Overseeing and managing the SAP GRC application to ensure it is fit for purpose for all interested parties’ requirements. This will involve constant collaboration with end users, control owners, information security, and internal audit
Other SAP GRC responsibilities include:
Responsible for operating SoX and ISAE 3402 controls.
Responsible for collaborating with control owners/ control operators to ensure the successful design and operating effectiveness of all SoX and ISAE 3402 controls.
Responsible for ownership of all SoD (Segregation of Duties) processes and collaborating with SoD risk and mitigating control owners to evidence the operation of regular oversight over SoD violations and mitigating actions & follow-up.
Ensuring that all control objectives within the DCT landscape are in place and operating as specified and helping coach control owners on changes that need to be made in the event a control is not operating as expected.
Partnering with internal and external audit to ensure all audit processes are documented, socialized, and adhered to with respect to the Finance and HR platforms
Participating in and facilitating audit activities and partnering with IT Product Owners to drive any remedial actions
Providing subject matter expertise in the SAP Security and GRC space to Internal and External Auditors and responsible for technical oversight, best practice guidance, and point of escalation as needed during project lifecycle, service management, and incident management
Assisting with the frequent reporting and tracking of the SAP SOX controls. Success candidate will have experience in IT internal and external audits and functional experience with SAP and have sound understanding of SOX requirements.
Identifying and implementing best practices to meet audit requirements in a timely manner.
Designing IT testing procedures to identify and evaluate risk exposures in order to determine the efficacy and efficiency of controls.
Carry out additional duties as assigned.
Technical skills and qualifications
Minimum of 5 years working experience in IT Risk Management, SOX compliance, or auditing with a strong background in IT controls.
Bachelor's degree in Computer Science/Information Technology, Accounting or equivalent commensurate experience preferred.
5+ years, working experience with SAP GRC
5+ years’ experience in SAP Security Administration
Strong understanding of Sarbanes-Oxley (SOX) and other regulatory requirements that may impact SAP Security.
Experience developing security solutions that address Sarbanes-Oxley requirements.
Technical knowledge of SAP landscape and roadmap and a good understanding of IT Infrastructure and Information Security functions.
Experience in successful SOX implementation in project and support models and follow-up.
SAP CISA certification preferred.
Effective communication and technical leadership. Candidate must demonstrate a high level of communication skills, both verbal and written
Candidate must be able to mentor and coach other members of the team as well as possess the ability to communicate effectively with technical and business audiences interchangeably.
Strong organisation and planning skills.
Must have the ability to work with limited supervision and exhibit a strong sense of urgency.
Ability to maintain strict adherence to security requirements and policies.
Strong stakeholder management skills across all levels of the business.
Strong conceptual, analytical, problem-solving, troubleshooting, and resolution skills including transaction tracing, issue escalation, and problem diagnosis.
Documentation and presentation skills catered to a diverse technical and business audience.