SAP Security & GRC Solution Sr. Consultant/Solution Delivery Lead

Cyber | Cyber & Strategic Risk
Same job available in 33 locations

Arlington, Virginia, United States

Atlanta, Georgia, United States

Austin, Texas, United States

Boston, Massachusetts, United States

Charlotte, North Carolina, United States

Chicago, Illinois, United States

Cincinnati, Ohio, United States

Cleveland, Ohio, United States

Columbus, Ohio, United States

Dallas, Texas, United States

Ft. Lauderdale, Florida, United States

Glen Mills, Pennsylvania, United States

Harrisburg, Pennsylvania, United States

Houston, Texas, United States

Indianapolis, Indiana, United States

Jacksonville, Florida, United States

Kansas City, Missouri, United States

McLean, Virginia, United States

Mechanicsburg, Pennsylvania, United States

Miami, Florida, United States

Milwaukee, Wisconsin, United States

Oklahoma City, Oklahoma, United States

Orlando, Florida, United States

Parsippany, New Jersey, United States

Philadelphia, Pennsylvania, United States

Pittsburgh, Pennsylvania, United States

Raleigh, North Carolina, United States

Richmond, Virginia, United States

Rosslyn, Virginia, United States

San Antonio, Texas, United States

Tampa, Florida, United States

Tulsa, Oklahoma, United States

Washington, District of Columbia, United States

Position Summary

Senior Consultant – Application Security - SAP Security and GRC

Unanticipated risks have great consequences for clients. That’s especially true today as new risks and complexities brought on by regulatory mandates, rapidly evolving technologies, and the digitalization of business operations are disrupting traditional business models. Deloitte Risk and Financial Advisory’s Hybrid-Operate teams deliver next-generation managed services and advanced technology products to help organizations solve complex problems on a long-term basis. Teams do this by bringing together advanced analytics, robust domain knowledge and experience, and strong technology products to help clients monitor, manage, and measure their operational environment for risk.

If you are seeking a role that within enterprise-level software implementations and variety to your day-to-day routine while allowing you to develop personally and professionally, Deloitte Risk and Financial Advisory’s Cyber practice may be the place for you.

Work you’ll do

As a part of Cyber Application Security team, you will be part of our SAP practice and will be responsible for steady state maintenance and enhancements of SAP ECC, S/4 HANA Security and SAP GRC Access and Process Control work-areas.

  • Troubleshooting security access issues, interacting with key functional/business stakeholders for providing a resolution to SAP Security/GRC errors/exceptions
  • Keeping oneself constantly abreast of the latest advancements on S/4 HANA and other emerging authorization concepts
  • Knowledgeable on risks associated with application security exposures and solution proposals to eliminate/ minimize risk
  • Ability to quickly understand and adapt to various role design concepts and deliver in a short period of time
  • Support and enable junior team members across both technical and management leadership capacities
  • Provide internal SAP security technical training to Advisory personnel as needed
  • Support the team on proposals, whitepapers, proof of concepts, technical eminence materials and firm initiatives. 

The successful candidate will possess:

  • Understanding of various SAP authorization concepts catering to SAP ECC, SAP S/4 HANA systems and SAP GRC Access & Process Control (10.x and 12.x)
  • Experience in Security/GRC activities for minor enhancements and support pack/version upgrades
  • Extensive experience working on maintenance of GRC master data, running risk analysis, batch job monitoring, audit & compliance support activities (user management controls, access certification, etc.), BRF+ and MSMP workflows maintenance
  • Understanding on SOX Compliance, SOD and SAP IT General Computer Controls
  • Understands various compliance requirements that impact security and provide solutions to address them
  • Knowledge of business process, user provisioning process, and security maintenance processes
  • Excellent writing and verbal communication skills
  • Strong project management and organizational skills

The team

The Application Security team provides a holistic approach to privacy, control, and compliance requirements. Leveraging process optimization, automation, service levels, self-service, organizational consolidation, and global centers of excellence, this team services deliver end-to-end solutions that encompass innovation delivery through digital technologies such as robotics and cognitive and mobile apps. This is an unparalleled time of change with new information security challenges arising each day. Our teams bring industry experience, confidence, and technical knowledge to help our clients tackle those unique challenges. 

Required Qualifications

  • BA/BS Degree is required. Ideally in Computer Science, Cyber Security, Information Security, Engineering, Information Technology.
  • 6+ years’ experience in managing SAP security and SAP GRC Access & Process Control for the client’s SAP landscape (across development, quality assurance, sandbox, training and production systems)
  • Ability to travel 50%, on average, based on the work you do and the clients and industries/sectors you serve
  • US Citizenship required

 Preferred:

  • Previous Consulting or Big 4 experience preferred.
  • Certifications such as: CISSP, CISM, or CISA certification a plus
  • Experience working on HANA DB Security as well as understanding of leading practices as it relates to ERP security. Security experience with BW/4 HANA, C/4HANA, SRM, CRM, SCM, HR, SAP Cloud products (SCP, Ariba, Success Factors, Hybris, Concur) will be a plus
  • Deep expertise working on SAP Fiori authorization concepts – Catalogs, Groups, oData services, etc. 
  • Exposure to SAP Hana Cloud Platform is an added advantage
  • Experience in configuration and implementation of SAP GRC 10.x Access Control modules. Process Control knowledge will be a plus.
  • Strong understanding of Segregation of Duties frameworks
  • Exposure to ticketing tools like ServiceNow, Remedy is a plus

 

Our people and culture

Our diverse, equitable, and inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our client most complex challenges. This makes Deloitte one of the most rewarding places to work. Learn more about our inclusive culture.

Professional development

From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to build new skills, take on leadership opportunities and connect and grow through mentorship. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career.


As used in this posting, "Deloitte Advisory" means Deloitte & Touche LLP, which provides audit and enterprise risk services; Deloitte Financial Advisory Services LLP, which provides forensic, dispute, and other consulting services; and its affiliate, Deloitte Transactions and Business Analytics LLP, which provides a wide range of advisory and analytics services. Deloitte Transactions and Business Analytics LLP is not a certified public accounting firm. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. These entities are separate subsidiaries of Deloitte LLP.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.

Requisition code: 109475

SCAM ALERT

Caution against fraudulent job offers!

We have been informed of instances where jobseekers are led to believe of fictitious job opportunities with Deloitte US (“Deloitte”). In one or more such cases, false promises of actual or potential selection, or initiation or completion of the recruitment formalities appear to have been or are being made. Some jobseekers appear to have been asked to pay money to specified bank accounts of individuals or entities as a condition of their selection for a ‘job’ with Deloitte. These individuals or entities are in no way connected with Deloitte and do not represent or otherwise act on behalf of Deloitte.

We would like to clarify that:

  • At Deloitte, ethics and integrity are fundamental and not negotiable.
  • We are against corruption and neither offer bribes nor accept them, nor induce or permit any other party to make or receive bribes on our behalf.
  • We have not authorized any party or person to collect any money from jobseekers in any form whatsoever for promises of getting jobs in Deloitte.
  • We consider candidates on merit and that we provide an equal opportunity to eligible applicants.
  • No one other than designated Deloitte personnel (e.g., a Deloitte recruiter or Deloitte hiring partner) is permitted to extend any job offer from Deloitte.

Anyone who at any time has made or makes any payment to any party in exchange for promises of job or selection for a job with Deloitte or any matter related to this (including those for ‘registration’, ‘verification’ or ‘security deposit’) or otherwise engages with any such person who has made or makes fraudulent promises or offers, does so (or has done so) entirely at their own risk. Deloitte takes no responsibility or liability for any such unauthorized or fraudulent actions or engagements. We encourage jobseekers to exercise caution.