Job Description Summary

Job Description

Job Title: Manager- SAP Internal Controls

Job Description Summary:

In this role the identified resource will lead the Internal Controls team and work with others on the GRC and Internal Controls team, will be responsible for assisting in the supporting and extending the BD Global process for Internal Controls Management leveraging SAP GRC Access Controls solution.  Experience required is 10- 13 years. This challenging position requires cross-functional knowledge of business processes, internal controls, and understanding of SAP security design.  He/she brings unique knowledge and experience related to internal controls management, segregation of duties, SOX compliance and SAP GRC and Security expertise to help support the Internal Controls Management global business process.

Job Responsibilities:

Compliant User Provisioning – Assist as SOD SME by evaluating risk within the CUP workflow for any requests as required.  This includes assisting the SOD SME support network and CUP Superusers across the BD locations to help them understand how to support the SAP enrollment process.  Enable SAP users with tools to provide for self-service system enrollment.    

Segregation of Duties - Perform segregation of duties (SoD) and critical access analysis on security roles to identify any inherent SoD conflicts within the design of the roles.  Work with process teams to provide guidance on how to remediate any SoD conflicts to ensure roles are able to be assigned to end users without SoD violations.   Perform SoD analysis/monitoring on end user security assignments and work with BD locations to provide remediation guidance and assist with determination of mitigating controls.   In addition, this role involves working with Internal Audit and External Audit to evaluate the SoD ruleset to ensure the appropriate risks are being covered.

Data management - Understand the data structures for ICM process areas (e.g. segregation of duties ruleset, risks, user groups, etc.) and provide support to help ensure the data is properly established in the SAP Access Controls system. Support the master data maintenance process by ensuring completeness and accuracy (Role master data, Role Owner master data, SOD SMEs).  Perform periodic reviews of master data for timely updates. 

Training/User Support – Provide training to global Super User community to ensure they have the knowledge to effectively support their location.  Update training material as necessary and create new training documents (Business Process Overviews, Business Process Procedures, Manual Process Procedures) for process capabilities. Support SAP user community by responding to requests and resolving issues that arrive via the SIAM Work Catalog items.

Design Governance - Provide support to design governance team to assist in evaluating process change requests submitted by business sites.  Determine if request is consistent with global design and identify alternatives which may be considered.

Security – Evaluate changes to SAP security roles with a focus on good internal controls and analyzing and SoD conflicts or critical access issues.  This includes providing input to the design of the security role (e.g. what SAP t-codes need to be included, etc.) and guidance regarding any segregation of duties conflicts that are detected in the design of the role.  

Documentation - Perform necessary updates to business process documentation which includes user requirements specification (URS).  Provide support to data analytics process by producing and analyzing the metrics used to measure and improve the ICM process.

Compliance – Ongoing interaction with Internal Audit and External Audit to ensure the necessary SOX controls are incorporated into the design.   This activity includes the evaluation of ICM related controls that are part of our global SOX compliance program to ensure they are properly documented, performed, and tested.  Support all aspects of compliance reviews (Quarterly critical access, Annual User Access and Annual SOD). 

Required Knowledge and Technical Skills

• Strong Compliance mindset. Must be having experience in dealing with compliance and regulatory audits (Internal and external)
• Minimum 10-13 years of experience in handling SAP access management.
• Strong SAP GRC knowledge technology and process.
• Technical knowledge of SAP Security Design – including Fiori
• Deep understanding on Risk, Functions, SAP Segregation of Duty risk, Critical access risk.

• Strong communication and documentation skills
• Should be able to lead the team and delivery.
• Training and collaborating among global business teams
• Should be able to drive and work on multiple technology and process improvement initiatives.

Required Skills

Optional Skills

.

Primary Work Location

Additional Locations

Work Shift