Job Description
The Position
The SAP Security and GRC Specialist is responsible for the administration, configuration, and support of SAP security and GRC (Governance, Risk, and Compliance) Access Control. This role ensures the security of SAP systems, compliance with internal and external regulations, and effective risk management. The specialist will work closely with various stakeholders to implement and maintain security policies, manage access controls, and oversee GRC activities within the SAP landscape.
Responsibilities
1. SAP Security & GRC Administration
* User Management: Administer SAP user accounts, roles, and authorizations. Ensure that users have appropriate access levels based on their roles and responsibilities.
* Role Design: Design and implement SAP roles and authorizations to align with business processes and security policies.
* Security Configuration: Configure and maintain security settings in SAP systems, including single sign-on (SSO), encryption, and other security features.
* Audit and Monitoring: Perform regular security audits, monitor for suspicious activities, and address any security vulnerabilities or breaches.
* GRC Configuration: Configure and maintain SAP GRC modules, including Access Control and plus to have process controls.
* Compliance Management: Ensure that SAP systems and processes comply with relevant regulations and standards (e.g., SOX, GDPR).
* Risk Assessment: Conduct risk assessments and manage risk mitigation activities within SAP environments.
* Audit Support: Assist in internal and external audits by providing necessary documentation and reports related to SAP security and compliance.
*
2. Incident Management
* Incident Response: Respond to and investigate security incidents and coordinating with other IT teams, as necessary.
* Resolution: Implement corrective actions to address security issues and prevent future occurrences.
3. Documentation and Reporting
* Documentation: Maintain comprehensive documentation of security configurations, policies, procedures, and compliance requirements.
* Reporting: Generate and present reports on security status, compliance metrics, and risk assessments to management and stakeholders.
4. Collaboration and Support
* Stakeholder Interaction: Work closely with business units, IT teams, and external vendors to understand requirements and ensure effective security and compliance measures.
* Training: Provide training and support to end-users and IT staff on SAP security best practices and GRC processes.
* Leadership: Able to work with operation and project consultants for day-to-day tasks and be there to cover as needed.
5. Continuous Improvement
* Best Practices: Stay updated on the latest trends and best practices in SAP security and GRC. Propose and implement improvements to enhance security and compliance posture.
* Tool Enhancement: Evaluate and recommend tools and technologies to improve SAP security and GRC processes.
Required Education, Experience, and Skills
Education:
* Bachelor’s degree in computer science, Information Technology, Cybersecurity OR at least 8 years of related field experience.
* Relevant certifications are a plus (e.g., SAP Certified Technology Associate, CISM, CISA).
Experience:
Years of Experience:
* At least 5 years of experience in SAP security and GRC roles
* At least 1 full SAP implementation with hands-on technical experience.
* Experience with SAP Modules: Hands-on technical experience with SAP S/4 HANA with embedded (Fiori, MDG, Group reporting etc.), BW/4 HANA, IBP, ARIBA, SAC, HANA DB, BTP (Business Technology Platform), SAP GRC Access Control 12.0x or IAG (Identity, Access & Governance)
* Security Tools: Familiarity with security and compliance tools and technologies.
*
Skills:
* Technical Skills: Strong knowledge of SAP security configuration, user roles, and authorizations. Experience with SAP GRC modules, risk management, and compliance practices.
* Analytical Skills: Ability to analyze complex security and compliance issues and develop effective solutions.
Preferred Skills:
Personal Attributes:
* Detail-oriented and organized with the ability to manage multiple tasks and projects.
* Strong ethical standards and a commitment to maintaining high levels of security and compliance.
* Communication: Excellent verbal and written communication skills. Ability to interact with various stakeholders effectively.\
* Problem-Solving: Strong problem-solving skills with a proactive approach to security and compliance challenges.
* Ideal to have big4 experience (EY, PWC, KPMG, Deloitte,)
* Background in pharmaceutical industry preferred and / or experience in a public global organization
Working Conditions
* Hybrid role
* Travel: Occasional travel may be required for training, meetings, or project implementations.
Secondary Job Description
Who We Are:
Organon delivers ingenious health solutions that enable people to live their best lives. We are a $6.5 billion global healthcare company focused on making a world of difference for women, their families and the communities they care for. We have an important portfolio and are growing it by investing in the unmet needs of Women’s Health, expanding access to leading biosimilars and touching lives with a diverse and trusted portfolio of health solutions. Our Vision is clear: A better and healthier every day for every woman.
As an equal opportunity employer, we welcome applications from candidates with a diverse background. We are committed to creating an inclusive environment for all our applicants.
Annualized Salary Range
Annualized Salary Range (Global)
Annualized Salary Range (Canada)
Please Note: Pay ranges are specific to local market and therefore vary from country to country.
Employee Status:
Regular
Relocation:
No relocation
VISA Sponsorship:
No
Travel Requirements: Organon employees must be able to satisfy all applicable travel and credentialing requirements, including associated vaccination prerequisites
10%
Flexible Work Arrangements:
Flex Time, Telecommuting, Work Week
Shift:
Valid Driving License:
Hazardous Material(s):
Number of Openings:
1