SAP Authorisation Administrator II
To administer SAP GRC, design, build, test and maintain authorization roles to meet business requirements, execute the agreed SAP Access Control principles and processes as designed, analyze and manage risks related to SAP authorization and design future authorization concepts for the company.
- 4 years General IT experience
- 2-3 years Security and governance
- 2-3 years SAP GRC
- 2-3 years SAP Authorization
- 2-3 years Experience working in a large corporate environment
To administer SAP GRC
- Perform SAP Basis security administration functions including setup, configuration, testing and maintenance of SAP GRC, security role definition, support of integration with a third party IDM solution for identity and troubleshooting of security and operational issues.
- Lead efforts to leverage GRC toolset and streamline end to end security processes to reduce human error and improve audit process.
- Collaborate with operations and support teams to develop procedures for responding to automated alerts across the SAP infrastructure and application.
To design, build, test and maintain authorization roles to meet business requirements:
- Design, implement and maintain the provisioning processes and workflows based on the requirements from the Business Owners and Business Process Experts -Create, review, and maintain daily operational procedures, task schedules, and documentation to ensure a solid SAP operating environment.
- Testing and transport of the processes and workflows to the Access Control production environment
- Import roles from backend systems and maintain role related information
- Assist with change control and incident response across the SAP environment.
- Support SAP release strategy thru collaboration across SAP development and functional teams ensuring appropriate transport management and release planning.
- Final gatekeeper for approved requests that contain conflicts
- Engaging with Business Process Experts to resolve conflicts in requests
- Exception handling and managing of aged requests
- Manage Super user roles and privileges
- Design, implement and maintain the firefighters and the assignment of their relevant roles
- Testing and transport of the firefighter configuration to the Access Control production environment Initiate firefighter role creation in the underlying SAP systems
- Design, implement and maintain SAP roles and profiles for the system according to industry best practices and standards (e.g. position based roles)
- Trigger organizational alignment to comply with audit and security requirements
To execute the agreed SAP Access Control principles and processes as designed:
- Configuration of the Access Control solution
- Provide support for Business Process Experts, Business Owners and End Users
- Monitor the Access Control solution and ensure smooth operation
- Schedule and monitor background jobs
- Administer User management for SAP Access Control in the SAP User Management Engine
- Engage with Business Process Experts to ensure a high quality ruleset
To analyze and manage risks related to SAP authorization:
- Design, implement and maintain the Access Control rule set, including mitigating controls, based on the requirements from the Business Owners and Business Process Experts
- Testing and transport of the rule set to the Access Control production environment
- Advise developers on proper security mechanisms and controls in SAP processes
- Collaborate with internal security and audit teams to ensure proper controls are in place for SAP roles and authorizations and that ongoing governance is in place and occurring
To design future authorization concepts for the company:
- Conduct research regarding best practice for authorization and access control
- Conduct audit reviews to evaluatethe company environment
- To identify and implement process improvement ideas that reduce the overall time and/or cost to store, retrieve, and report on data critical to the operations of the Delek organization.
- Recommend changes to authorization practices and procedures based on information gathered
- Implement approved changes and adapt authorization processes & rule sets in the SAP environment
Knowledge & Skills:
4-6 years Sap Authorization
2-3 years GRC Knowledge
1-2 years Change Control
Excellent awareness of current trends in application development methodologies