Specialist, IT Risk & Compliance

Summary

The Specialist, IT Risk and Compliance is responsible for ensuring the IT Controls are working as designed and Compliance is met. The incumbent is able to interact with internal and external stakeholders and provide support and guidance around IT policies, risk and compliance.

Incumbents are fully qualified to execute job/role accountabilities working independently on most aspects of the job. Work is performed within established professional standards and practices.  Tasks are moderately complex in nature where judgment is required to complete recurring assignments independently and to determine the best methods to follow to complete assignments. Erroneous decisions or failure to achieve results may have a negative impact on the divisions/department’s operations, schedules, and/or performance goals. Works under general Supervision.  Situations not covered by standard processes, procedures and methods are referred to manager or expert resource. May demonstrate work methods to new employees. Builds internal and external relationships, with emphasis on those that facilitate the achievement of job/role accountabilities, such as relationships with key suppliers, customers and internal service.

Detailed Description

Performs tasks such as, but not limited to, the following:

• Participates in evaluation, development, implementation and improvement of specific SAP processes.Supports SAP project implementations.
• Assists in the development documentation and provides training for usage of the system.  
• Participates in SCM system testing, verification of output and impact of related systems.  
• Provides system and process support for assigned projects and processes.  
• Supports daily activities by providing queries, information and data.  
• Works with users to support and solution new business requirements for new processes and system functionality enhancements.
• Maintains responsibility for security access to SAP within the scope of SOX Compliance.  
• Develop and implement audit procedures/plans.  
• Act as liaison to Site and Corporate Business Controls.  Coordinate self-audits/ ISO reviews and participate in cross-functional process reviews.

Responsibilities Include:

• Supporting Access Administration for SAP systems, but not limited to BW4/Hana, ECC, GRC, GTS, PO and Solution Manager
• Technical SAP Role Creation / Modification using PFCG via ServiceNow SLDC requests – Complete Technical Requirements, Coordinate UAT, Ensure Risks are mitigated prior to moving to production
• Maintain SQ00 Query Groups.
• GRC Approval – SAP Access Approval as the Local Security Lead and in certain circumstances as the Role Owner. Complete SOD analysis prior to granting any access in production clients. Mitigate users if necessary.
• Run a Weekly Site SOD report within GRC at site level.
• Be an Advisor for Mitigating Controls working with Business Controls.
• Complete Periodic Self Audits – ID’s must have a corresponding AD entry, ID must match short name, Roles must be job relevant, Inactive ID’s to be removed from system, All employees leaving the company must have their SAP Access Locked and Removed within 48hrs.
• Participate in Annual ID and Role Revalidation process.
• Participate in various Site Audits (Inventory, ISO, Purchasing, SOX as examples).
• Support Annual Physical Inventory activities.
• Assist in coordination of ID and Role Revalidation.
• Ensure purchasing release strategy is implemented for the site in compliance with Policy 1000-1.

Knowledge/Skills/Competencies

• Excellent knowledge of an Electronic Manufacturing Service (EMS) environment.
• High level of knowledge in one or more modules within SAP (examples FICO, MM, PP, SD, QM).
• Good knowledge of IT tools and systems - awareness of new tools and tech.
• Strong knowledge of process and application analysis, design and requirements definition directly related to SAP Security.
• Knowledge of project management process and SAP deployments.
• Ability to identify and resolve complex process/system.
• Ability to evaluate, prioritize and problem solve a variety of tasks to ensure their timely and accurate completion.
• Ability to communicate effectively, both verbally and in writing, with a wide variety of internal and external customers.

Physical Demands

• Duties of this position are performed in a normal office environment.
• Duties may require extended periods of sitting and sustained visual concentration on a computer monitor or on numbers and other detailed data. Repetitive manual movements (e.g., data entry, using a computer mouse, using a calculator, etc.) are frequently required.

Typical Experience

• 3 to 5 years of relevant experience. 

Typical Education

• Bachelors Degree or consideration of an equivalent combination of education and experience. Up to 6 years of experience with IT general controls or/and security best practices. 

• Available security courses around security and compliance. Working towards CISO certification

• Educational Requirements may vary by Geography.

Notes

This job description is not intended to be an exhaustive list of all duties and responsibilities of the position. Employees are held accountable for all duties of the job. Job duties and the % of time identified for any function are subject to change at any time.