08 - Specialist, IT Solutions

General Overview

Functional Area:  Information Technology (ITM)
Career Stream:  IT Solutions (SOLN)
Role:  Specialist (SPE)
Job Title: Specialist, IT Solutions 
Job Code:  SPE-ITM-SOLN
Job Level:  Band 8
Direct/Indirect Indicator:  Indirect

Summary

The Specialist, IT Solutions within the SAP Security Team is responsible for ensuring the SAP Access is assigned in a controlled manner as designed and compliance is met. The individual will be responsible for supporting process improvements within the team’s own initiatives as well as both internal and external projects. The incumbent is able to interact with internal stakeholders and provide support and guidance on SAP Access. Incumbents are fully qualified to execute job/role accountabilities working independently on most aspects of the job. Work is performed within established professional standards and practices.  Tasks are moderately complex in nature where judgment is required to complete recurring assignments independently and to determine the best methods to follow to complete assignments. Erroneous decisions or failure to achieve results may have a negative impact on the divisions/department’s operations, schedules, and/or performance goals. Works under general Supervision.  Situations not covered by standard processes, procedures and methods are referred to manager or expert resource. May demonstrate work methods to new employees. Builds internal and external relationships, with emphasis on those that facilitate the achievement of job/role accountabilities, such as relationships with key suppliers, customers and internal service.

Detailed Description

Performs tasks such as, but not limited to, the following:

• Supports SAP project implementations including Blue Print, Technical Documentation and
  Training, SIT, UAT, Cutover, as well as Risk Management
   Participates in evaluation, development, implementation and improvements of specific SAP
  related processes.
   Assists in the development documentation and provides training to end users of SAP
  Applications.  
   Support daily activities including user access reviews, risk remediation (Segregation of
  Duties SOD and Critical Transactions).  
   Works with users to support and solution new business requirements for new processes and
  system functionality enhancements.
   Maintains responsibility for security access to SAP within the scope of various compliance
  requirements.  
   Develop and implement audit procedures/plans.  
   Act as liaison to Site and Corporate Business Controls. Coordinate self-audits/ ISO reviews
  and participate in cross-functional process reviews.

Responsibilities Include:

Authorization Development
 Each system has a unique role design and format, design the role accordingly
 Verify requirement with the business owners
 Maintain design specification documentation for each role (blueprint)
 All new transactions are reviewed by SAP Security and Internal Audit Management
 Ensure role is SOD free (with few exceptions) and no impact to existing users
 Sign off and forward requirement to development team
 Verification of the development
 Coordinate UAT
 Verify development after move to production
Emergency Access Management (GRC EAM / Fire Fighter)
 Setup EAM users and audit log approvers
 Provide training to EAM users and controllers, ensure training record signed off for Health
Tech
 Streamline the process to facilitate IT governance using best practices
 Continuous monitoring to drive compliance as per policy

GRC SOD/CA Controls
 Update SOD and Critical Transaction rule set per business via ServiceNow
 Provide regular SOD and Critical Action reports to sites, business controls and IT
governance teams
 Load mitigation control provided by the business into GRC
 Conduct annual review of Rule Set changes
 Conduct annual mitigating control review
 Conduct quarterly review of users tied to mitigating controls
 Run weekly SOD and Critical Transaction reports
 Review weekly SOD reports and actively work to reduce the risks by working with the
business to remove access and/or modify assigned roles
 Be an Advisor for Mitigating Controls working with Business Controls, Site IT and Process

Knowledge/Skills/Competencies

Excellent knowledge of an Electronic Manufacturing Service (EMS) environment. Hands on
as a process owner or lead within the manufacturing area is an asset.
High level of knowledge in one or more modules within SAP (examples FICO, MM, PP, SD,
QM).
Excellent knowledge of IT tools and systems relating to Access Control. Awareness of new
tools and tech.
Strong knowledge of process and application analysis, design and requirements definition
directly related to SAP Security.
Knowledge of project management process and SAP deployments.
Ability to deploy SAP Access for new Org structure for new site locations.
Ability to troubleshoot PR/PO release issues.
Ability to identify and resolve complex process/system.
Ability to evaluate, prioritize and problem solve a variety of tasks to ensure their timely and
accurate completion.
Ability to communicate effectively, both verbally and in writing, with a wide variety of internal
and external customers.

Physical Demands

• Duties of this position are performed in a normal office environment.
• Duties may require extended periods of sitting and sustained visual concentration on a computer monitor or on numbers and other detailed data. Repetitive manual movements (e.g., data entry, using a computer mouse, using a calculator, etc.) are frequently required.

Typical Experience

• 3 to 5 years; Experience in similar roles

Typical Education

Bachelors Degree or consideration of an equivalent combination of education and
experience. Up to 6 years of experience with IT general controls or/and security best
practices. 
Available security courses around security and compliance. Working towards CISO
certification
Educational Requirements may vary by Geography.

Notes

This job description is not intended to be an exhaustive list of all duties and responsibilities of the position. Employees are held accountable for all duties of the job. Job duties and the % of time identified for any function are subject to change at any time.