Logo of Huzzle

Home

Matches

Explore

Manage

Principal - SAP Controls and Compliance - EP&T

image

Haleon

2mo ago

  • Job
    Full-time
    Expert Level
  • IT & Cybersecurity
  • Quick Apply

AI generated summary

  • You need a relevant degree, SAP GRC AC 12.0 cert, 12-15 yrs in SAP Security/GRC, IT SOX experience, team management skills, and proficiency in security tools and project management methodologies.
  • You will assess, test, and monitor IT SOX controls, ensure compliance, manage SAP GRC Access Control, conduct audits, mitigate risks, and lead training sessions while collaborating with auditors and teams.

Requirements

  • Bachelor’s degree in information technology, Computer Science, or related field. Master's degree or relevant professional certifications (e.g., CISA, CRISC, ERP-specific certifications) are preferred.
  • SAP GRC AC 12.0 certification or equivalent.
  • Minimum of 12-15 years of experience in SAP Security, GRC, audit, and compliance.
  • Hands on experience managing IT SOX compliance and Strong understanding and SAP Security concepts, including role design, authorization management, and user provisioning.
  • Experience with SAP S/4 HANA Security, SAP IAG, and other SAP solutions.
  • Proven track record in managing SAP Security and GRC teams, conducting audits, and driving process improvements.
  • Excellent communication, leadership, and stakeholder management skills.
  • Proficiency in project management methodologies such as Scrum, Agile, and outcome-based approaches.
  • Proficiency in various security tools including CyberArk, SailPoint, SAP GRC, Archer, Splunk, and Imperva, with the ability to effectively utilize them in ERP security and compliance activities.

Responsibilities

  • Lead the assessment, documentation, testing, and monitoring of IT SOX controls
  • Collaborate with internal and external auditors during SOX audits, providing required artifacts, and explanations.
  • Ensure that all IT controls related to SOX are appropriately designed and operating effectively.
  • Ensuring proper access controls and segregation of duties (SoD) are maintained.
  • Conduct regular security audits, access reviews, and ensure compliance with internal and external audit requirements.
  • Collaborate with the IT and functional teams to develop and implement security best practices and solutions.
  • Monitor SAP GRC Access Control, including user provisioning, access risk analysis, emergency access management (EAM/Firefighter), and periodic role review processes.
  • Configure and optimize the GRC Access Control tool to improve workflows, monitoring, and reporting for SoD and risk management.
  • Work closely with the audit teams to ensure GRC tool configurations align with organizational policies and regulations such as SOx.
  • Analyze and mitigate SAP security risks through proactive monitoring and reporting.
  • Identify, assess, and document IT-related risks and ensure appropriate mitigating controls are in place.
  • Develop and maintain the IT risk & Control framework, including performing risk assessments and developing remediation plans for any identified gaps.
  • Assist in creating and updating IT policies, procedures, and standards to ensure compliance with SOX and other regulatory requirements.
  • Ensure adherence to company-wide IT compliance policies.
  • Monitor and validate ITGC, including access controls, change management, system operations, and backup/recovery processes.
  • Ensure that Privileged access to systems is properly controlled and monitored.
  • Develop and maintain compliance dashboards, reports, and metrics for senior management.
  • Proactively monitor and report on the effectiveness of controls and provide recommendations for improvements.
  • Provide leadership and guidance in vendor and resource management, budgeting, and technical improvements.
  • Conduct training sessions on SAP Security, GRC, and related topics for team members and stakeholders.
  • Represent in CTO boards for entire Tech Function.

FAQs

What is the primary responsibility of the Principal - SAP Controls and Compliance role?

The primary responsibility of this role is to ensure IT systems comply with SOX (Sarbanes-Oxley) requirements, manage IT-related risks, and implement compliance controls across SAP ERP.

What qualifications are required for this position?

A Bachelor’s degree in information technology, Computer Science, or a related field is required. A Master’s degree or relevant professional certifications (e.g., CISA, CRISC, ERP-specific certifications) are preferred.

How many years of experience are required for the Principal - SAP Controls and Compliance role?

A minimum of 12-15 years of experience in SAP Security, GRC, audit, and compliance is required.

Is experience with SAP S/4 HANA Security necessary?

Yes, experience with SAP S/4 HANA Security, SAP IAG, and other SAP solutions is necessary for this position.

What are the key responsibilities associated with IT SOX Compliance?

Key responsibilities include leading the assessment, documentation, testing, and monitoring of IT SOX controls, collaborating with auditors, ensuring effective control design and operation, and conducting regular security audits.

What kind of skills are important for this role?

Important skills include strong analytical capabilities, attention to detail, excellent communication, leadership, stakeholder management, and proficiency in project management methodologies.

What tools and systems should the candidate be proficient in?

The candidate should be proficient in various security tools including CyberArk, SailPoint, SAP GRC, Archer, Splunk, and Imperva, as well as having a strong understanding of SAP Security concepts.

What is the reporting structure for this role?

This position reports into the Director – ERP Security, Risk and Compliance within Haleon’s CTO organization in the Enterprise Applications function.

Is there an opportunity for training in this role?

Yes, the role includes conducting training sessions on SAP Security, GRC, and related topics for team members and stakeholders.

Does Haleon offer an inclusive work environment?

Yes, Haleon embraces a diverse workforce and creates an inclusive environment that celebrates unique perspectives and promotes fair and equitable outcomes for everyone.

image

Haleon

For Health. With Humanity

Retail & Consumer Goods
Industry
10,001+
Employees
2022
Founded Year

Mission & Purpose

Our purpose is to deliver better everyday health with humanity. #HelloHaleon