The firm has an exceptional career opportunity for SAP security risk & controls Manager to join our Risk Advisory Services (RAS) practice in the Chicago office. Our RAS practice is rapidly expanding across the Great Lakes, We are looking for quality talent to assist in servicing our new and existing clients. This position is a new addition to our IT risk advisory team due to the rapid growth we are experiencing.
The SAP security risk & controls Manager would be in our Great Lakes IT risk practice, and would be a regional ERP champion reporting into our national ERP IT Risk Advisory practice to help improve our SAP risk methodology and to develop and provide SAP training to others.
The SAP security risk & controls Manager will be responsible for either performing or supervising SAP related IT risk engagements, including segregation of duties assessments or rule designs for SAP GRC tools, for both the Assurance and Advisory practices of the firm. The SAP security risk & controls Manager will at times, also manage non-SAP ERP engagements within the Great Lakes, with other ERP champion SME's.
Our IT Risk consultants provide advice to CEO's, CFO's, CRO's, CIO's and Boards of Directors on how to understand and adhere to changing regulatory compliance requirements. Our in-depth industry experience and collaborative approach assures our clients have solutions that help them minimize risk while maximizing opportunities for growth.
Specific Duties and Responsibilities:
- Help improve or design SAP IT audit work programs and lead the engagement teams to perform controls testing, or other related SAP risk activities such as SAP security, SAP segregation of duties, SAP business automated controls, SAP implementation risk assessments
- Use of SAP analytics to assess controls failure exposure. Provide improvement recommendations to clients related to SAP risk, security, and controls. Effectively communicate issues to the client.
- Provide possible solutions to clients based on control gaps or deficiencies or SAP controls functionality not being leveraged by the client
- Perform or supervise non-SAP IT risk related engagements such as IT audits, IT risk assessments, segregation of duties assessments, etc.
- Assist with ERP related business development activities within the Great Lakes including research, responses to RFPs, networking via local chapters of ISACA and other events, attending sales meetings with client
- Provide on-the-job training covering SAP security risk & controls to staff
- Ability to identify and escalate engagement risk issues internally
- Flexible to travel within the Great Lakes and possibly nationally, and overnight depending on client locations
- Demonstrated knowledge of auditing SAP ITGCs including basis and security
- Demonstrated knowledge of auditing SAP security role design and understanding of how to audit it
- Demonstrated knowledge of auditing SAP automated business controls
- Demonstrated knowledge of using SAP GRC tools, such as SAP GRC, Approva, ERP Maestro or other SAP ERP controls monitoring tools to perform rule designs or assessments or audits
- Minimum of 5 years' experience in performing IT audits or IT risk assessments
- Minimum of at least 4 years in a supervisory or management level role
- Minimum of 5 years' experience in the SAP security risk & controls auditing or experience with SAP implementations designing SAP security or serving as an SAP security analyst
- Minimum of 4 years of professional experience in public accounting or relevant compliance industry experience relating to Sarbanes Oxley (SOX) compliance or other COBIT/ITIL frameworks
- Clear and concise communication skills. Ability to understand what to communicate to difference audiences.
- Team member of at least one SAP implementation
- High organized with the ability to monitor engagement time and expenses
- Provide client status updates, review deliverables, maintain updates with the engagement supervisor timely and communicate client opportunities
- Provides positive reinforcement and leadership to staff
- Strong understanding of information systems risk assessments and controls reviews
- Excellent organizational skills and the ability to prioritize multiple tasks, projects and assignments
- Possess strong business ethics and willingness to adhere to stringent professional standards
- Ability to put forth additional effort to meet deadlines when necessary
- CISA designation(s) preferred, but not required
- SAP risk, security & controls experience
- Other ERP risk, security & controls experience
- BS in MIS, Computer Science, or Accounting