Staff InfoSec Risk and Compliance Analyst (GRC Specialist)

Position Summary: As a Staff InfoSec Risk and Compliance Analyst (SAP GRC Specialist) at Illumina, you will utilize your application security skills to plan and implement security measures on a variety of SAP systems including ECC, Solution Manager, GRC, APO, IBP, EWM, GTS and Fiori. You will be primarily responsible for assessing access impacts and ensuring these SAP systems are integrated with SAP's GRC platform to ensure proper segregations of duties are established not only within the applications themselves, but across multiple applications as well. Lastly, if SAP doesnt supply an out of the box GRC ruleset, youll be asked to develop one by understanding the functions tied with the application and working with risk owners to define which functions should not be combined. Additionally, you will project lead for quarterly, and weekly releases by attending project meetings to gather requirements, provide guidance for role builds, and any utilization of custom transaction codes. Responsibilities: SAP Security Administration: Support Audit Activities (Internal, External, SOX and FDA) Support other SAP functions in implementing security measures Assess access impacts, including but not limited to role definition, updates, provisioning, de-provisioning, and user maintenance Ruleset maintenance for new transactions, functions, risks, and mitigation controls using SAP GRC Perform GRC updates when new risks are identified via partnership with Internal Audit Coordinate support pack upgrades, and security note implementation Implement workflows to support SAP GRC processes Implement GRC FIORI applications to enhance customer experience Maintain SAP vulnerability management program SAP Role/Group maintenance for SAP cloud products (IBP, Ariba) SAP Role creation/maintenance for S4/HANA products Implement security designs based on industrys best practice recommendations People Leadership: For Bangaluru location, you will be team lead for reports under the GRC Application Security Team. Ensure policies and procedures are followed by direct reports Ensure attendance and work performance goals are achieved Work with onshore leads for new or altering work assignments Documentation: Policies, Work Instructions and Process Flows for business process Conduct training to SAP Security stakeholders on best practices and risk assessment for new functionality Project Support: Work with SAP Role/Risk owners to provide security solutions for new or existing functionality Partner with functional teams to design and implement access controls for new functionality Requirements: Minimum of 5 years Application Security experience (Application or Database Administration) Knowledge of access provisioning and de-provisioning, role administration, CUA implementation/support and licensing controls. Experience with implementation of SoX and FDA audit controls. Minimum of 4 audit cycles preferred Setting up GRC ruleset for an application where a default ruleset was not provided by SAP, including S/4HANA services and applications. Experience with security administration/risk management of SAP systems including but not limited to ECC, GRC, Solution Manager, Fiori, IBP, GTS, APO, EWM, HANA DB preferred. Education: Bachelor's Degree preferred Scope of Responsibilities: Applies advanced wide-ranging experience and professional knowledge to provide solutions in creative and effective ways. Directs the application of existing principles and guides development of new policies and ideas. Understands the interrelationships of different disciplines. Works on complex assignments where problem solving requires in-depth evaluation of varying factors and practices/procedures must be determined. Enhances internal and external working relationships and networks with key contacts outside area of expertise. Adapts style to differing audiences and frequently advises others on complex matters that relate to the wider business and require persuasion. May train and mentor junior level staff. Work is reviewed upon completion and is consistent with departmental objectives. Exercises judgment in selecting methods, techniques, and evaluation criteria for obtaining results. Experience / Education: Typically requires a minimum of 8 years of related experience with a Bachelors degree; or 6 years and a Masters degree; or a PhD with 3 years of experience; or equivalent experience.

Location: bangalore, IN

Posted Date: 1/16/2025