Risk Consulting - Manager - Digital Risk - SAP Security

As part of our Risk Consulting – Digital Risk team, you will be part of the team delivering SAP Security reviews and audit services for various clients across the MENA region. An important part of your role will be to actively establish, maintain and strengthen internal and external relationships. You’ll also involve in identifying potential business opportunities for EY within existing engagements and escalate these as appropriate. Similarly, you’ll anticipate and identify risks within engagements and share any issues with senior members of the team.

The opportunity

We’re looking for Managers with expertise in SAP Security Controls Review to join the group of our Digital Risk team. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of our service offering.

Your key responsibilities

• Manage and lead a team of staff and seniors on SAP Security control review projects, ensuring adherence to project timelines and quality standards.
• Leading the team members with the SAP related queries, latest updates on relevant applicable standards.
• Preparing and sharing the proposal & pursuits for SAP engagements.
• Regular connects with onshore counterparts to ensure the deliverables are meeting expectations & standards, creating opportunities basis skill sets.
• Perform control testing for both ITAC & ITGC as per the client scope and requirement.
• Contribute to the Risk Consulting team as a key member and assist with facilitating practice wide training (SAP Security/ SAP IT Control testing /SoD reviews/SAP Pre & Post Implementation) curriculum.
• Work closely with onshore, cross-functional teams and develop strong relationships across the organization, especially with Onsite team.
• Stay updated with and promote awareness of updated ERP versions & its functionalities, industry best practices.
• Active team member executing project management/ stakeholders’ management (Client, Assurance, onshore)
• Provide quality deliverables with value addition on the engagements and is known as SMR across organization.

Skills and attributes for success

• Candidate must have minimum 8 – 12 years of experience in SAP Security with knowledge of Security controls and IT governance practices.
• Should have completed at least 5-6 Risk & Control engagements covering pre-& post implementation reviews, security assessments, control design and testing for SAP ECC and/or S4 HANA landscape.
• Perform SAP audits, focusing on system integrity and data accuracy.
• Design and assess SAP S4 controls, identifying gaps and recommending improvements.
• Familiarity with key business process such as Order To Cash, Procure To Pay, and Record To Report and utilize functional knowledge of key business processes to enhance control frameworks.
• Experience in reviewing and testing of SAP S4 Hana / SAP ECC IT general controls (ITGC) for key domains such as access management, change management, computer operations, SDLC (System Development Life Cycle)
• Experience in reviewing and testing SAP S4 Hana / SAP ECC security & configurations such as debugging, client settings, etc.
• Experience in performing pre & post implementation reviews in SAP S4 Hana / SAP ECC environment and have been through S4 Hana/ ECC lifecycle & performing migration testing.
• Knowledge and understanding of the T-Code, tables used to extract the data from SAP S4 Hana / SAP ECC with relation to review of the security configurations.
• Knowledge and understanding of SAP S4 Hana / SAP ECC user access security architecture (Roles, profiles, Authorization objects)
• Experience in testing of firefighter controls in SAP S4 Hana / SAP ECC and GRC.
• Experience in reviewing and testing the Operating System (OS) and Hana Database (DB) controls in SAP S4 Hana / SAP ECC environment.
• Experience of working with other SAP applications such as GRC, Fiori, BW, BI, Ariba, Concur, Success Factor, VIM, Vistex.
• Experience in evaluation and testing of sensitive access and SOD (Segregation of Duties) across key business and IT process in SAP S4 Hana / SAP ECC and GRC environment.
• Experience in SAP GRC access control (AC) & process control (PC), financial compliance management (FCM).
• Experience in performing the walkthrough (Test of design) directly with the client, Operating Effectiveness and have knowledge of the financial statement’s assertions.
• Experience in reviewing and testing the key reports ensuring the risks (completeness & accuracy) related to IPE’s (Information Produced by Entity) are addressed.
• Knowledge of SAP S4 Hana / SAP ECC standard functionalities in relation to business and IT controls.
• Experience in reviewing and testing the key business process configurations (ITAC’s) in SAP S4 Hana / SAP ECC environment. Having strong knowledge of SAP S4 Hana / SAP ECC configurations (e.g., 3-way match, copy controls) is must.
• Experience in testing of interface controls between multiple systems and middleware controls.
• Knowledge and understanding of common IT governance, control, and assurance industry frameworks, including COBIT and ISACA best practices.

To qualify for the role, you must have

• 8 – 12 years of experience in SAP Security, SoD review experience and IT Application control reviews/audit.
• Excellent project management, time management, managerial and leadership skills.
• Proven experience in SAP Risk and Controls projects.
• Strong SAP Functional & Technical controls understanding of SAP ECC & S4 HANA environments.
• Ability to communicate complex ideas effectively, both verbally and in writing.
• Good to have exposure in SAP Basis testing & SAP ITGC testing will be preferable
• Candidate with professional consulting experience in technology risk management ideally with a Big 4 or similar large consulting firm will be preferred.

Ideally, you’ll also have

• A bachelor's or master's degree (B.TECH/B.E/M.TECH/MBA-Finance)
• SAP S4 Hana / SAP ECC functional modules/ ABAP/ Security Certification (Preferred)
• CISA certified (Preferred)
• ISO 27001:2013 certified (Preferred)
• Any other relevant certification (Preferred)
• Excellent communication skills with consulting experience preferred
• A valid passport for travel.

What working at EY offers

At EY, we’re dedicated to helping our clients, from start–ups to Fortune 500 companies — and the work we do with them is as varied as they are.

You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer:

• Support, coaching and feedback from some of the most engaging colleagues around
• Opportunities to develop new skills and progress your career
• The freedom and flexibility to handle your role in a way that’s right for you