Senior SAP Security Manager

POSITION SCOPE :

Working under the direction of the Director, IT Risk Management and Application Security, this position is responsible for the overall security and controls within the global SAP landscape and keeping it aligned with GPI’s security and SOX compliance policies.

The Senior SAP Security Manager will partner with the Business Teams to meet business needs while providing a secure and auditable SAP environment.

The senior manager will work to achieve audit compliance and will provide input to all SAP Security related policies, procedures, control sets, and best practices.

The senior manager will also be responsible for coordinating the delivery of security work tasks on ongoing projects and implementations and ensure adherence to security methodology and design requirements.

The senior manager will supervise the overall quality and timeliness of deliverables by the global security team comprising of GPI employees and / or contractors.

POSITION RESPONSIBILITIES : Principal Duties and Responsibilities : five to eight key responsibilities / activities for which the position is accountable :

• Guide and advise on global SAP security and compliance matters during and after M&As.
• Own the global SAP security design template and ensure adherence to the same.
• Establish controls and ensure that they are implemented and followed.
• Be the point of contact with the Compliance and Audit teams.
• Responsible for ensuring that SAP Security and GRC processes comply with security methodology and design requirements.
• Control owner for SAP security related ITGC items such as emergency access, user provisioning, etc.
• Primary point of contact for defining the SAP security design and approach for new interfaces, applications, projects and other initiatives.
• Works closely with functional, business and audit teams to gather security requirements, design and implement security solutions, in compliance with Security, regulatory, organizational and SOX controls.
• Manage and resolve audit related inquiries and address remediation of any findings pertaining to SAP security.
• Global consultant on SAP Security and Compliance and GRC processes.
• Engage and work closely with IT and business stakeholders to provide guidance and strategy on SAP and Compliance related activities.
• Responsible for design, documentation, and enhancement of SAP Security administration, policies, processes, and procedures.
• Manage projects by working with business partners to gather security requirements to design and build appropriate role-based security for the SAP environment.

Ability to manage multiple projects, lead teams, make design decisions using SAP Security best practices.

• Lead the Sarbanes-Oxley related remediation efforts in SAP.
• Technical Owner and Subject Matter Expert for SAP Security and trusted advisor for all SAP project initiatives on Segregation of Duties (SOD) and Sarbanes Oxley (SOX) best practices.
• Acts as an advisor to Finance Compliance department on SAP Security.
• Serves as an advisor to Compliance, Internal and External auditors in all aspects of SAP Security and Sarbanes-Oxley.
• Work with Business teams, Audit teams to conduct periodic SOX audit reviews and manage remediation effort.
• Coordinates with Cyber Security, Internal and External audit teams to ensure proper functionality, controls maintenance, and compliance of SAP environments.
• Monitors control design and operating effectiveness and assists management in developing remediation plans to address deficiencies.
• Responsible for User Licensing measurement and reporting.
• Ensure that proper change control around SAP security activities is followed.
• Define Risks, conduct risk analysis and monitor for continuous improvements and compliance.
• Support business, audit, and IT teams to define mitigation controls and support on-going maintenance.
• Manages communications with Corp IT and Business community during SAP security related changes.

POSITION SPECIFICATIONS : List minimum level of education, special training, certifications, or technical skills / experience required for this position.

General Knowledge & Skills

• Excellent written and verbal communication skills
• Strong analytical skills
• Ability to handle highly confidential information in a strictly professional manner
• Ability to work well under pressure
• Ability to manage and lead a team of highly technical resources
• Proven ability to self-manage and work with minimal supervision
• Ability to introduce industry relevant best practices and act as trusted advisor regarding enterprise value improvement opportunities
• Ability to plan and strategize future work streams and growth
• Ability to effectively communicate up, down and across

Technical Knowledge & Skills :

• 15 years' experience with SAP Security Design, Implementation and Administration
• 5 years' experience configuring, deploying and maintaining GRC tools e.g. BizRights Approva, SAP GRC, etc.
• Experience with SAP authorizations in ECC, APO, BI / BW, CRM, SCEM and Central Finance
• Experience with SAP authorizations in SAP HANA, SAP Fiori, SAP Data Services and SAP Business Objects
• Experience with SAP authorizations in HCM (Payroll, Time, OM / PA, and Employee Central) with an understanding of SAP HR process
• General knowledge of business processes within Finance, Financial Close, Sales, MM / IM, Order-To-Cash and Purchase-To-Pay is a plus
• Strong understanding of SAP authorization concept, incl. SU24 and SU25 maintenance
• Experience with Organizational Level creations and maintenance
• Strong understanding of Structural Profiles
• Proven experience with analyzing and resolving complex authorization problems utilizing SAP standard tools
• Understanding of latest tools and technologies, including Identity Management, Mobile solutions, and Cloud solutions
• Strong grasp over controls principles, risk handling, vulnerability and threat management and an overall awareness of the corporate security posture

Education & Professional Credentials :

• Bachelor's degree in a relevant discipline (Computer Information Systems, Information System Technologies, Management Information Systems, Computer Science, or equivalent experience)
• Relevant certifications such as CISA, CISM, CISSP, etc. would be a plus

POSITION COMPETENCIES : List key competencies for the position. Integrity and Trust and Action Oriented are Core GPI Competencies for all positions.

• Integrity and Trust
• Action Oriented
• Customer Focus
• Planning
• Timely Decision Making
• Problem Solving
• Learning on the Fly
• Composure
• Dealing with Ambiguity
• Business Acumen
• People skills

Required Experience

At Graphic Packaging International (NYSE : GPK), we produce the box you may have poured your child's cereal from this morning, the microwaveable tray that heated your lunch, the paper cup that held your coffee throughout the day, and the carrier of those bottles of craft beer you may enjoy tonight! We're one of the largest manufacturers of paperboard and paper-based packaging for some of the world's most recognized brands of food, beverage, foodservice, household, personal care and pet care products.

Headquartered in Atlanta, Georgia, we are a team of collaborative, innovative, passionate individuals who are committed to providing consumer packaging that makes a world of difference.

With almost 18,000 employees working in more than 70 locations in North and South America, Europe and the Pacific Rim, we strive to be an environmentally responsible leader in our industry and in the communities where we operate.

We are committed to workplace diversity and offer compensation and benefits programs that are among the industry's best to reward the talented people who make our company successful.

If this sounds like something you would like to be a part of, we'd love to hear from you. Learn more about us at www.graphicpkg.com.

Inspired Packaging. A World of Difference.

Graphic Packaging is an Equal Opportunity Employer. All candidates will be evaluated on the basis of their qualifications for the job in question.

We do not base our employment decision on an employee's or applicant's race, color, religion, age, gender or sex (including pregnancy), national origin, ancestry, marital status, sexual orientation, gender identity, genetic identity, genetic information, disability, veteran / military status or any other basis prohibited by local, state, or federal law.

Click here to view the EEO is the Law Poster