Job Description

Technical Security Risk Manager/Security SME \xe2\x80\x93 Security & Authorization

Security & Auth SME is expected to carry out the role of SME in SAP Access & Roles management. In addition, the SME perform the role of IT Risk manager and Audit Champion for internal & external audits.

Candidate is also expected to have good appreciation of other SAP functions viz O2C, Supply Chain and Finance. Experience in S4 HANA is added plus. Candidate is expected to have good understanding of RPA and machine learning.

Role description

• Retaining Platform specific knowledge
• Gatekeeper for compliance to Global Risk policies & standards & enhancing the platform resilience.
• Partner with local and global project teams to establish compliant design and sustainable security framework.
• Co-ordinate the audits for the platform with external & internal auditors
• Act as Platform risk manager ensuring risk free role design & access management.
• Manage escalations for complex incidents, issues to achieve target uptime levels for systems under this role responsibility.

In Unilever Security Organization, Global Security and Compliance team are the owner of all direct and indirect security related activities and Risk Managers are assigned to control of these activities.

• Risk manager work with both AM/AD teams very closely to keep the system secure and compliant.
• The risk manager must be a UL manager or 3rd fulfil UL position. The UL risk manager can be supported by a 3rd party resource for any initiatives which require time.
• The resourcing depends on the extent of work and the span of the risk manager. The above construct is true for applications like large SAP platforms where the span as well as the scope is higher.

As a Technical Risk manager, \xe2\x80\x9cSME \xe2\x80\x93 Security and Auth\xe2\x80\x9d has very critical responsibilities as follows :

• Supports the Landscape Performance & KEC manager in all compliance and security related activities for the landscape. Understand security global standards and ensure SOX processes are applied, implemented and evidence kept and shared with external auditors and deficiencies are resolved on time and in full, including all projects landing on the landscape for compliance matters.
• Coordinate landscape audits and follow-up on the progress of solving any findings from the audit processes in the landscape. Help ensure that all teams involved are taking necessary actions.
• Act as a single face to Global Security and Global Risk and Compliance team on the compliance activities for the landscape
• Collaborate with Global Security (understand baseline security standards, assess impacts of implementation on the landscape and ensure that they are implemented for the landscape)
• Support Projects to cover above items, provide governance to vendor teams which work on compliance, security, roles, and authorizations for the landscape.
• Provide governance on IT critical profiles and IT users of the landscape.
• Prepare and distribute reports for above items. Inform key stakeholders and collect feedback. Update documentation under guidance of the Landscape Performance & KEC Manager.
• Ensure that global security standards in documentation, coding and tools are implemented on the landscape, help coordinating efforts with various innovation teams.
• SPOC for external & internal audit recommendations and action follow up with other teams, report back progress to KEC & Compliance manager.
• Coordination of SOX ITGC and ensuring defect remediation takes place.
• Roles & authorizations and GRC related AD work coordination, impact assessment raising statement of work or project work orders , following the delivery of the AD partners in these spaces.
• Coordination of SAP security baseline standards implementation.
• Producing, reviewing relevant compliance reports, following actions for the landscape.
• Governing sensitive IT access for the landscape, ensuring authorized people have this access, coordinating actions in case of violations.
• Working with landscape / global projects hitting the landscape on compliance / security related matters.
• Align with CoE security teams in understanding and embedding security standards to the landscape.
• Engage with other innovation teams/ basis and other service teams for compliance matters.
• Manage third parties & contractors working in this area.
• Support the KEC & Compliance manager in budget / resource planning, actual vs budget tracking.
• Prepare/Distribute reports under guidance of the KEC & Compliance Manager.

What is the skill set required for this role

• University degree

• Minimum 3 years hands on experience in SAP Authorization and GRC area.

• Experience working in a Global SAP Project Implementation or Maintenance

• Good knowledge of SAP Technology & Authorization including GRC10 process.

• Experience in working in a global organization with virtual teams

• Experience in the engagement of key, senior level stakeholders, along with proven ability to influence and manage relationships with those stakeholders

• Good understanding of ITIL procedures

• Fluent in English.

Why is it important? Risk in case we don\xe2\x80\x99t have the right fitment

Global Security & Compliance is the responsible team to make all necessary changes based on Unilever Security Baseline for their landscape .

Unilever Security Baseline document includes the controls which mainly protect Unilever against the cyber-attacks, provides guideline to develop-improve current roles and authorization structure based on the changing processes, control principles.

Not having an experienced, hands on FTE \xe2\x80\x93 Risk Manager in Landscape would cause

• big gap on security in IT and business,
• not having secure systems are closed the back doors
• would be a severe risk for Unilever .

The roles and responsibilities which are listed above is clearly addressing the scope and severity of the job and having a miss or delay on any of these activities would be treated as a deficiency and would be a treat for Unilever.

• Ensure that Global SAP security standards in documentation, coding and tools are implemented on the landscape
• Coordinate landscape audit and follow up on the progress of solving any findings from audit perspective, ensure remediation steps completion including Security standard update. (SOX Audit, Corporate Audit, internal audit)
• Support Secure by Design Team on the compliance activities for the landscape
• Ensure landscape is secure, scalable, resilient and performant through monitoring, proactive alerting and drive timely actions
• Work as a gatekeeper for prod/non-prod system on the Security related task.
• Governing sensitive IT access for the landscape, ensuring authorized people have this access, coordinating actions in case of violations.

• Responsible for security design (incl standardization across markets) for IT solution implementation.
• Supports Demand & Delivery manager for projects.
• Support Landscape Performance Manager to identify and rectify vulnerabilities.
• Review, improve, and approve Security design changes ensure security standards and controls are included in the builds.
• Continuous improvement of best practices for their domain.
• Provide guidance on Security expertise for new projects/demands from business.

As a summary;

• Ensure that Global SAP security standards in documentation, coding and tools are implemented on the landscape
• Coordinate landscape audit and follow up on the progress of solving any findings from audit perspective, ensure remediation steps completion including Security standard update. (SOX Audit, Corporate Audit, internal audit)
• Support Secure by Design Team on the compliance activities for the landscape
• Ensure landscape is secure, scalable, resilient and performant through monitoring, proactive alerting and drive timely actions
• Work as a gatekeeper for prod/non-prod system on the Security related task.
• Governing sensitive IT access for the landscape, ensuring authorized people have this access, coordinating actions in case of violations.

• Responsible for security design (incl standardization across markets) for IT solution implementation.
• Supports Demand & Delivery manager for projects.
• Support Landscape Performance Manager to identify and rectify vulnerabilities.
• Review, improve, and approve Security design changes ensure security standards and controls are included in the builds.
• Continuous improvement of best practices for their domain.
• Provide guidance on Security expertise for new projects/demands from business.

Unilever