Staff InfoSec Risk and Compliance Analyst (GRC Specialist)

What if the work you did every day could impact the lives of people you know? Or all of humanity?

At Illumina, we are expanding access to genomic technology to realize health equity for billions of people around the world. Our efforts enable life-changing discoveries that are transforming human health through the early detection and diagnosis of diseases and new treatment options for patients.

Working at Illumina means being part of something bigger than yourself. Every person, in every role, has the opportunity to make a difference. Surrounded by extraordinary people, inspiring leaders, and world changing projects, you will do more and become more than you ever thought possible.

Position Summary:

As a Staff InfoSec Risk and Compliance Analyst (SAP GRC Specialist) at Illumina, you will utilize your application security skills to plan and implement security measures on a variety of SAP systems including ECC, Solution Manager, GRC, APO, IBP, EWM, GTS and Fiori. You will be primarily responsible for assessing access impacts and ensuring these SAP systems are integrated with SAP's GRC platform to ensure proper segregations of duties are established not only within the applications themselves, but across multiple applications as well.   Lastly, if SAP doesn’t supply an out of the box GRC ruleset, you’ll be asked to develop one by understanding the functions tied with the application and working with risk owners to define which functions should not be combined.

Additionally, you will project lead for quarterly, and weekly releases by attending project meetings to gather requirements, provide guidance for role builds, and any utilization of custom transaction codes.

Responsibilities

SAP Security Administration

• Support Audit Activities (Internal, External, SOX and FDA)
• Support other SAP functions in implementing security measures
• Assess access impacts, including but not limited to role definition, updates, provisioning, de-provisioning, and user maintenance
• Ruleset maintenance for new transactions, functions, risks, and mitigation controls using SAP GRC
• Perform GRC updates when new risks are identified via partnership with Internal Audit
• Coordinate support pack upgrades, and security note implementation
• Implement workflows to support SAP GRC processes
• Implement GRC FIORI applications to enhance customer experience
• Maintain SAP vulnerability management program
• SAP Role/Group maintenance for SAP cloud products (IBP, Ariba)
• SAP Role creation/maintenance for S4/HANA products
• Implement security designs based on industry’s best practice recommendations

People Leadership

For Bangaluru location, you will be team lead for reports under the GRC Application Security Team. 

Ensure policies and procedures are followed by direct reports

Ensure attendance and work performance goals are achieved

Work with onshore leads for new or altering work assignments

Documentation

• Policies, Work Instructions and Process Flows for business process
• Conduct training to SAP Security stakeholders on best practices and risk assessment for new functionality

Project Support

• Work with SAP Role/Risk owners to provide security solutions for new or existing functionality
• Partner with functional teams to design and implement access controls for new functionality

Requirements

• Minimum of 5 years Application Security experience (Application or Database Administration)
• Knowledge of access provisioning and de-provisioning, role administration, CUA implementation/support and licensing controls.
• Experience with implementation of SoX and FDA audit controls. Minimum of 4 audit cycles preferred
• Setting up GRC ruleset for an application where a default ruleset was not provided by SAP, including S/4HANA services and applications.
• Experience with security administration/risk management of SAP systems including but not limited to ECC, GRC, Solution Manager, Fiori, IBP, GTS, APO, EWM, HANA DB preferred.

Education

Bachelor's Degree preferred

Illumina believes that everyone has the ability to make an impact, and we are proud to be an equal opportunity employer committed to providing employment opportunity regardless of sex, race, creed, color, gender, religion, marital status, domestic partner status, age, national origin or ancestry, physical or mental disability, medical condition, sexual orientation, pregnancy, military or veteran status, citizenship status, and genetic information.