Sr. Spec. DDIT APD Shared Services SAM A&IM

Job Description Summary

As a Subject Matter Expert of SAP Access & Identity Management and SAP Security/ GRC, you are responsible for SAP security operation, design, implementation and audit, ensuring compliance and efficient of user access management.

 

Job Description

Major accountabilities:

• Responsible for global access management/ operation, ensure process are effectively operated and in compliance manner.
• Responsible for the overall continuous improvement, security control implementation, life cycle of security document and training.
• Responsible for audit facing and support include walkthrough, collection of evidence and governance of audit deliverable and resolve if any audit issues.
• Serve as the subject matter expert (SME) for security enhancement, providing expert advice and guidance to business and compliance stakeholder.
• Advises peers and management on complex issues, provides complex, contextual advice to influence the management for any new implementation and risk across business domains.
• Support vendor service performance, ensuring quality standards are met.

Key performance indicators:

• Ensure adherence of operation / vendor are meeting the control objective and agreed SLA/KPI.
• Ensure appropriateness of implementation of security control and ensure no gap in the design and operation.
• Ensure improvement/ enhancement initiative are implemented on time.
• Ensure regular successful audit related to user access management and all gaps are addressed on time.

Minimum Requirements:

Work Experience:

• Bachelor’s degree in engineering, Computer Science/Information Technology,
• Extensive experience in SAP / Application Security and Identity Management.
• Proven track records, preferable with more than 3 end-to-end project experiences in SAP S&A implementation and support large scale of global operation.
• Experience in audit and control design.
• Experience in managing vendor services and ensuring alignment with security standards
• Good exposure to one or more technology landscapes - SAP GRC, IAG, ECC, S4/HANA, SAP BTP, HANA/BW/BO, SRM, MDM, SAP SaaS (ARIBA, Concur) & other SAP endorsed apps.
• Experience with risk / governance management and CISA/ CISM certification is a strong plus.

Skills:

• Excellent level of functional and technical knowledge of SAP security & authorization.
• Excellent level of audit and control of Identity access management.
• Strong knowledge in identity lifecycle management concept including role design, RBAC, SoD, Least Privilege principle and good understanding on IAM IT general controls/regulatory compliance requirements
• Good exposure to one or more technology landscapes -  SAP GRC, IAG, ECC, S4/HANA, SAP BTP, HANA/BW/BO, SRM, MDM, SAP SaaS (ARIBA, Concur) & other SAP endorsed apps.
• Experience with other identity lifecycle management products is a strong plus.
• Possess great analytical and consulting skills to provide recommendations and solutions for user access design gaps and remediation

Skills (summary)

• SAP Security & Authorization design
• Audit & Risk management
• Analytical & problem-solving
• Collaboration & Stakeholder management
• Project management
• Vendor service management

Languages :

English.

Why Novartis: Helping people with disease and their families takes more than innovative science. It takes a community of smart, passionate people like you. Collaborating, supporting and inspiring each other. Combining to achieve breakthroughs that change patients’ lives. Ready to create a brighter future together? https://www.novartis.com/about/strategy/people-and-culture

Join our Novartis Network: Not the right Novartis role for you? Sign up to our talent community to stay connected and learn about suitable career opportunities as soon as they come up: https://talentnetwork.novartis.com/network

Benefits and Rewards: Read our handbook to learn about all the ways we’ll help you thrive personally and professionally: https://www.novartis.com/careers/benefits-rewards

 

Skills Desired

Change Management, Performance Management, Planning, Stakeholder Management