The firm has an exceptional career opportunity for SAP security risk & controls Manager to join our Risk Advisory Services (RAS) practice in the Chicago office. Our RAS practice is rapidly expanding across the Great Lakes, We are looking for quality talent to assist in servicing our new and existing clients. This position is a new addition to our IT risk advisory team due to the rapid growth we are experiencing.
The SAP security risk & controls Manager would be in our Great Lakes IT risk practice, and would be a regional ERP champion reporting into our national ERP IT Risk Advisory practice to help improve our SAP risk methodology and to develop and provide SAP training to others.
The SAP security risk & controls Manager will be responsible for either performing or supervising SAP related IT risk engagements, including segregation of duties assessments or rule designs for SAP GRC tools, for both the Assurance and Advisory practices of the firm. The SAP security risk & controls Manager will at times, also manage non-SAP ERP engagements within the Great Lakes, with other ERP champion SME's.
Our IT Risk consultants provide advice to CEO's, CFO's, CRO's, CIO's and Boards of Directors on how to understand and adhere to changing regulatory compliance requirements. Our in-depth industry experience and collaborative approach assures our clients have solutions that help them minimize risk while maximizing opportunities for growth.
Specific Duties and Responsibilities:
Help improve or design SAP IT audit work programs and lead the engagement teams to perform controls testing, or other related SAP risk activities such as SAP security, SAP segregation of duties, SAP business automated controls, SAP implementation risk assessments
Use of SAP analytics to assess controls failure exposure. Provide improvement recommendations to clients related to SAP risk, security, and controls. Effectively communicate issues to the client.
Provide possible solutions to clients based on control gaps or deficiencies or SAP controls functionality not being leveraged by the client
Perform or supervise non-SAP IT risk related engagements such as IT audits, IT risk assessments, segregation of duties assessments, etc.
Assist with ERP related business development activities within the Great Lakes including research, responses to RFPs, networking via local chapters of ISACA and other events, attending sales meetings with client
Provide on-the-job training covering SAP security risk & controls to staff
Ability to identify and escalate engagement risk issues internally
Flexible to travel within the Great Lakes and possibly nationally, and overnight depending on client locations
Demonstrated knowledge of auditing SAP ITGCs including basis and security
Demonstrated knowledge of auditing SAP security role design and understanding of how to audit it
Demonstrated knowledge of auditing SAP automated business controls
Demonstrated knowledge of using SAP GRC tools, such as SAP GRC, Approva, ERP Maestro or other SAP ERP controls monitoring tools to perform rule designs or assessments or audits
Minimum of 5 years' experience in performing IT audits or IT risk assessments
Minimum of at least 4 years in a supervisory or management level role
Minimum of 5 years' experience in the SAP security risk & controls auditing or experience with SAP implementations designing SAP security or serving as an SAP security analyst
Minimum of 4 years of professional experience in public accounting or relevant compliance industry experience relating to Sarbanes Oxley (SOX) compliance or other COBIT/ITIL frameworks
Clear and concise communication skills. Ability to understand what to communicate to difference audiences.
Team member of at least one SAP implementation
High organized with the ability to monitor engagement time and expenses
Provide client status updates, review deliverables, maintain updates with the engagement supervisor timely and communicate client opportunities
Provides positive reinforcement and leadership to staff
Strong understanding of information systems risk assessments and controls reviews
Excellent organizational skills and the ability to prioritize multiple tasks, projects and assignments
Possess strong business ethics and willingness to adhere to stringent professional standards
Ability to put forth additional effort to meet deadlines when necessary
CISA designation(s) preferred, but not required
SAP risk, security & controls experience
Other ERP risk, security & controls experience
BS in MIS, Computer Science, or Accounting
Job ID RSM485
Line of Business: Consulting Services
SubFunction: RAS IT Advisory
Job Type: Full Time
Req #: RSM485
Location: One South Wacker Dr Ste 800, , Chicago, IL US