SAP GRC Functional Consultant at The South African National Roads Agency (SANRAL)

POSITION OBJECTIVE

The GRC functional consultant will provide strategic leadership in ensuring effective information and technology (IT) governance, risk and compliance (GRC) management and protecting the systems and investments, in support of the IT strategy of the SANRAL. The role requires a GRC consultant with extensive experience within SAP GRC and SAP Authorisations, with S/4 Hana design and implementation projects.

MINIMUM REQUIREMENTS

• NQF 7 Bachelor’s degree in Commerce
• SAP certified in SAP Governance Risk and Compliance (GRC)
• 5 to 7 years SAP GRC support and at least two end to end SAP Governance, Risk and Compliance implementation

KEY RESPONSIBILITIES

The role requires a consultant to lead / or oversee and configuring SAP's Access Control, Access Risk Analysis (ARA), Access Request Management (ARM), Emergency Access Management (EAM) and Business Role Management (BRM) modules across the organisation which includes the below functions:

• GRC implementation and automation experience with GRC integration to other Cloud and SAP/Non-SAP solutions
• .Excellent knowledge of Audit and Segregation of Duties (SoD) requirements.
• Risk Analysis and Remediation performed Role Clean-Up projects to identify and remediate SoD violations.
• Performed remediation and mitigation against various risks associated with roles and users.
• Experience in creating and assigning FF ID's and extracting Fire Fighter logs.
• Build and Customize rule sets to match the business needs and processes.
• Configure MSMP Workflow, actions and BRFplus rules.
• Configure HR trigger provisioning and scheduled background jobs.
• Create Single, Derived and Composite Roles in SAP Systems.
• Tracing the functionality after the development phase and then designing the Roles/Composites, following SOD analysis and approval process to meet the timely deadlines.

Scoping of identified support tasks:

• Develop high level project plan for identified projects
• Identify key stakeholders
• Identify deliverables
• Co-ordinate working committee and obtain sign off of roles from committee members per milestone / gate
• Translate business requirements and objectives into a project and process plan
• Identify resources needed and assign individual responsibilities per project activity

Management of support tasks:

• Coordinate implantation and execution of project work plan and revise as appropriate to meet changing needs and requirements
• Track and monitor project deliverables 
• Co-ordinate and facilitate regular status meetings with project team 
• Provide ongoing feedback to senior management and stakeholders in respect of milestones and slippage etc
• Follow up on Action items
• Continuous communication with stakeholders
• Identify potential risks and develop back up plans
• Information distribution to all stakeholders and management

System documentation:

• Project Plan with milestones, resources, dependencies etc to be in place per project allocated where agreed with management
• On-going updates to project plan
• Sign-off from all stakeholders (project plan)
• Project Risk Management
• On-going feedback to project stakeholders
• On-going updates to management

Support tasks:

• Project Risk Management – document risks
• Align risks identified with SANRAL ICT, SANRAL users as well as Internal Audit
• Ensure the project objective is documented as well as milestones, deliverables, technical requirements, exclusions, sign-off, processes
• Ensure that the following stages are included on the project plan: Definition Stage, Planning Stage, Execution Stage, Delivery Stage

Stakeholder liaison:

• Arrange and co-ordinate specification handover meetings between various stakeholders: Users, Managers, and ICT Testers
• Facilitate common understanding of business needs
• Monitor and resolve queries raised by the Users, Developers and Testers
• Coordinate unresolved queries with Business if not present during handover and facilitate that all queries are resolved
• Monitor that specification is updated with any additional requirements
• Communicate & update various stakeholders across the business of any changes