Key Performance Areas
Incident Response and Remediation
- Maintain the Confidentiality, Integrity and Availability of the RAF Information contained within SAP systems.
- Ensure security incidents or requests are recorded in the RAF incident management system.
- Conduct investigation, analysis and review following any security breach or incident.
- Initiate the investigation of incident.
- Compile reports around the breach or incident.
- Implement corrective actions where approved.
- Maintain detailed records of breach or incident using agreed procedures.
Role Based Access Control (RBAC) and Segregation of Duty (SoD) Risk Analysis
- Engage with RAF business process owners (BPO) to ensure that access controls are designed in accordance with business requirements.
- Ensure proper Segregation of Duty (SoD) and risk analysis are performed for all identity and access management controls.
- Draft and maintain authorized records for all SAP Roles used within the RAF.
- Ensure that data and system owners approve access.
- Operate and administer logical access controls and directly associated security services relating to all platforms used in order to provide a continuous and secure access service to all Information facilities.
- Apply Access control tools within the RAF according to the RAF policies, standards, processes and procedures.
- Ensure adequate physical access control mechanisms are in place.
- Facilitate the access controls between the RAF systems and external third parties.
- Ensure IT security integration with SAP and other systems such as LDAP, AD and Identity Management.
Design, Develop and Implement SAP Security Controls
- Ensure SAP security patching is applied regularly.
- Ensure SAP module, Enterprise portal and web services are adequately protected.
- Ensure that Governance Risk and Compliance is maintained throughout.
- Prepare recommendations for appropriate security control improvements and introduction of new security controls.
- Provide guidance and support to respective IT operational staff on systems security processes, policies and security controls.
- Identify if there are any security violations while implementing the changes to the configurations.
- Provide necessary corrective actions or solutions from security perspective.
- Advise and handle all enquiries relating to IS security, contingency planning and activities of the function as and when required.
Draft and Maintain Documented Standards, Processes and Procedures
- Draft and maintain all standards, processes and procedures for SAP Security.
- Draft and maintain supporting documentation for SAP security.
Monitoring, Reviewing and Reporting on SAP Security
- Continuous monitoring of SAP security and sensitive transactions.
- Periodic review of all relevant logs in SAP systems.
- Ensure that access requests by data subjects are reviewed in accordance with approved procedures.
- Ensure reports are submitted on time, duly authorized and maintained for record keeping.
Auditable Record Keeping of all Access, Monitoring, Reporting and Remediation
- Ensure all requests and changes are correctly authorized before implementation.
- Document all monitoring and reviewing in the approved report template.
Audit Recommendation Analysis and Implementation
- Assist in conducting IS risk assessments for SAP.
- Participate in periodic IT security Audits by making security related documents available to the auditor.
- Implement recommended changes as per audit.
- Prepare security reports for management.
- Maintain security incident reports.
Act as a Substitute in the Department to Cover Capacity
- Ensure security incidents/requests are recorded in the RAF incident management system.
- Respond and remediate incidents and requests within the statutory time periods.
Policy Review and Implementation
- Contribute to developing and implementing departmental policy, standards and procedures, and processes.
- Keep up to date with effective policy and practice execution strategies.
Reporting
- Provide feed back the outcome of review meetings to the Senior Business Relationship Manager.
- Provide visibility and reporting on progress with the roadmap, and escalating any issues encountered during delivery that may affect the annual planning.
Stakeholder Management
- Proactive and progressive relationships with key stakeholders.
- Deal with inquiries and requests for information from both internal and external stakeholders.
- Conduct regular SLAs reviews with stakeholders as defined by the Senior Business Relationship Management.
Qualifications and Experience
- Bachelor’s Degree/Advanced Diploma in Information Technology related qualification.
- SAP certifications in Security/Authorizations are required:
- Certified Technology Professional - Security with SAP NetWeaver 7.0 (P_ADM_SEC_70).
- SAP Certified Application Associate (C_GRCAC_10) GRC.
- SAP BusinessObjects Access Control 10.0 (C_GRCAC_10).
- SAPHANA, ADM945 Authorization Concept for SAP Fiori on S/4HANA.
- SAP S/4HANA Security Concepts.
- Attendance in AWS practitioner will be an added advantage
- ITIL Foundation will be an added advantage.
- Relevant 5 - 7 years’ experience in SAP Security environment.
Gmail
Yahoomail