Sr SAP Security Analyst

About RS Group

Across the industrial design, manufacturing and maintenance worlds, we’re the digital destination for product and service solutions to help our customers with the maintenance, repair and operation of their businesses. We provide global access to an unrivalled range of over 750,000 stocked industrial products. Each day our team of experts deliver solutions to resolve our customer’s challenges across design, procurement, inventory and maintenance. We consistently strive to deliver the best possible service to all of our customers and challenge ourselves to provide a seamless procurement experience.

We are one team. We deliver brilliantly. We do the right thing. We make every day better. These are our values. They unite our c.9,000 global colleagues and differentiate us from our competition. They are a mix of how we work today and how we must step up for the future. Most importantly, it is one set of values shaped by our people, for our people.

Together, we can make great things happen. Aim for amazing and beyond.

About the Role

Role Purpose

A seasoned professional with extensive expertise in SAP systems, applications, and processes, coupled with a profound understanding of SAP security architecture and controls. My experience encompasses SAP Governance, Risk, and Compliance (GRC) solutions, particularly Access Control and Process Control. I am well-versed in regulatory standards and best practices related to SAP security. My exceptional analytical and problem-solving skills are matched by my ability to communicate complex security issues effectively to stakeholders at all levels. I have a proven track record in managing user roles and authorizations, conducting comprehensive security audits, ensuring strict compliance with policies, and addressing security incidents with detailed root cause analysis. In my senior capacity, I lead the lifecycle management of certificates and oversee audit processes to ensure our SAP compliance procedures are in alignment with Group-level Information Security policies. I am entrusted with maintaining the integrity and security of global systems and networks, driving security initiatives through both predictive and reactive analysis, and conveying emerging trends to leadership and staff. I define strategic actions to mitigate security risks and spearhead projects to ensure adherence to RS Group security requirements. Furthermore, I develop and uphold robust security policies and procedures, lead the creation and implementation of company-wide security training programs, compile and submit essential security compliance reports, and work in close partnership with functional business teams to implement effective mitigating actions and controls.

Responsibilities

• Ensure SAP compliance procedures align with Group-level Information Security policies.
• Utilize proficiency in SAP systems, applications, and processes.
• Develop and maintain SAP security architecture and controls.
• Design, create and manage user profiles, roles, and authorizations in SAP, ensuring role-based access control is appropriately structured and implemented.  Be responsible for designing standards for profiles, roles and authorisations (e.g. naming standards, security granularity, etc.) and ensure these are enforced by the team.
• Ensure technical debt is addressed e.g. historical implementations have a clear roadmap for corrective action to simplify, standardise and ultimately tighten security.
• Actively monitor and control the access rights of users.
• Manage SAP Security using SAP Governance, Risk, and Compliance (GRC) solutions, utilizing Access Control and Process Control.
• Actively work to improve your teams Ways of Working to drive efficiency and drive higher standards through process improvements, documentation (e.g. standards, procedures, policies).
• Work closely with your manager to support the process of demand management and team capacity management ensuring the teams backlog is prioritised and tracked.
• Maintain the integrity and security of global systems and networks.
• Support security initiatives through both predictive and reactive analysis.
• Articulate emerging trends to leadership and staff and drive initiatives that improve our ways of working, tooling and security management.
• Define and recommend actions to mitigate security risks and actively manage through to resolution.
• Work with RS Group Security team to ensure compliance with PCI and NIST security requirements.
• Develop and maintain comprehensive security policies and procedures in line with RS Group Information Security policies.
• Lead the development and deployment of company-wide security training.
• Compile and submit required security compliance reports to pertinent agencies and internal stakeholders where relevant.
• Work closely with functional business teams to implement mitigating actions and controls.
• Work closely with project teams to ensure Security design is incorporated into project governance and delivery, particularly during early phases of large programmes or projects where security design sign-off is a formal stage gate within project governance.
• Work closely with the SAP teams to embed new technologies ensuring they are safe, secure and compliant (e.g. BTP, EWM, etc.) 
• Manage 3rd party shared service providers to ensure they meet our security SLA’s and KPI’s and comply to our processes, procedures and standards.  Where remediation is required, work closely with 3rd parties to actively manage and course correct any issues, risks that have been identified.
• Actively mentor and coach junior level security analysts in your team supporting their personal development.
• Conduct security audits and ensure compliance with policies.
• Handle security incidents with root cause analysis.
• Manage certificate lifecycles and technically lead audit processes.
• Stay knowledgeable about regulatory standards and best practices related to SAP security.
• Employ strong analytical and problem-solving abilities.
• Communicate complex security issues effectively to stakeholders.

Key opportunities for growth in this role

• SAP Security and Compliance Manager Role
• CMMC, NIST 800-171, and PCI experience
• Incident response management
• Security baseline analysis
• Risk Management
• SAP Certifications

Key relationships for my role/Who do I need to consult with?

Internal: Collaborate closely with IT and business teams to ensure the secure and efficient operation of SAP systems, and to implement security solutions that align with business objectives. Work with the Security Compliance Manager to ensure all system platforms are appropriately secured.  Partner with functional business teams to implement mitigating actions and controls, and to ensure compliance with security policies and procedures.  Communicate emerging security trends and recommend actions to mitigate security risks to leadership and staff.

External: Coordinate with external auditors and Qualified Security Assessors (QSA) to implement effective corrective action plans and ensure compliance with standard security standards and requirements.

Who do I need to keep informed and engage with?

Internal: Need to ensure a close engagement with the SAP Security and Compliance Manager. Ensure that the security program properly keeps the leadership team informed.

External: Third party vendors for new security solutions. Interfaces with external entities including intelligence community organizations and other agencies such as the Department of Defence, Payment Card processors, Shared service providers and external auditors.

Candidate Requirements

Essential:

• 5+ year experience in an SAP Security related role
• Minimum of 5 years’ experience in an Information Security role
• Excellent written and oral communication skills
• Self-motivated and able to work in an independent manner
• Experience and proficiency in various security-related toolsets and best practices
• Strong understanding of SAP GRC

Desirable:

• College degree or equivalent experience in an IT-related function
• Certification in SAP GRC

Core Values:

• One Team: Collaborate effectively with colleagues across departments and regions to achieve common goals.
• Deliver Brilliantly: Strive for excellence in all aspects of day to day activities, from strategy to execution.
• Do the Right Thing: Act with integrity and transparency in all interactions and decisions.
• Make Everyday Better: Continuously seek opportunities to improve products, processes, and customer experiences.

Equal Employment Opportunity

RS Americas is an equal opportunity employer and maintains policies and practices that are designed to prevent and prohibit unlawful discrimination against any qualified employee or applicant on the basis of race, color, religion, ancestry, national origin, sex, sexual orientation, gender identity, age, military/veteran status, disability, genetic information, citizenship status, or any other unlawful classification to the extent protected by law. This policy of non-discrimination applies to all employment practices, including hiring, compensation, benefits, promotion, training and termination. Employees who engage in unlawful discrimination will be subject to disciplinary action, up to and including termination.

#LI-CC1 #LI-HYBRID