Jobs at SAP in United Arab Emirates

Summary:

We are seeking a highly skilled and detail-oriented IT Security Risk and Compliance Analyst to lead our IT risk management and compliance initiatives. In this role, you will oversee audit management, ensure adherence to ISO 27001/31000 and other standards, and leverage our GRC tool for SAP SOD, access management, and governance. Additionally, you will be responsible for SAP authorization management, Transport Request (TR) activities, and assisting with ISA 315 ITGS audits. The ideal candidate will play a crucial role in safeguarding our information systems, ensuring regulatory and internal policy compliance, and enhancing our overall IT security posture.

Duties and Responsibilities:

Risk Management and Compliance:

• Develop, implement, and maintain a comprehensive IT risk management framework to identify, assess, and mitigate risks.
• Ensure ongoing compliance with ISO 27001, relevant industry standards, and regulatory requirements.
• Collaborate with cross-functional teams to enhance and maintain the organization’s information security posture.
• Identify gaps in current processes and propose improvements to strengthen IT risk management.

Audit Management:

• Plan and execute internal and external IT audits, including preparing audit schedules, maintaining documentation, and managing evidence collection.
• Coordinate with auditors to address findings, implement corrective actions, and close gaps.
• Track and report on the status of audit remediation efforts, ensuring continuous improvement.
• Assist in facing and coordinating ISA 315 ITGS audits by preparing necessary documentation and facilitating communication with auditors.

SAP GRC Administration and SAP Audit Log Review:

• Oversee the administration and optimization of SAP Governance, Risk, and Compliance (GRC) solutions.
• Configure and maintain the GRC tool to support segregation of duties (SoD), access control, and automated risk assessments.
• Monitor and analyze GRC reports to proactively manage risks and controls, and ensure continuous alignment with best practices.
• Conduct regular SAP audit log reviews to monitor system and other activities and detect any anomalies or unauthorized actions.

Control Management:

• Design, implement, and maintain IT controls to mitigate operational, compliance, and security risks.
• Conduct regular reviews and testing of IT controls to ensure they remain effective and aligned with evolving standards.
• Develop and maintain detailed documentation for IT controls, policies, and procedures, identifying and addressing any process gaps.

Reporting and Communication:

• Prepare detailed reports on risk assessments, audit findings, and compliance status for senior leadership.
• Effectively communicate IT risks, compliance requirements, and remediation efforts to stakeholders at all levels.
• Provide training and support to staff on compliance-related matters to enhance the organization’s overall security culture.

Qualification:

Educational Background:

Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, or a related field.

Related Work Experience:

• Minimum 6 years of experience in IT risk management, compliance, or related fields.
• Proven experience with ISO 27001 implementation and certification.
• Hands-on experience with GRC tools and audit & risk management.

Preferred Technical Qualification / Certifications:

• GRC & Risk tools, ITIL, ISO27001, Identity & Access Management.
• ISO 27001 Information Security Lead Auditor/Implementer.
• SAP Audits Certification.
• Additional certifications such as CISA or CISM are a plus.
• Strong knowledge of IT governance frameworks (e.g., ISO 27001, COBIT, ITIL, GRC) and regulatory requirements.
• Proficiency in conducting risk assessments and implementing IT controls.
• Excellent project management and organizational skills.
• Strong analytical, problem-solving, and decision-making abilities.
• Exceptional communication and stakeholder management skills.
• In-depth understanding of SAP security concepts, particularly in authorization management and Transport Request (TR) processes.