The SAP GRC Analyst is responsible for the creation and maintenance of General IT control objectives in the area of SAP Security. This position will be responsible for ensuring that all SAP Security IT control objectives are in compliance and running to full efficiency. In addition this role will assist with the daily and monthly reporting of SOD (Segregation of Duties) activities from SAP GRC in support of meeting applicable compliance objectives. Candidates must have direct "hands-on" experience in IT audits and functional experience using SAP GRC. This is a cross-functional role, working closely with the SAP Security team and other functional teams to ensure security requirements and solutions meet compliance objectives. Effective communication and technical leadership is critical to the success of this role. Candidates must be able to mentor and teach junior level employees as well as possess the ability to fluently speak both technical and business language interchangeably.
Job Duties/Essential Functions
* Creates and/or remediates GITC (General IT Controls) in support of meeting audit objectives for all SAP modules, and their supporting Databases, within the Costco SAP landscape (i.e. Finance, Retail, Warehouse Management, Payroll, Oracle, HANA, etc.) * Designs IT testing procedures to identify and evaluate risk exposures and determine the effectiveness and efficiency of controls. * Assists with the creation of effective remediation solutions and/or exception documentation where applicable. * Serves as the subject matter expert and point of contact to Internal and External Auditors. * Assists project teams with creation and implementation of IT controls objectives and integration into SAP-GRC. * Assists with the successful completion of the quarterly UAR (User Access Review) audit process. * Collaborates with Internal Audit in developing, testing, and devising solutions to effectively meet applicable IT control objectives. * Regular and reliable workplace attendance at your assigned location.
* Assists in other areas of the department as necessary. * Assists in other areas of the company as necessary.
Ability to operate vehicles, equipment or machinery
* Minimum of 5 years of experience of SAP GRC Access 10.0 and 10.1 with expertise using the following modules: * Account Request Management (ARM) * Access Risk Analysis (ARA) * Emergency Access Management (EAM)
* Minimum of 5 years' work experience in IT Risk Management, SOX compliance and/or auditing with a strong background in IT controls. * Minimum of 5 years of experience with SAP Security across various applications including but not limited to S/4 HANA, ECC, BW, MDG, Fiori, PI/PO, eWM, Solution Manager * Understanding of SAP cloud security * Minimum of 5 years of experience with SOD conflict resolution * Strong understanding of Sarbanes-Oxley (SOX) and other compliance requirements that may impact SAP Security. * Experience developing security solutions that address Sarbanes-Oxley requirements. * Ability to effectively mentor less experienced team members on SAP compliance. * Experience in successful project implementation and follow-up. * Strong conceptual, analytical, problem-solving, troubleshooting and resolution skills. * Ability to monitor and manage the progress of tasks. * Designs, develops and maintains SAP user management and security architecture across SAP environments. This includes hands-on role design and build across a number of complex SAP applications and databases. * Strong time management skills. * Good decision making skills.
* Bachelor's degree in Accounting, Business, Information Technology or Computer Science preferred. * Documentation and presentation skills catered to a diverse technical and business audience. * Technical knowledge of SAP landscapes and roadmaps. * Successful internal candidates will have spent one year or more on their current team.
* Management will review the Job Analysis for this position prior to a job offer.
To Apply: Use the link below to upload all required documents to
Apart from any religious or disability considerations, open availability is needed to meet the needs of the business. If hired, you will be required to provide proof of authorization to work in the United States. Applicants and employees for this position will not be sponsored for work authorization, including, but not limited to H1-B visas.