Sr. Spec. DDIT APD Shared Services SAM A&IM

Sr. Spec. DDIT APD Shared Services SAM A&IM

Job ID REQ-10040602 Feb 16, 2025 Malaysia

Summary

As a Subject Matter Expert of SAP Access & Identity Management and SAP Security/ GRC, you are responsible for SAP security operation, design, implementation and audit, ensuring compliance and efficiency of user access management.

About the Role

Major accountabilities:

1. Responsible for global access management/ operation, ensuring processes are effectively operated and in compliance.
2. Responsible for the overall continuous improvement, security control implementation, life cycle of security documents and training.
3. Responsible for audit facing and support including walkthrough, collection of evidence, governance of audit deliverables, and resolving any audit issues.
4. Serve as the subject matter expert (SME) for security enhancement, providing expert advice and guidance to business and compliance stakeholders.
5. Advise peers and management on complex issues, providing contextual advice to influence management on new implementations and risks across business domains.
6. Support vendor service performance, ensuring quality standards are met.

Key performance indicators:

1. Ensure adherence of operation/vendor to control objectives and agreed SLA/KPI.
2. Ensure appropriateness of security control implementation and that there are no gaps in design and operation.
3. Ensure improvement/enhancement initiatives are implemented on time.
4. Ensure regular successful audits related to user access management and that all gaps are addressed on time.

Work Experience:

1. Extensive experience in SAP/Application Security and Identity Management.
2. Proven track record, preferably with more than 3 end-to-end project experiences in SAP S&A implementation and support of large-scale global operations.
3. Experience in audit and control design.
4. Experience in managing vendor services and ensuring alignment with security standards.
5. Good exposure to one or more technology landscapes - SAP GRC, IAG, ECC, S4/HANA, SAP BTP, HANA/BW/BO, SRM, MDM, SAP SaaS (ARIBA, Concur) & other SAP endorsed apps.
6. Experience with risk/governance management and CISA/CISM certification is a strong plus.

Skills:

1. Excellent level of functional and technical knowledge of SAP security & authorization.
2. Excellent level of audit and control of Identity access management.
3. Strong knowledge in identity lifecycle management concepts including role design, RBAC, SoD, Least Privilege principle, and good understanding of IAM IT general controls/regulatory compliance requirements.
4. Good exposure to one or more technology landscapes - SAP GRC, IAG, ECC, S4/HANA, SAP BTP, HANA/BW/BO, SRM, MDM, SAP SaaS (ARIBA, Concur) & other SAP endorsed apps.
5. Experience with other identity lifecycle management products is a strong plus.
6. Possess great analytical and consulting skills to provide recommendations and solutions for user access design gaps and remediation.

Skills (summary):

1. SAP Security & Authorization design
2. Analytical & problem-solving
3. Project management

Languages: Why Novartis: Helping people with disease and their families takes more than innovative science. It takes a community of smart, passionate people like you. Collaborating, supporting, and inspiring each other. Combining to achieve breakthroughs that change patients’ lives. Ready to create a brighter future together? Join our Novartis Network: Sign up to our talent community to stay connected and learn about suitable career opportunities as soon as they come up. #J-18808-Ljbffr