- FLIR Systems
- Job Category
- Banking & Financial Services
- Job Type
At FLIR, we have a simple but ambitious mission: to develop market-leading thermal and sensing technologies which enhance everyday life. From saving energy, to saving lives FLIR is making a real difference in our world.
Our products are used in a wide array of situations to rescue people in danger, detect criminals, conserve energy, navigate safely, provide security around the globe, and protect our environment.
We are looking for individuals who thrive on making an impact and want the excitement of being on a team that wins.
As part of the SAP Security Team, the GRC Analyst will be responsible for the overall design and functionality of the GRC application. The position will play a key role in the achieving the organizations IT Compliance requirements. There will be significant influence as a key decision maker, as well as one of the prime architects designing processes that reflect industry best practices and in alignment with the company’s strategic initiatives. The activities will involve configuration, functional requirements definition, test(planning and execution), as well as consulting on SOD conflicts (risks, mitigation, remediation), end-user support, project management, etc.. The role will encompass supporting both operational and project tasks.
- Implement the Access Control components specifically to meet project requirements:
- Analysis and Risk Management
- Access Request Management
- Emergency Access Management
- Build SAP Security roles in both ABAP and Java stacks
- Provision and assign access to users in both ABAP and Java stacks
- Conduct workshops for scoped solutions
- Participate with key stakeholders to gain acceptance on designs
- Define and develop user provisioning and emergency access workflows
- Develop procedures for the definition, maintenance and reporting of SoD conflicts and CA
- Develop AC risk and controls matrices for adherence to compliance objectives
- Define GRC master data (e.g. rule-set, workflows, firefighter IDs, etc.)
- Develop strategy and procedural documents
- Develop and conduct training curriculum
- Assist in the development of production deployment check list and the completion thereof
- Assist in mapping technical security roles to users
- Assist in the provisioning of user in system
- Execute SOD and CA reports
- Assist in the resolution of SOD and CA issues
- Consult with user's manager to resolve SOD conflicts either by remediating or mitigating conflicts
- In the periodic user access review process, GRC-Analyst should consult user's manager to get confirmation/rejection of the user’s access and apply that in the components of Access Control
- Design / define processes, reference and master data
- Runs SOD reports at the organizational level
- Ensures application is compliance with FLIR policies
- Identify incidents and risks, breaches to data security and provide remedies and solutions for future.
- Execute controls defined by corporate compliance
- Serves as an escalation point to track and follow-up on risk events
- Develops and maintains risk register and designs self-assessments to help identify risks
- Ensures all IT policy and procedures are documented and updated according to regulatory standards, deadlines are met, approvals obtained, guidelines followed, repository usage understood, and repository / system of record up-to-date as defined by the IT Governance program
- Interfaces with internal and external requestors as an escalated point and reviews IT artifacts for completeness and satisfaction for the delivery of quality services regarding important issues / priorities, and deadline-sensitive information
- Engages with technical process owners to understand technical process steps, identify risk, and drive toward a completed documentation that aligns with the IT Governance and Risk Management programs
- Provides solutions and coordinates the execution of control mechanism/testing against technical procedures to ensure appropriate execution and that risk is mitigated to an appropriate level
- Analyzes business problems using software, analytical tools and techniques, business process and technical knowledge and to general common sense to formulate solutions
- Defines and delivers appropriate IT GRC metrics, analytics, and scorecards
- Maintains all versions and version control for all IT GRC program documentation and pipeline with a thorough understanding of the processes and communicates the status
- Organizes and leads IT GRC-related meetings and prepares meeting agendas
- Must have 7 years experience as GRC Analyst
- Must have 7 years SAP security administration
- Experience with all the modules of SAP Governance, Risk and Compliance(GRC), specifically Access Control
- Experience with SAP Identity Management tool
- Knowledge and Expertise with SAP security architecture
- Knowledge and Expertise in task-based role design
- Knowledge and Expertise in position/job based security architecture
- Knowledge and experience with SOX, GDPR, NIST 800 and other security compliance related to SAP applications
- Ability to perform any of the GRC Access Control roles such as:
- ARA Risk-Owner, Control-Owner and/or Control-Monitor
- EAM Firefighter-Owner and/or Firefighter-Controller
- ARM Role-Owner
- Ability to perform any of the GRC Risk Management Roles
- Ability to perform any of the GRC Process Control
- Understand mitigating controls and how they address the SOD conflicts locally
- Understand the basic functionality of the components of Access Control such as: SOD analysis, mitigating control assignment to user’s conflicts and maintaining mitigating controls by adding monitors.
- Required MS-Office skills, Advanced MS-Access and MS-Excel
- Excellent written and verbal communication skills.
- Strong analytical and problem solving skills.
- Ability to work both independently and as part of a team
- Ability to deliver quality work product in a timely fashion in a fast-paced environment.
- Ability to multi-task and prioritize tasks.
- Ability to exercise good professional judgment.
- Ability to work well with people from many different disciplines
- Ability to work well with people with varying degrees of technical experience.
- Ability to adapt to a dynamic, rapidly changing business and technical environment.
- Certification such as CISA or CISSP are desired.
- Demonstrate a strong understanding of various compliance and regulatory areas (e.g. SOX, PCI, etc…)
- Demonstrate an in-depth understanding of the risk register, risk exposure, risk reporting
- Demonstrate an in-depth understanding of the handling of risk events
FLIR and all of our employees are committed to conducting business with the highest ethical standards. We require all employees to comply with all applicable laws, regulations, rules and regulatory orders. Our reputation for honesty, integrity and high ethics is as important to us as our reputation for making innovative sensing solutions.
FLIR is an equal opportunity employer.