Description

Brief Overview of position Manage multiple internal audit assignments of the SAP / HANA supporting the lines of business and support functions, in accordance with professional standards and effectively communicating control deficiencies for all areas. Detailed responsibilities ● Reviewing and testing of SAP S4 Hana / SAP ECC IT general controls (ITGC) for key domains such as access management, change management, computer operations, SDLC (System Development Life Cycle) and automated business process controls. ● Identification and testing of SAP S4 Hana / SAP ECC IT security and IT risk (e.g., data systems, network and applications) across the enterprise. ● Review of the TCode, tables used to extract the data from SAP S4 Hana / SAP ECC with relation to ITGC and ITAC testing. ● Review of SAP S4 Hana / SAP ECC user access security architecture (Roles, profiles, Authorisation objects) ● Reviewing and testing the Operating System (OS) and Hana Database (DB) controls in SAP S4 Hana / SAP ECC environment. ● Evaluation and testing of sensitive access and SOD (Segregation of Duties) across key business and IT process in SAP S4 Hana / SAP ECC and GRC environment. ● SAP GRC access control (AC) & process control (PC), financial compliance management (FCM). ● reviewing and interpretation the ABAP codes with relation to the control testing for ITGC’s and ITAC’s in SAP S4 Hana / SAP ECC environment. ● Reviewing and testing the key business process configurations (ITAC’s) in SAP S4 Hana / SAP ECC environment. Having strong knowledge of SAP S4 Hana / SAP ECC configurations (e.g., 3-way match, copy controls) is must. ● Experience in IT audit in the context of a financial audit & related regulations, auditing standards and guidelines. ● Assist in the ongoing automation of SAP audit procedures ● Reviewing IT systems in terms of adequacy of controls, security, operational considerations, conversion issues and project management. ● Process risk management, quality assurance, audit engagement planning, audit program development Qualification: ● Bachelor’s degree in related technology field (Computer, Engineering, Science, etc.) ● SAP S4 Hana / SAP ECC functional modules/ ABAP/ Security Certification (Preferred) ● CISA certified (Preferred) ● ISO 27001:2013 certified (Preferred) Experience: ● 5-10 years of relevant processes including: experience in assessing SAP systems and

Role and Responsibilities

• ● Reviewing and testing of SAP S4 Hana / SAP ECC IT general controls (ITGC) for key domains such as access management, change management, computer operations, SDLC (System Development Life Cycle) and automated business process controls. ● Identification and testing of SAP S4 Hana / SAP ECC IT security and IT risk (e.g., data systems, network and applications) across the enterprise. ● Review of the TCode, tables used to extract the data from SAP S4 Hana / SAP ECC with relation to ITGC and ITAC testing. ● Review of SAP S4 Hana / SAP ECC user access security architecture (Roles, profiles, Authorisation objects) ● Reviewing and testing the Operating System (OS) and Hana Database (DB) controls in SAP S4 Hana / SAP ECC environment. ● Evaluation and testing of sensitive access and SOD (Segregation of Duties) across key business and IT process in SAP S4 Hana / SAP ECC and GRC environment. ● SAP GRC access control (AC) & process control (PC), financial compliance management (FCM). ● reviewing and interpretation the ABAP codes with relation to the control testing for ITGC’s and ITAC’s in SAP S4 Hana / SAP ECC environment. ● Reviewing and testing the key business process configurations (ITAC’s) in SAP S4 Hana / SAP ECC environment. Having strong knowledge of SAP S4 Hana / SAP ECC configurations (e.g., 3-way match, copy controls) is must. ● Experience in IT audit in the context of a financial audit & related regulations, auditing standards and guidelines. ● Assist in the ongoing automation of SAP audit procedures ● Reviewing IT systems in terms of adequacy of controls, security, operational considerations, conversion issues and project management. ● Process risk management, quality assurance, audit engagement planning, audit program development