EY SAP Security, Business Role Design Supervising Associate (Governance, Risk and Compliance) in Des Moines, Iowa
At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all.
Mercury is a large, multi-year, enterprise-wide process transformation that will replace more than 1400 EY business systems and related processes with an integrated, SAP centric platform that will standardize and harmonize activities throughout the organization and significantly improve how EY manages its business. Mercury is a key enabler of EY’s NextWave, directly supporting the efforts of a number of transformation initiatives across the Firm by streamlining the application portfolio, reducing operating costs and providing a platform to deliver services more efficiently.
The Mercury solution is built upon the very latest of technologies (Portal, Mobile, SaaS) and a variety of hosting models (Cloud, Vendor and Internal). The SAP footprint is comprehensive, and the non-SAP components are varied. The user base at the final rollout will be in excess of 300k.
As an organization jointly owned by the business and IT, the Mercury Support Team (MST) is a centralized and global organization which will provide operational support for the delivered Mercury solution and manage and support the Mercury user community. The MST will play an integral role in governance of the Mercury solution and the global template from both a business and IT perspective and will evolve to work closely with the business in enabling the benefit and value to be realized from the investment in Program Mercury and to set the future direction and technology road map to support Vision 2020+.
The Finance Operations Workstream is one of the five core functions of the MST. Within the Finance Operations stream the governance, risk, and compliance function (GRC) will provide an appropriately resourced and skilled organization that will focus on managing SAP security and controls to ensure users can accomplish business tasks while adhering to the Firm’s governance policies.
As a part of the Governance, Risk and Compliance function, the SAP Security resource plays a key role in driving the benefit and value from the Mercury solution. Working with key stakeholders in MST IT and Business functions, the Mercury Program, and firm wide Security & Controls Stakeholders, the MST GRC SAP Security resource will be responsible for but not limited to:
Function as a subject matter expert and trusted technical advisor to the MST GRC Environments team lead as well as MST GRC team lead
Review requirements determine impact to the global design/integration with the GRC system as well as be responsible for sign-off on the initial design and the assessment of modifications required to the Business Role catalog, GRC Ruleset, Business roles to finalize the solution design.
Design or update application security roles related to approved change requests. Provide support in planning, preparation activities and defect resolution execution during role-based testing for any planned deployments, releases, and other MST initiatives.
Review and validate the GRC Ruleset to ensure that it addresses access risks defined in the firm’s risk and control matrix, as well as maintain the ruleset updated for customization to the Mercury SAP application, as well as address new legal and operational risks. Ensure ruleset is kept updated based on leading practices and ensure the likelihood and consequence of each risk is appropriately calibrated to EY business practices and risk tolerances.
Manage access clean-up and remediation with the member firms associated with User Access reviews, SOD reviews and any Risk Analysis aligned with the overall knowledge of the SOD ruleset. This individual requires solid communications skills and understanding of all the SAP business processes in addition to deep technical knowledge of SAP roles and transactions.
Standardize the rollout of SAP application security across the organization by creating a uniform approach – except where deviation is justified based on local legal, statutory, or regulatory requirements
Your key responsibilities
Design, test, troubleshoot and maintain security roles across the SAP platform, working closely with business users, functional teams, and technical teams to ensure that appropriate access controls are integrated within the roles.
Provide audit services to detect deviations of established procedures, role mappings, as well as unauthorized changes to the SAP systems’ security and report findings to executive leadership.
Display a solid understanding of key processes and methodologies related to user provisioning, role definitions, and risk analysis for the SAP platform.
Display a working knowledge of key business processes related to finance, procurement, customer management, order to cash, time and expense management to understand business requirements and translate to security roles
Ensure that SAP application security standards are fully integrated into the SAP platform and aligned with the corporate strategic plan. Monitor the SAP platform for applicable compliance, including but not limited to segregation of duties and sensitive transactions.
Review, modify and develop technical design documents in support of change management processes.
Support and execute unit testing, functional testing, performance testing in various non-production environments.
Develop and maintain strong working relationships with the business and MST leads to support business role design, testing and implementation activities.
Managing service requests, change requests and Incidents in adherence to ITIL service management process.
Actively participate in Change Advisory Board meetings ensuring that all security related matters are represented properly.
Make informed judgments and take appropriate action regarding issues which may potentially impact the quality of services delivered by the MST across the relevant functional area
Analyse requirements from the business and take appropriate steps to define action plans which are detailed, meaningful, and set expectations appropriately with the business
Analyse service performance based on data provided and interpret the data to determine the quality of the service – validate this against the user perception of the service
Engage and work closely with the stakeholders across business and IT, using personal experience and judgement to define tailored approaches to dealing with specific stakeholders, setting expectations appropriately and building trust and confidence.
Ability to lead/support multiple projects simultaneously and properly manage business expectations
Function as a leader within the organization and as a mentor to GRC team members and fellow colleagues
Share knowledge and skill with other areas and leads cross-functional initiatives that may extend beyond direct area of responsibility.
Key contributor to organizational goals, prioritized initiatives and a defined and agreed upon resource plan.
Skills and attributes for success
The key skills needed for success in the role will be the abilities to understand the Mercury business requirements, and to ensure that the Mercury security and GRC solution is continuously refined, updated and maintained. In addition, the expectation will be to provide exceptional client service in the support of the EY Business, minimize risk exposure to the firm’s financial data, while ensuring individuals can perform their job duties on a day-to-day basis with streamlined access to the Mercury platform.
To qualify for the role, you must have
A Bachelor’s degree in Business, Accounting, Finance, Computer Science, Information Systems, Engineering, Law or a related field and 7 years of progressive, post-baccalaureate related work experience. Alternatively, will accept a Master’s degree in Business, Accounting, Finance, Computer Science, Information Systems, Engineering or a related field and 5 years of related work experience.
At a minimum 5 years of work experience with a mid-to-large size public accounting firm, professional services consulting firm, or within industry.
5+ years of working experience with SAP system security including but not limited to access controls, process controls, role design and maintenance.
5+ years of specific SAP GRC Access Control working experience including but not limited to access request management, access risk analysis, emergency access management and business role management.
5+ years of experience at a minimum for one or more of the following SAP products: ECC, CRM – C4C, SRM, BW HANA, Business Objects, BPC, Concur, Solution Manager
2 years of experience in project/change management, preparing and delivering reports, and giving presentations to senior stakeholders.
Ideally, you’ll also have
SAP Security and/or Product certifications preferred
CISA or equivalent security and controls related certifications preferred
What we look for
We need someone who can build on a strong understanding of the firm’s vision and deliver solutions which constantly enhance how Mercury supports this vision. We need someone who can demonstrate an inclusive and globally aware mindset, excellent problem solving and decision-making skills. Most importantly, we are looking for someone to join a high performing team with a positive attitude, who enjoys operating in a dynamic, changing, and fast-moving environment.
What we offer
As part of this role, you'll work in a highly integrated, global team with the opportunity and tools to grow, develop and drive your career forward. Here, you can combine global opportunity with flexible working. The EY benefits package goes above and beyond too, focusing on your physical, emotional, financial and social well-being. Your recruiter can talk to you about the benefits available in your country. Here’s a snapshot of what we offer:
Continuous learning: You’ll develop the mindset and skills to navigate whatever comes next.
Success as defined by you: We’ll provide the tools and flexibility, so you can make a meaningful impact, your way.
Transformative leadership: We’ll give you the insights, coaching and confidence to be the leader the world needs.
Diverse and inclusive culture: You’ll be embraced for who you are and empowered to use your voice to help others find theirs.
Please apply to this role only through the ‘Apply’ link (not through the local office). Your application will then be routed to the appropriate recruiting team.
The exceptional EY experience. It’s yours to build.
EY | Building a better working world
EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.
Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.
Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.
EY is an equal opportunity, affirmative action employer providing equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, national origin, protected veteran status, disability status, or any other legally protected basis, in accordance with applicable law.
- EY Jobs