Costco Wholesale
Overview
Join to apply for the
Security Engineer - SAP GRC
role at
Costco Wholesale . Costco IT is responsible for the technical future of Costco Wholesale, a global retailer with wholesale operations in fourteen countries. Costco is regularly recognized for its employee-centric culture and community involvement. Role:
SAP GRC Engineer
supports legal, ethical, and regulatory obligations; protects privacy; and maintains a secure technology environment. SAP GRC Engineers develop and execute security controls, defenses, and countermeasures to intercept and prevent attacks, and to monitor and improve systems and data security. This position creates and maintains General IT control objectives in SAP GRC, ensures SAP GRC IT control objectives are compliant and efficient, and assists with daily/monthly reporting of SOD activities to meet compliance objectives. It is a cross-functional role working with the SAP Security team and other functional teams to ensure security requirements and solutions meet compliance objectives. If you want to be part of one of the world’s BEST companies, apply and let your career be reimagined.
Responsibilities
Provides GRC, security, and technical expertise to support the development of GRC objects to satisfy business requirements. Analyses and administers GRC policies to control physical and virtual system access. Identifies and investigates GRC issues and develops solutions that address compliance requirements that can impact GRC and security. Identifies, develops, and implements mechanisms to detect incidents to enhance compliance and support standards and procedures. Assesses business role requirements, reviews authorization roles, and supports authorizations. Demonstrates testing for multiple environments and coordinates testing with business/technical users. Validates system configurations to protect information systems from unauthorized access or destruction. Applies information security standards and practices (access control, system hardening, logging, incident handling). Identifies GRC gaps and develops remediation plans. Determines strategy and protocol for network behavior, analysis techniques, and tool implementation. Creates dashboards, configures alerts, and supports security software platforms. Seeks process improvements to increase effectiveness. Implements practices consistent with Costco's policies and IT standards. Documents GRC events and incident handling procedures into Playbooks; ensures incident documentation is complete. Triages, prioritizes, and coordinates security events and incident handling activities. Creates and remediates General IT Controls (GITC) in support of SAP modules and databases within the Costco SAP landscape. Designs IT testing procedures to identify risk exposures and evaluate control effectiveness. Assists with remediation solutions and exception documentation where applicable. Serves as SME and point of contact to Internal and External Auditors. Assists project teams with IT controls integration into SAP-GRC; supports quarterly User Access Review (UAR) audits. Collaborates with Internal Audit on IT controls objectives and solutions. Continues personal growth in technology, Costco policies, and platforms; participates in team planning to improve skills and quality.
Qualifications
Required
Minimum of 12 years’ experience with SAP GRC Access 10.0/12.0, including ARM, ARA, EAM, UAR, PC, SAP ETD. Minimum of 7 years’ IT Risk Management, SOX compliance, or auditing with a strong IT controls background. Minimum of 7 years’ experience with SAP Security across multiple applications (S/4 HANA, ECC, BW, MDG, Fiori, PI/PO, eWM, Solution Manager). Minimum of 7 years’ experience with SOD conflict resolution. Hands-on IT audit experience and SAP GRC functional experience. Understanding of SAP cloud security and SOX/compliance requirements. Experience with internal and external auditors; ability to develop SAP GRC solutions addressing SOX. Strong communication and technical leadership; ability to bridge technical and business language. Ability to mentor peers on SAP compliance and manage project implementations with strong time management. Ability to design and maintain SAP user management and security architecture across SAP environments. Flexibility for 24x7 on-call rotational support. Recommended
Bachelor’s degree in Accounting, Business, IT, or Computer Science (preferred). Strong documentation and presentation skills for diverse audiences. Technical knowledge of SAP landscapes and roadmaps. Proficiency with Google Workspace applications.
Documents
Cover Letter Resume
Pay and Benefits
Pay Range: Level Sr - $150,000 - $190,000; Bonus and RSU eligible. Comprehensive benefits include paid time off, health benefits, 401(k), stock purchase plan, and more.
Equal Opportunity
Costco is an equal opportunity employer. If you need assistance or an accommodation during the application process, please contact IT-Recruiting@costco.com.
Location
Seattle, WA
#J-18808-Ljbffr
Join to apply for the
Security Engineer - SAP GRC
role at
Costco Wholesale . Costco IT is responsible for the technical future of Costco Wholesale, a global retailer with wholesale operations in fourteen countries. Costco is regularly recognized for its employee-centric culture and community involvement. Role:
SAP GRC Engineer
supports legal, ethical, and regulatory obligations; protects privacy; and maintains a secure technology environment. SAP GRC Engineers develop and execute security controls, defenses, and countermeasures to intercept and prevent attacks, and to monitor and improve systems and data security. This position creates and maintains General IT control objectives in SAP GRC, ensures SAP GRC IT control objectives are compliant and efficient, and assists with daily/monthly reporting of SOD activities to meet compliance objectives. It is a cross-functional role working with the SAP Security team and other functional teams to ensure security requirements and solutions meet compliance objectives. If you want to be part of one of the world’s BEST companies, apply and let your career be reimagined.
Responsibilities
Provides GRC, security, and technical expertise to support the development of GRC objects to satisfy business requirements. Analyses and administers GRC policies to control physical and virtual system access. Identifies and investigates GRC issues and develops solutions that address compliance requirements that can impact GRC and security. Identifies, develops, and implements mechanisms to detect incidents to enhance compliance and support standards and procedures. Assesses business role requirements, reviews authorization roles, and supports authorizations. Demonstrates testing for multiple environments and coordinates testing with business/technical users. Validates system configurations to protect information systems from unauthorized access or destruction. Applies information security standards and practices (access control, system hardening, logging, incident handling). Identifies GRC gaps and develops remediation plans. Determines strategy and protocol for network behavior, analysis techniques, and tool implementation. Creates dashboards, configures alerts, and supports security software platforms. Seeks process improvements to increase effectiveness. Implements practices consistent with Costco's policies and IT standards. Documents GRC events and incident handling procedures into Playbooks; ensures incident documentation is complete. Triages, prioritizes, and coordinates security events and incident handling activities. Creates and remediates General IT Controls (GITC) in support of SAP modules and databases within the Costco SAP landscape. Designs IT testing procedures to identify risk exposures and evaluate control effectiveness. Assists with remediation solutions and exception documentation where applicable. Serves as SME and point of contact to Internal and External Auditors. Assists project teams with IT controls integration into SAP-GRC; supports quarterly User Access Review (UAR) audits. Collaborates with Internal Audit on IT controls objectives and solutions. Continues personal growth in technology, Costco policies, and platforms; participates in team planning to improve skills and quality.
Qualifications
Required
Minimum of 12 years’ experience with SAP GRC Access 10.0/12.0, including ARM, ARA, EAM, UAR, PC, SAP ETD. Minimum of 7 years’ IT Risk Management, SOX compliance, or auditing with a strong IT controls background. Minimum of 7 years’ experience with SAP Security across multiple applications (S/4 HANA, ECC, BW, MDG, Fiori, PI/PO, eWM, Solution Manager). Minimum of 7 years’ experience with SOD conflict resolution. Hands-on IT audit experience and SAP GRC functional experience. Understanding of SAP cloud security and SOX/compliance requirements. Experience with internal and external auditors; ability to develop SAP GRC solutions addressing SOX. Strong communication and technical leadership; ability to bridge technical and business language. Ability to mentor peers on SAP compliance and manage project implementations with strong time management. Ability to design and maintain SAP user management and security architecture across SAP environments. Flexibility for 24x7 on-call rotational support. Recommended
Bachelor’s degree in Accounting, Business, IT, or Computer Science (preferred). Strong documentation and presentation skills for diverse audiences. Technical knowledge of SAP landscapes and roadmaps. Proficiency with Google Workspace applications.
Documents
Cover Letter Resume
Pay and Benefits
Pay Range: Level Sr - $150,000 - $190,000; Bonus and RSU eligible. Comprehensive benefits include paid time off, health benefits, 401(k), stock purchase plan, and more.
Equal Opportunity
Costco is an equal opportunity employer. If you need assistance or an accommodation during the application process, please contact IT-Recruiting@costco.com.
Location
Seattle, WA
#J-18808-Ljbffr