Costco IT
Overview
Join to apply for the
Security Engineer - SAP GRC
role at Costco IT. Costco IT is responsible for the technical future of Costco Wholesale, and supports its growth as a large global retailer with a family, employee-centric culture. Costco IT is building the next generation retail environment and SAP GRC Engineers play a key role in security, compliance, and risk management. Responsibilities
Provides GRC, security, and technical expertise to support the development of GRC objects to satisfy business requirements. Analyzes and administers GRC policies to control physical and virtual system access. Identifies and investigates GRC issues and develops solutions that address compliance requirements that can impact GRC and security. Identifies, develops, and implements mechanisms to detect incidents to enhance compliance and support of standards and procedures. Assesses business role requirements, reviews authorization roles, and supports authorizations. Demonstrates a comprehensive skill set with testing authorizations for multiple environments and coordinates testing with business/technical users. Validates system configurations to ensure the safety of information systems assets and protects information systems from intentional or inadvertent access or destruction. Implements best practice when applying knowledge of information systems security standards/practices (e.g. access control and system hardening, system audit and log file monitoring, security policies, and incident handling). Identifies GRC gaps that expose Costco to potential exploit and develops remediation priorities and actions. Determines strategy and protocol for network behavior, analysis techniques, and tool implementation. Creates dashboards, configures alerts, implements and supports security software platforms, and monitors tools/apps. Identifies opportunities for streamlining and increasing effectiveness through continuous process improvement. Implements practices, processes, and procedures consistent with Costco's information security policy and IT standards. Develops and documents GRC events and incident handling procedures into Playbooks. Ensures incident documentation is comprehensive, accurate, and complete. Triages, prioritizes, investigates, and coordinates security events and incident handling activities. Creates and/or remediates GITC (General IT Controls) in support of meeting audit objectives for SAP modules and their supporting databases within the Costco SAP landscape. Designs IT testing procedures to identify and evaluate risk exposures and determine the effectiveness and efficiency of controls. Assists with the creation of remediation solutions and/or exception documentation where applicable. Serves as the subject matter expert and point of contact to Internal and External Auditors. Assists project teams with creating and implementing IT controls objectives and integration into SAP-GRC. Assists with the quarterly UAR (User Access Review) audit process and collaborates with Internal Audit to meet IT control objectives. Takes responsibility for continued personal growth in technology, Costco policies, and platforms; participates in team activities and planning to improve skills and quality of work. Required
Minimum of 12 years’ experience with SAP GRC Access 10.0 and/or 12.0 with expertise in ARM, ARA, EAM, UAR, PC, and SAP ETD. Minimum of 7 years’ work experience in IT Risk Management, SOX compliance, and/or auditing with a strong IT controls background. Minimum of 7 years’ experience with SAP Security across multiple applications (S/4 HANA, ECC, BW, MDG, Fiori, PI/PO, eWM, Solution Manager, etc.). Minimum of 7 years’ experience with SOD conflict resolution. Hands-on IT audits experience and functional SAP GRC knowledge. Understanding of SAP cloud security. Strong understanding of SOX and other compliance requirements affecting controls. Experience working with internal and external auditors and developing SAP GRC solutions addressing SOX requirements. Effective communication and technical leadership; ability to translate between technical and business perspectives. Ability to mentor other team members on SAP compliance. Experience with project implementation, time management, and independent task progression. Strong analytical, problem-solving, and remediation skills; ability to design and maintain SAP user management and security across SAP environments. Scheduling flexibility to meet business needs, including 24x7 on-call rotational support. Recommended
Bachelor’s degree in Accounting, Business, Information Technology, or Computer Science preferred. Strong documentation and presentation skills for diverse technical and business audiences. Technical knowledge of SAP landscapes and roadmaps. Proficient in Google Workspace applications (Sheets, Docs, Slides, Gmail). Required Documents
Cover Letter Resume California applicants, please review the Costco Applicant Privacy Notice. Pay Range: Level Sr - $150,000 - $190,000. Bonus and Restricted Stock Unit (RSU) eligible. Costco is an equal opportunity employer. Costco is committed to a diverse and inclusive workplace; qualified applicants will receive consideration without regard to race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or any other legally protected status. If you need assistance or a reasonable accommodation, please contact IT-Recruiting@costco.com. If hired, you will be required to provide proof of authorization to work in the United States.
#J-18808-Ljbffr
Join to apply for the
Security Engineer - SAP GRC
role at Costco IT. Costco IT is responsible for the technical future of Costco Wholesale, and supports its growth as a large global retailer with a family, employee-centric culture. Costco IT is building the next generation retail environment and SAP GRC Engineers play a key role in security, compliance, and risk management. Responsibilities
Provides GRC, security, and technical expertise to support the development of GRC objects to satisfy business requirements. Analyzes and administers GRC policies to control physical and virtual system access. Identifies and investigates GRC issues and develops solutions that address compliance requirements that can impact GRC and security. Identifies, develops, and implements mechanisms to detect incidents to enhance compliance and support of standards and procedures. Assesses business role requirements, reviews authorization roles, and supports authorizations. Demonstrates a comprehensive skill set with testing authorizations for multiple environments and coordinates testing with business/technical users. Validates system configurations to ensure the safety of information systems assets and protects information systems from intentional or inadvertent access or destruction. Implements best practice when applying knowledge of information systems security standards/practices (e.g. access control and system hardening, system audit and log file monitoring, security policies, and incident handling). Identifies GRC gaps that expose Costco to potential exploit and develops remediation priorities and actions. Determines strategy and protocol for network behavior, analysis techniques, and tool implementation. Creates dashboards, configures alerts, implements and supports security software platforms, and monitors tools/apps. Identifies opportunities for streamlining and increasing effectiveness through continuous process improvement. Implements practices, processes, and procedures consistent with Costco's information security policy and IT standards. Develops and documents GRC events and incident handling procedures into Playbooks. Ensures incident documentation is comprehensive, accurate, and complete. Triages, prioritizes, investigates, and coordinates security events and incident handling activities. Creates and/or remediates GITC (General IT Controls) in support of meeting audit objectives for SAP modules and their supporting databases within the Costco SAP landscape. Designs IT testing procedures to identify and evaluate risk exposures and determine the effectiveness and efficiency of controls. Assists with the creation of remediation solutions and/or exception documentation where applicable. Serves as the subject matter expert and point of contact to Internal and External Auditors. Assists project teams with creating and implementing IT controls objectives and integration into SAP-GRC. Assists with the quarterly UAR (User Access Review) audit process and collaborates with Internal Audit to meet IT control objectives. Takes responsibility for continued personal growth in technology, Costco policies, and platforms; participates in team activities and planning to improve skills and quality of work. Required
Minimum of 12 years’ experience with SAP GRC Access 10.0 and/or 12.0 with expertise in ARM, ARA, EAM, UAR, PC, and SAP ETD. Minimum of 7 years’ work experience in IT Risk Management, SOX compliance, and/or auditing with a strong IT controls background. Minimum of 7 years’ experience with SAP Security across multiple applications (S/4 HANA, ECC, BW, MDG, Fiori, PI/PO, eWM, Solution Manager, etc.). Minimum of 7 years’ experience with SOD conflict resolution. Hands-on IT audits experience and functional SAP GRC knowledge. Understanding of SAP cloud security. Strong understanding of SOX and other compliance requirements affecting controls. Experience working with internal and external auditors and developing SAP GRC solutions addressing SOX requirements. Effective communication and technical leadership; ability to translate between technical and business perspectives. Ability to mentor other team members on SAP compliance. Experience with project implementation, time management, and independent task progression. Strong analytical, problem-solving, and remediation skills; ability to design and maintain SAP user management and security across SAP environments. Scheduling flexibility to meet business needs, including 24x7 on-call rotational support. Recommended
Bachelor’s degree in Accounting, Business, Information Technology, or Computer Science preferred. Strong documentation and presentation skills for diverse technical and business audiences. Technical knowledge of SAP landscapes and roadmaps. Proficient in Google Workspace applications (Sheets, Docs, Slides, Gmail). Required Documents
Cover Letter Resume California applicants, please review the Costco Applicant Privacy Notice. Pay Range: Level Sr - $150,000 - $190,000. Bonus and Restricted Stock Unit (RSU) eligible. Costco is an equal opportunity employer. Costco is committed to a diverse and inclusive workplace; qualified applicants will receive consideration without regard to race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or any other legally protected status. If you need assistance or a reasonable accommodation, please contact IT-Recruiting@costco.com. If hired, you will be required to provide proof of authorization to work in the United States.
#J-18808-Ljbffr