Diamondback Energy
Advisor System Admin - SAP Security
Diamondback Energy, Oklahoma City, Oklahoma, United States, 73116
Overview
CURRENT EMPLOYEES - Please apply using "Jobs Hub" in Workday. This career site is for external applicants only. The SAP Security / GRC Admin is responsible for the management and support of SAP Roles and Security with the Diamondback SAP environment. This position will provide technical and thought leadership in the design, development, implementation, and support of the SAP Role Administration functions across the entire landscape. This role will also provide key contributions in a cross functional approach in the overall and ongoing management, testing and support of the SAP landscape for patches, upgrades and day to day operational issues. Responsibilities
Design, deploy and maintain security solutions that enable the business community to achieve their goals while providing proper identity and access management controls Analyze processes and system user needs to deliver quality solutions that meet both business and functional end-to-end requirements Drive overall security strategy including role design and provisioning for S/4HANA ecosystem including SAP S/4 HANA, FIORI, GTS, Solution Manager, HANA & other Databases, BTP, etc. Identify security risks, determine root causes of security violations, suggest risk mitigation and control measures and build required procedures and controls Ensure SAP security development and deployment execution align with standards, methodologies, and processes Identify root causes of issues and provide permanent solutions. Work with the Functional team in proposing solutions for the overall stability of the applications Daily monitoring of jobs that are necessary for the GRC application(s) to run effectively and efficiently, e.g. nightly risk analysis reporting Provide day-to-day technical support and resolution of security issues, troubleshooting SAP security problems including approval procedures and all necessary compliance Develop and maintain processes with applicable documentation related to security by coordinating with IT management and governance teams Work with IT management as well as governance groups to facilitate appropriate controls around user/system access Proactively interact with senior management to discuss and explain issues affecting users or systems Generate SOX / ad hoc reports on a monthly / quarterly / semi-annual basis Provide production support and enhancement testing for existing security roles and positions/functions Work closely with SAP functional teams to create roles, profiles and authorizations that meet audit requirements as well as functional requirements for end users Maintain Segregation of Duties for the SAP environment (e.g. HR / Payroll, BASIS, Security Administration, and BI) Collaborate with a team to design, build and deploy security frameworks, devices and applications Vulnerability Assessment and Penetration Testing: Conduct regular security assessments, vulnerability scans, and penetration tests to identify and address potential security weaknesses in SAP S/4 environments. Provision and de-provision users and roles with appropriate SAP security levels Able to effectively prioritize tasks in a high-speed environment Strong problem-solving skills, be self-directed and capable of working with minimal supervision Commitment to customer service and pro-active review of processes and procedures to continually enhance service quality, service delivery and support Cross Training Support for other SAP S/4 HANA cross-functional team Occasional work in off-hours to minimize disruption to business Required Qualifications
Bachelor's Degree in Business Management, Information Systems or related field or equivalent in years of experience Four (4+) years in-depth experience in SAP GRC, Role Administration & Security implementation, and production support in ECC 6.0 / S4-HANA Experience with SAP S/4 HANA security and authorizations Experience in SAP S/4 HANA version 1909 or later Experience in creating and assigning FF IDs and extracting Fire Fighter logs In-Depth understanding of SAP Security Role design & GRC Architecture Very good understanding of role remediation, setting up of SAP Security processes Expertise in SAP Security automation and scripts creation for mass maintenance Expertise in running and publishing various SOX reports like UAR, Critical Actions, SOD, Critical Permissions, Firefighter Log Review Experience in maintaining and troubleshooting Structural Authorizations Experience in SAP GRC 10.0 / 10.1, SAP HCM and SAP Solution Manager Experience with SAP GRC Access Control configuration that includes MSMP and BRFPlus Experience in designing, configuring, and implementing SAP GRC Access Request Analysis (ARA), Access Request Management (ARM), Emergency Access Management (EAM), and Business Role Management (BRM) Strong knowledge in provisioning to SAP LDAP and SAP Enterprise Portal platforms for ABAP Roles, UME Roles, and Portal Roles/Groups Relocation: This position is not eligible for relocation assistance. Work Authorization: Diamondback Energy is not currently sponsoring employment visas for this position. Preferred Qualifications
Experience in SAP security engagements with cloud applications, Azure, etc Experience in supporting end-to-end SAP Security projects, Security and GRC workshops, testing support, Cutover prep, and Hyper care activities Experience in Role design in S/4 with Catalog and Group for Fiori Apps and good analytical skills in issue resolution SAP GRC Certification In-Depth understanding on FIORI requirement specifications, design, development, and testing In-Depth understanding of core BASIS functions and activities Minimum of three (3+) years of SAP experience within a large organization including implementing and supporting Experience in creating / maintaining GRC solutions Experience creating user and security roles for Fiori applications Experience with SOD development and ongoing controls Role administration across multiple landscape Oil and Gas experience preferred Experience with system monitoring, background job administration, spool administration Experience working with SAP GRC 10.0 / 10.1, SAP HCM and SAP Solution Manager Experience with SAP GRC Access Control configuration that includes MSMP and BRFPlus Experience in designing, configuring, and implementing SAP GRC Access Request Analysis (ARA), Access Request Management (ARM), Emergency Access Management (EAM), and Business Role Management (BRM) Strong knowledge in provisioning to SAP LDAP and SAP Enterprise Portal platforms for ABAP Roles, UME Roles, and Portal Roles / Groups. Relocation : This position is not eligible for relocation assistance. Work Authorization : Diamondback Energy is not currently sponsoring employment visas for this position. Diamondback is an Equal Employment Opportunity Employer. Diamondback provides equal employment opportunities to all qualified applicants without regard to race, sex, sexual orientation, gender identity, national origin, color, age, religion, veteran or disability status, genetic information, pregnancy, or any other status protected by law. Diamondback participates in E-Verify. Learn more about E-Verify. #J-18808-Ljbffr
CURRENT EMPLOYEES - Please apply using "Jobs Hub" in Workday. This career site is for external applicants only. The SAP Security / GRC Admin is responsible for the management and support of SAP Roles and Security with the Diamondback SAP environment. This position will provide technical and thought leadership in the design, development, implementation, and support of the SAP Role Administration functions across the entire landscape. This role will also provide key contributions in a cross functional approach in the overall and ongoing management, testing and support of the SAP landscape for patches, upgrades and day to day operational issues. Responsibilities
Design, deploy and maintain security solutions that enable the business community to achieve their goals while providing proper identity and access management controls Analyze processes and system user needs to deliver quality solutions that meet both business and functional end-to-end requirements Drive overall security strategy including role design and provisioning for S/4HANA ecosystem including SAP S/4 HANA, FIORI, GTS, Solution Manager, HANA & other Databases, BTP, etc. Identify security risks, determine root causes of security violations, suggest risk mitigation and control measures and build required procedures and controls Ensure SAP security development and deployment execution align with standards, methodologies, and processes Identify root causes of issues and provide permanent solutions. Work with the Functional team in proposing solutions for the overall stability of the applications Daily monitoring of jobs that are necessary for the GRC application(s) to run effectively and efficiently, e.g. nightly risk analysis reporting Provide day-to-day technical support and resolution of security issues, troubleshooting SAP security problems including approval procedures and all necessary compliance Develop and maintain processes with applicable documentation related to security by coordinating with IT management and governance teams Work with IT management as well as governance groups to facilitate appropriate controls around user/system access Proactively interact with senior management to discuss and explain issues affecting users or systems Generate SOX / ad hoc reports on a monthly / quarterly / semi-annual basis Provide production support and enhancement testing for existing security roles and positions/functions Work closely with SAP functional teams to create roles, profiles and authorizations that meet audit requirements as well as functional requirements for end users Maintain Segregation of Duties for the SAP environment (e.g. HR / Payroll, BASIS, Security Administration, and BI) Collaborate with a team to design, build and deploy security frameworks, devices and applications Vulnerability Assessment and Penetration Testing: Conduct regular security assessments, vulnerability scans, and penetration tests to identify and address potential security weaknesses in SAP S/4 environments. Provision and de-provision users and roles with appropriate SAP security levels Able to effectively prioritize tasks in a high-speed environment Strong problem-solving skills, be self-directed and capable of working with minimal supervision Commitment to customer service and pro-active review of processes and procedures to continually enhance service quality, service delivery and support Cross Training Support for other SAP S/4 HANA cross-functional team Occasional work in off-hours to minimize disruption to business Required Qualifications
Bachelor's Degree in Business Management, Information Systems or related field or equivalent in years of experience Four (4+) years in-depth experience in SAP GRC, Role Administration & Security implementation, and production support in ECC 6.0 / S4-HANA Experience with SAP S/4 HANA security and authorizations Experience in SAP S/4 HANA version 1909 or later Experience in creating and assigning FF IDs and extracting Fire Fighter logs In-Depth understanding of SAP Security Role design & GRC Architecture Very good understanding of role remediation, setting up of SAP Security processes Expertise in SAP Security automation and scripts creation for mass maintenance Expertise in running and publishing various SOX reports like UAR, Critical Actions, SOD, Critical Permissions, Firefighter Log Review Experience in maintaining and troubleshooting Structural Authorizations Experience in SAP GRC 10.0 / 10.1, SAP HCM and SAP Solution Manager Experience with SAP GRC Access Control configuration that includes MSMP and BRFPlus Experience in designing, configuring, and implementing SAP GRC Access Request Analysis (ARA), Access Request Management (ARM), Emergency Access Management (EAM), and Business Role Management (BRM) Strong knowledge in provisioning to SAP LDAP and SAP Enterprise Portal platforms for ABAP Roles, UME Roles, and Portal Roles/Groups Relocation: This position is not eligible for relocation assistance. Work Authorization: Diamondback Energy is not currently sponsoring employment visas for this position. Preferred Qualifications
Experience in SAP security engagements with cloud applications, Azure, etc Experience in supporting end-to-end SAP Security projects, Security and GRC workshops, testing support, Cutover prep, and Hyper care activities Experience in Role design in S/4 with Catalog and Group for Fiori Apps and good analytical skills in issue resolution SAP GRC Certification In-Depth understanding on FIORI requirement specifications, design, development, and testing In-Depth understanding of core BASIS functions and activities Minimum of three (3+) years of SAP experience within a large organization including implementing and supporting Experience in creating / maintaining GRC solutions Experience creating user and security roles for Fiori applications Experience with SOD development and ongoing controls Role administration across multiple landscape Oil and Gas experience preferred Experience with system monitoring, background job administration, spool administration Experience working with SAP GRC 10.0 / 10.1, SAP HCM and SAP Solution Manager Experience with SAP GRC Access Control configuration that includes MSMP and BRFPlus Experience in designing, configuring, and implementing SAP GRC Access Request Analysis (ARA), Access Request Management (ARM), Emergency Access Management (EAM), and Business Role Management (BRM) Strong knowledge in provisioning to SAP LDAP and SAP Enterprise Portal platforms for ABAP Roles, UME Roles, and Portal Roles / Groups. Relocation : This position is not eligible for relocation assistance. Work Authorization : Diamondback Energy is not currently sponsoring employment visas for this position. Diamondback is an Equal Employment Opportunity Employer. Diamondback provides equal employment opportunities to all qualified applicants without regard to race, sex, sexual orientation, gender identity, national origin, color, age, religion, veteran or disability status, genetic information, pregnancy, or any other status protected by law. Diamondback participates in E-Verify. Learn more about E-Verify. #J-18808-Ljbffr