We are hiring for SAP GRC consultant on Contract.
Experience : 7 9 years
Location : Trivandrum / Kochi/ Bangalore or Chennai
Mode : Contract (6+ Months) Tasks and responsibilities
Serves as a subject matter expert for governance and compliance frameworks for IS and business process regulations/compliance within IS Security GRC.
Stakeholder in the execution of risk management, information security, and data compliance corporate initiatives across all the business units globally.
Promotes and supports a culture of compliance, risk avoidance/mitigation and corporate accountability throughout the organization.
Responsible for the development of required corrective action plans relating to data compliance issues.
Manages the business relationships with the internal and external auditors/assessors.
Researches and evaluates new compliance requirements and works with other stakeholders and owner to insure they are incorporated into the security policy framework, standards, and procedures.
Defines and implements a risk-based approach to identifying, monitoring, measuring and reporting various types of security risk and compliance issues in regards to financial reporting.
Identifies and prioritizes risk management, information security, and compliance risks and recommend mitigating controls.
Works with counterparts across Costco Wholesale to insure the development and communication of policies, procedures, and plans to internal stakeholders regarding security and risk management best practices and applicable laws and regulations.
Evaluates security and risk assessments of internal business units and external vendors and service providers.
Provides governance for the identification, validation and remediation of information technology controls required by Sarbanes-Oxley, Payment Cardholder Information Data Security Standards (PCI DSS), Personally Identifiable Information (PII), HIPAA and other regulatory compliance frameworks. Ensure successful audits of these compliance programs.
Applexus Technologies | www.applexus.com
SAP SERVICES | PACKAGED SERVICES | PRODUCTS
DOC/TA/RRF/001 Applexus Technologies, All rights reserved. Confidential Page 2 of 2
Must be able to translate PCI DSS best practices, GIS compliance recommendations and international regulation requirements to protect international technology assets (cardholder data (CHD) and all CHD assets including people access).
May support line of business PCI self-assessments, third party QSA lead PCI Assessment as well as GIS lead PCI Assessments impacting the Domestic US and International regions.
Will assist in the analysis of PCI assessment findings, owner identification, remediation planning and validation.
Will participate in lines of business and enterprise control functions PCI strategic planning. Job description
Deep understanding in all aspects of risk management, data compliance, information security strategy, technologies and tools.
Over 9 years of proven experience developing and executing global security risk management and compliance programs.
Should be very strong in SAP GRC 10.2 and ARA
Direct experience working with IT GRC tools (e.g., Archer, Remedy, Lockpath, etc.)
Experience with developing and producing security and compliance metrics that are meaningful and actionable for Sr. Management.
Demonstrated leadership skills with ability to work effectively at executive levels.
Excellent conceptual and critical thinking skills and sound judgment, with strategic orientation and ability to perform tactically, as required.
Experience in providing technical expertise appropriate to knowledge of risk and cost effective delivery of essential security services.
Proven experience developing and submitting audit and compliance reports to governing bodies, legal entities, and/or external authorities.
Solid understanding of assessing and designing internal controls in an enterprise-level environment.
Solid knowledge and understanding of security controls across all security domains such as access management, encryption methods, vulnerability management, network security, etc.
Strong knowledge of risk management practices and security governance programs.
Past or current certifications in one of following areas: ISA, QSA.