Senior SAP Security Analyst

About The Position

Requirements

• 5 + years of experience with SAP Security and/or SAP GRC
• 5+ years of experience in Role Based Access Control (RBAC) leveraging Panorama
• 5+ years of experience with SAP S/4HANA, and ERP operational processes
• 5+ years of Fiori experience
• 5+ years of experience in SOX, SOX audits, process improvements, and policy creation
• 5+ years of experience with cross-functional teams, involving key stakeholder relationship management

Nice To Haves

• Bachelor's degree or equivalent work or military experience
• Active government clearance (e.g., Secret, Top Secret)
• Certifications such as SAP Certified Technology Associate/Professional in security topics, Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), or Identity and access management (IAM) related
• Experience working for aerospace manufacturers, defense contractors, or on Department of Defense (DoD)/Federal Aviation Administration (FAA) programs
• Experience with export control handling in SAP (data tagging, filtered views, master data partitioning)
• Experience with NextLabs Data Access Enforcer, Format Preserving Encryption, and Dynamic Data Masking
• Experience with SAP GRC Access Control (access risk analysis, business role management, emergency access management)
• Experience building SharePoint site to document Security process, procedures, project playbooks, and quick reference guides to be consumed by project teams and end users

Responsibilities

• Lead design, implementation, and operation of SAP security controls across SAP Enterprise Resource Planning Central Component (ECC) and S/4HANA environments, including role design, role mining, and role optimization
• Provide expert guidance on RBAC and ABAC configuration for S/4HANA, Master Data Governance (MDG), SAP Global Trade Services (GTS), Business Warehouse (BW), HANA Database environments, and custom ABAP developments, review transportation and change controls for security impact
• Ensure SAP RBAC and ABAC support export control data handling International Trade Arms and Regulations (ITAR), U.S. Export Administration Regulations (EAR), United Kingdom Ministry of Defense regulations (UK MOD) and program-specific access restrictions
• Assist with attestation and evidence collection for internal audit, external auditors, Global Trade Compliance (GTC) reviews, and Sarbanes-Oxley Act (SOX) compliance reviews
• Understand legal privacy requirements managing Personally Identifiable Information (PII) and General Data Protection Regulation (GDPR) requirements and how to apply appropriate security controls
• Understand enterprise policies and processes and apply to SAP application RBAC and ABAC controls
• Enforce, and continuously improve Segregation of Duties (SoD) rules and remediate violations in partnership with business process owners
• Implement and manage privileged access controls, including privileged account discovery, monitoring, and logging
• Drive security risk assessments, perform access reviews and attestations, and report compliance status to internal audit and external regulators
• Stay current with SAP security best practices and help deploy roadmap items such as S/4HANA security hardening, Fiori security, and cloud or Software as a Service (SaaS) integration
• Mentor, coach, and identify development opportunities for a team of SAP security analysts
• Support incident response, investigate potential access breaches, and lead post-incident reviews
• Document processes, update runbooks, standardize security implementation methodology and develop implementation playbook, and develop quick reference guides for user self-service

Benefits

• Elements of the Total Rewards package include competitive base pay and variable compensation opportunities.
• The Boeing Company also provides eligible employees with an opportunity to enroll in a variety of benefit programs, generally including health insurance, flexible spending accounts, health savings accounts, retirement savings plans, life and disability insurance programs, and a number of programs that provide for both paid and unpaid time away from work.