SAP GRC Engineer

The SAP GRC Engineer supports the values and business goals as they relate to legal, ethical, and regulatory obligations; protect privacy; and maintain a secure technology environment. SAP GRC Engineers develop and execute security controls, defenses, and countermeasures to intercept and prevent internal / external attacks, infiltration of company data, and compromising of systems and accounts. SAP GRC Engineers research attempted / successful efforts to compromise systems security; design countermeasures; implement and maintain physical, technical, and administrative security controls; and provide information to management regarding the negative impact to the business.

The SAP GRC Engineer is responsible for the creation and maintenance of General IT control objectives in the area of SAP GRC. This position will be responsible for ensuring that all SAP GRC IT control objectives are in compliance and running to full efficiency. In addition, this role will assist with the daily and monthly reporting of SOD (Segregation of Duties) activities from SAP GRC in support of meeting applicable compliance objectives. This is a cross-functional role, working closely with the SAP Security team and other functional teams to ensure security requirements and solutions meet compliance objectives.

ROLE

• Provides GRC, security, and technical expertise to support the development of GRC objects to satisfy business requirements.
• Analyzes and administers GRC policies to control physical and virtual system access.
• Identifies and investigates GRC issues and develops solutions that address compliance requirements that can / do impact GRC and security.
• Identifies, develops, and implements mechanisms to detect incidents in order to enhance compliance and support of the standards and procedures.
• Assesses business role requirements, reviews authorization roles, and supports authorizations.
• Demonstrates a comprehensive skill set with testing authorizations for multiple environments and coordinates testing with business / technical users.
• Validates system configurations to ensure the safety of information systems assets and protects information systems from intentional or inadvertent access or destruction.
• Implements best practice when applying knowledge of information systems security standards / practices (e.g. access control and system hardening, system audit and log file monitoring, security policies, and incident handling).
• Identifies GRC gaps that expose Costco to potential exploit and develop short- and long-term prioritized remediation to address those gaps.
• Determines strategy and protocol for network behavior, analysis techniques, and tool implementation.
• Creates dashboards, configures alerts, implements and supports security software platforms, and monitors tools / apps.
• Identifies opportunities for streamlining and increasing effectiveness through continuous process improvement.
• Implements practices, processes, and procedures consistent with Costco's information security policy and IT standards.
• Develops and documents GRC events and incident handling procedures into Playbooks.
• Ensures that incident documentation is comprehensive, accurate, and complete.
• Triages, prioritizes, investigates, and coordinates security events and incident handling activities.
• Creates and / or remediates GITC (General IT Controls) in support of meeting audit objectives for all SAP modules and their supporting Databases, within the company SAP landscape (i.e. Finance, Retail, Warehouse Management, Payroll, HANA, etc.).
• Designs IT testing procedures to identify and evaluate risk exposures and determine the effectiveness and efficiency of controls.
• Assists with the creation of effective remediation solutions and / or exception documentation where applicable.
• Serves as the subject matter expert and point of contact to Internal and External Auditors.
• Assists project teams with creation and implementation of IT controls objectives and integration into SAP-GRC.
• Assists with the successful completion of the quarterly UAR (User Access Review) audit process.
• Collaborates with Internal Audit in developing, testing, and devising solutions to effectively meet applicable IT control objectives.
• Takes responsibility for continued personal growth in the areas of technology, business knowledge, Costco policies, and platforms.
• Participates in team activities and team planning in regards to improving team skills, awareness, and quality of work.

REQUIRED

Recommended

Required Documents

Pay Range-

$150,000 - $180,000 DOE plus Bonus and Restricted Stock Units (RSU)

Location :

Hybrid onsite 3 days per week in Issaquah, WA