Security & Controls Specialist
Solihull - hybrid
Full Time, Permanent
Competitive salary + company car and Serco bonus package
Here at Serco, we are seeking an experienced Security & Controls Specialist who will play a critical role in the day-to-day governance of our business systems, working within a wider ERP Team. You will be a focal point in the design, operation and governance of User and Access Management processes, including supporting technologies, and will provide ongoing guidance and monitoring to ensure effective control. This role will also ensure our policies and processes are world class and embrace the latest technologies and innovations.
As part of this you'll:
- Define, develop and improve security processes and controls to support both internal and external regulations/standards
- Design, operate and continuously improve monitoring to ensure compliance with internal security policies and applicable laws and regulations
- Maintain the Serco ERP security policies and standards, and ensure adherence to current best practice
- Ensuring all SAP and other system changes and developments are compliant with the Serco security policies and take into account potential impact on controls
- Identifying and remediating control "gaps" within systems and processes
- Regular reporting to senior stakeholders on security, governance and compliance including access risk issues, firefighter usage and mitigating control management
- Embed a focus on security and controls into "business as usual" processes, as well as implementing and running periodic controls assurance programmes
- Monitor compliance with segregation-of-duties, sensitive access and other security standards in SAP and other critical business systems using Security Weaver (now Pathlock) GRC tools
- Review and approve risk mitigations along with Global Process Owners (GPOs).
- Work closely with GPOs to ensure integration between business and IT controls
- Act as Security & Controls focal point in relevant forums to move forward ongoing controls initiatives within Serco, and define/implement new ones
- Co-ordinate and liaise with Internal and External Auditors during security audits
- As SME for Security & Controls, demonstrate security processes and GRC tool processes to internal and external auditors and respond to questions relating to them
- Provide expertise in additional security and controls capability, define requirements for solutions and manage delivery of enhancements
- Provide oversight and audit support to ensure that security and controls services performed by outsourced providers are in accordance with Serco policies and objectives
- Perform reviews of new connections/interfaces into SAP, and support new roadmap technology such as preparing for S4 HANA, and new Security Weaver (Pathlock) modules
- Perform forensic investigations as required to support controls environment.
What you'll need to do the role:
- A degree or equivalent qualification in an IT or engineering field or accounting would be preferable
- At least 10 years' experience in ERP Security & Controls, with at least 7 years' experience in SAP Security Technologies. Experience with other SAP modules will be considered as an advantage
- A sound knowledge of SAP Security & Control standards and guidelines
- A sound knowledge of SAP Security and Authorization technology across ECC, HCM, SRM and BW
- Thorough understanding of risk and control concepts, including IT general controls and business controls across key functional areas
- Good troubleshooting & analytical skills, with excellent written and oral communication skills at both technical and business levels
- Ability to work with people from different areas of the business and various levels of seniority in order to promote a controls-focused culture throughout Serco
- Good understanding of GRC concepts especially around access controls
- Basic understanding of SAP workflow and approval controls.
Meaningful and vital work: In this position, your work is vital to the business, in terms of decisions and growth. You will gain a world of opportunity working for a globally operating business delivering essential services across 5 vital sectors, personal growth, achievement and development won't be hard to find. You'll also work with great people. You'll find yourself working in a highly motivated, supportive environment where no two days are the same, with experienced colleagues who strive for excellence.
What we offer:
- Flexible working considered
- Pension - 6%
- Employee Assistance Programme
- Chance to contribute to innovation in the public services
- A company passionate about diversity and inclusion
- Serco Benefits
At Serco, not only is the nature of the work we do important, everyone has an important role to play, from caring for vulnerable people to managing complex public services. We are a team of 50,000 people responsible for delivering essential public services around the world in areas including defence, transport, justice, immigration, healthcare and citizen services. We are innovators, committed to redesigning and improving public services for the benefit of everyone.
Please click on the apply button to be taken to our careers website
Serco is a Disability Confident Employer committed to employing and retaining people with disabilities. Disabled applicants who meet the minimum criteria for the job will be given the opportunity to demonstrate their abilities at an interview. For help with your application please contact 0345 010 4000.
We see people first and foremost for their performance and potential. We are committed to building a diverse and inclusive organisation that supports the needs of all. As such we will make reasonable adjustments at interview through to employment for our candidates. We're a proud holder of the Silver Inclusive Employer Standard and we actively encourage applications from females, those with disabilities or from an ethnic minority background.