Technology Risk Analyst – SAP (IT Security Analyst – SAP)
The Technology Risk Analyst (?TRA?) provides guidance and support for technology risk management & compliance activities in reference to Corporate SAP solutions at the direction of the Technology Risk & Control Manager.The TRA keeps abreast of technology risk trends and best practices and collaborates with service delivery participants, third party stakeholders and management to achieve the optimal alignment of technology control against technology and business objectives.An example of the TRA?s responsibility includes, but is not limited to, assessment and mitigation of risks associated with the design and deployment of new SAP systems and technologies and ensuring the on-going conformance of SAP solutions to security standards and compliance obligatiions.Principal Accountabilities35% Consulting and Risk AssessmentDevelops an understanding of IT service delivery goals and reframes risk discussions in IT service delivery terms
Constructively engages IT service delivery stakeholder & enterprise risk analysts regarding information security issues
Actively and professionally engages IT service delivery stakeholders in conversations that drive good risk decisions
Compose responses to security inquiries, provided in a timely and consistent manner
Perform documentation review and improvement, attending meetings as needed, serve front line response for troubleshooting issues as needed
Provide guidance across several compliance related initiatives to ensure appropriate process, procedures and controls are adequately designed, implemented and/or remediated to meet audit and compliance expectations, operating efficiency goals, and business objectives
Ensure remediation solutions are sustainable, measureable and defensible, to ensure compliance requirements continue to be maintained over time
Responsible for the evaluation of security and mitigation of risks associated with confidentially, integrity and availability of the company?s information assets
Communicate and escalate issues and incidents as required by process or management?
Assist in development and communicating security guidelines for new technology SAP solutions
Develop relationships with IT service delivery stakeholders, enterprise security resources, IT leaders, and compliance team members to gain consensus approvals on strategies, recommendations, findings and project plans
Collaborate, build and maintain strong relationships within a high matrix organization in order to identify issues and drive information security compliance across all SAP solutions35% MonitoringMonitor SAP solutions against internal security standards external compliance obligations
Responsible for the coordination of remediation activities to achieve and sustain SAP solution conformance?
Participate in the design, deployment and reporting of SAP security measures to enable effective risk and control govenance across all SAP solutions
Support the development of effective integrated monitoring of SAP security events with the Cargill Security Operation Center (SOC)
Responsible for the effective monitoring and aligment of SAP Identity and Access management processes to security policy and principles
Coordinate the effective execution of a vulnerability management program over all SAP Solutions
Ensure that SAP technology projects are executed in accordance with risk management policy and standards
Assist in the Monitor and document of SAP operations in accordance to baseline risk management goals including but not limited to; exceptions, findings, network security, software security20% Remediation PlanningConsult, validate & monitor the implementation of remediation activities as result of internal as well as external review/audit activities
Collaborate with risk analysts across all areas of Cargill on common risks to achieve optimization and coordination of remediation activities
Provide regular reports on the progress of remediation activities to the SAP Risk Manager10% Education & AwarenessUnderstand the company?s technical security policies, the code of business conduct and ethics in order to translate into requirements for technical and non-technical staff
Support the creation of a sustainable control environment
Provide Technology Risk & Controls training & awareness. This includes aligning the technology control requirements and objectives with the business and external outsourcing specific requirementThe preferred location for this position is in Hopkins/Minneapolis locations. However -?other Cargill U.S. locations?may be considered.Skills:
Required Qualifications Bachelors Degree or relevant ?experience?
5 + Years of I/T Experience.?
Demonstrated working knowledge of SAP, Risk Management, Information Security, Controls, or I/T Audit practices.
Proven record of high performance in problem solving, collaborating, planning and priority setting, perseverance, and a drive for results.
Agile learning capabilities to inform on and manage risks via common systems and processes.
Effective team skills encompassing cross-functional teams, peer relationships, informing, and understanding and appreciating differences.
Solid Communication Skills – encompassing inter-personal communications, persuasion and influencing skills, security communications, using business terminology.
Ability to effectively describe technical concepts to non-technical audiences.
Demonstrated customer focus skills in translating risk management policies into business requirements.
Strong interpersonal skills in terms of effective listening, patience, composure and conflict management.
Ability to travel ?20%Preferred Qualifications Bachelor's degree in Computer Science, MIS, Computer Engineering or equivalent?
Networking and infrastructure experience