Consultant SAP/SECURITE
Ref : 071024I002-
ASAP
-
Lausanne
-
3 mois (renouvelables)
-
Consultant, Consultant technique
Compétences requises
Description de la mission
Nous recherchons un CONSULTANT SAP SECURITE
Main Purpose of Job
1. Implement and maintain application security procedures and standards in accordance with the Corporate Application Security, Risk, and Privacy policies for all applications.
2. Liaise with Management Application Security specialist and Local security staff to ensure the consistent implementation of application security.
3. Implement the application security training in the Region and Local organizations.
Main Responsibilities
1. Policies (10% of time):
- Localize and implement policies and standards for Application Security. These apply to the secure implementation of all IS and IT applications.
- Ensure alignment in controls and segregation of duties.
- Perform application security reviews, report levels of risk and advise on countermeasures.
2. Operations (85% of time):
- Ensure security roles are defined and implemented for all managed applications.
- Implement and maintain application security on all systems
- Implement and maintain consistent application security monitoring procedures and metrics.
- Implement all application vendor patches and upgrades on a timely basis according to contracts and SLAs. Ensure that all patches and upgrades to localized applications are also implemented. Coordinate patch testing and validation with the Management Application Security specialist, transport approved patches in production.
- Enforce the application security incident response and escalation process.
- Assess, resolve, escalate, and report application security violations.
- Implement preventive and detective measures to control the risk of application security violations.
3. Communication and Training (5% of time):
- Liaise with the Management Application Security specialist and the Local organizations to localize and implement all application security policies in the Region and Local organizations and provide feedback. Ensure and monitor the consistent implementation of application security policies.
- Contribute to the information security training program by implementing the application security section.
Skills & Knowledge
- Experience in designing and delivering authentication and authorization within complex applications
- Experience in designing and delivering SAP security roles in line with segregation of duties and simple user administration
- Experience in securing the integration of applications onto middleware and platforms
- Knowledge of secure information flow and data storage within applications
- Effective interpersonal and communications skills (written and verbal)
- Ability to work in teams, solve problems, adapt to changes and address rapidly evolving technologies
- Solid Project Management skills
- Self-starter
Required Qualifications
- 3-5 years in designing and implementing security on SAP
- Experience in conducting Business Impact Analysis and audits
- Project Management skills
For SAP security:
- Proficiency in SAP security Profile Generator
- Demonstrated competency in SAP Security Concepts, including role design and build, custom objects and custom development
- SAP experience with R/3 version 4.6, APO, BW, HR and Portal in multi-SAP installations
- Knowledge of SAP oriented tools to automate daily administration tasks – e.g. Mercury, ABAP Query, IDOC, etc
Main Purpose of Job
1. Implement and maintain application security procedures and standards in accordance with the Corporate Application Security, Risk, and Privacy policies for all applications.
2. Liaise with Management Application Security specialist and Local security staff to ensure the consistent implementation of application security.
3. Implement the application security training in the Region and Local organizations.
Main Responsibilities
1. Policies (10% of time):
- Localize and implement policies and standards for Application Security. These apply to the secure implementation of all IS and IT applications.
- Ensure alignment in controls and segregation of duties.
- Perform application security reviews, report levels of risk and advise on countermeasures.
2. Operations (85% of time):
- Ensure security roles are defined and implemented for all managed applications.
- Implement and maintain application security on all systems
- Implement and maintain consistent application security monitoring procedures and metrics.
- Implement all application vendor patches and upgrades on a timely basis according to contracts and SLAs. Ensure that all patches and upgrades to localized applications are also implemented. Coordinate patch testing and validation with the Management Application Security specialist, transport approved patches in production.
- Enforce the application security incident response and escalation process.
- Assess, resolve, escalate, and report application security violations.
- Implement preventive and detective measures to control the risk of application security violations.
3. Communication and Training (5% of time):
- Liaise with the Management Application Security specialist and the Local organizations to localize and implement all application security policies in the Region and Local organizations and provide feedback. Ensure and monitor the consistent implementation of application security policies.
- Contribute to the information security training program by implementing the application security section.
Skills & Knowledge
- Experience in designing and delivering authentication and authorization within complex applications
- Experience in designing and delivering SAP security roles in line with segregation of duties and simple user administration
- Experience in securing the integration of applications onto middleware and platforms
- Knowledge of secure information flow and data storage within applications
- Effective interpersonal and communications skills (written and verbal)
- Ability to work in teams, solve problems, adapt to changes and address rapidly evolving technologies
- Solid Project Management skills
- Self-starter
Required Qualifications
- 3-5 years in designing and implementing security on SAP
- Experience in conducting Business Impact Analysis and audits
- Project Management skills
For SAP security:
- Proficiency in SAP security Profile Generator
- Demonstrated competency in SAP Security Concepts, including role design and build, custom objects and custom development
- SAP experience with R/3 version 4.6, APO, BW, HR and Portal in multi-SAP installations
- Knowledge of SAP oriented tools to automate daily administration tasks – e.g. Mercury, ABAP Query, IDOC, etc