Specialist Identity and Access Management (SAP)

Job Summary

The Specialist Identity and Access Management acts as a subject matter expert and provides guidelines on integration of new solutions into the IAM practice and tools.

The Specialist IAM will review existing processes and identify opportunities for improvement. This person will coordinate initiatives and projects for the team, working with internal and external partners.

Main Responsibilities

Process Management and Subject Expertise

• Provide subject matter expertise in the IAM domain.
• Organize committee meetings with stakeholders within the domain.
• Ensure IAM policies, standards and procedures are followed.
• Produce measures / metrics for the function.
• Ensure that auditing procedures and audit reports are executed on time.
• Review and assess operational processes to identify opportunities for improvement related to provisioning / de-provisioning, privileged access management, authentication / authorization, etc.
• Develop, review and maintain strategic and tactical IAM initiatives to reduce risk, increase usability and operational effectiveness.
• Lead and provide guidance in implementing complex IAM projects and overall ensure successful on-time implementations and deployments.
• Transition projects to core operations.
• Handle all core, projects and change requests within the domain; prioritize, analyze requests and engage required teams.

SAP Practice

• Design, build, test and deploy SAP roles with associated entitlements, translating functional requirements into technical design.
• Process SAP access requests and ensure appropriate approvals have been granted. Assign roles to permit access to secured IT environments.
• Project integration involving SAP, AD, portal, cloud apps, connecting them to our IGA tool (Saviynt).
• Work with stakeholders to gather requirements needed for new SAP systems or applications integration within the IAM tools and processes.
• Support the implementation of SAP security for new implementations and upgrades.
• Provide technical assistance for issues related to SAP authorizations.
• Apply, and ensure compliance with all appropriate CN IT standards ( Security, Architecture, Project Delivery Methodology, SOX etc.)
• Create and maintain accurate process documentation.

Organizational Impact

Decision Making & Impacts

The Specialist Identity and Access Management is a key player within I&T, controlling the quality of technology and services delivered into production.

The Specialist Identity and Access Management make recommendations to the business and I&T team members to assist in decision making (including during projects).

Level of Interaction / Influence

The Specialist interfaces directly with many key stakeholders of the organization such as : Change Management, Release Management, Build and Operations Teams, Business and End User, Process Managers and Analysts, Application Support teams, Information Security, Internal Audit and Human Resources.

Employees Supervised / Org. Structure

Individual Contributor

Requirements

Education / Certification / Designation

Bachelor’s degree in Computer Science, Information Systems or other related field, or equivalent work experience

General Skills and Competencies

• Results oriented individual with an ability to deliver quality product in a timely manner.
• Ability to handle multiple and moderately sized assignments simultaneously.
• Competent at problem-solving through ingenuity and creativity.
• Detail oriented
• Good time management skills.
• Ability to prioritize between many important requests.
• Ability to organize.
• Ability to think and act under pressure.
• Strong teamwork and collaboration skills. Can adapt to the audience.
• Excellent verbal and written communication skills in both English and French.

Technical Skills / Knowledge

• Work experience within the IAM domain using an Identity and Governance application such as IBM Security Identity Manager (ISIM), Saviynt, SailPoint, etc.
• Good understanding of Identity & Access Management concepts and best practices with hands-on experience (ex : Access Certification, Provisioning / De-Provisioning, SSO, Privileged Access Management, Segregation of Duties)
• Experience with SAP authorization in environments such as ECC, Solution Manager, BW, Hana, GRC, Fiori. More specifically :
• SAP ABAP & Fiori

oUser Management, including SNC (SU01, SU10, EWZ5)

oSecurity roles (PFCG), Master / Derived and authorizations

oFiori Catalogs, Fiori Groups and their management within security roles

oManagement of security roles using transports (Solution Manager ChaRM)

Cloud applications (BTP, IBP, SAC, Datasphere, Workzone, ABAP on Cloud, Cloud ALM, Signavio, EnableNow, Vertex)

oUser management

oSecurity access / privileges (Role, Role Collections, Groups, etc.)

oUser and access management in BTP Cloud Foundry, Space and SAP HANA Cloud

Cloud Identity Services

oUnderstanding of the Authentication and provisioning mechanisms of connected applications

oUser Management

oUser Groups

HANA Database

oUser Management

oSecurity roles (catalog, repository)

Experience

Minimum 7 years of relevant work experience

oMinimum 5 years experience in Identity and Access Management

Work experience within the SAP Security domain

Assets

• Experience with SAP HR authorizations security
• eCATT scripts

Working Conditions

This role will require off-hour support on a rotational basis.