Auto req ID: 206558BR
At PepsiCo, it takes a global team to solve some of the most complex problems. And our InfoSec group is no exception! From Plano to Poland - we have a collaborative team comprised of two structures, a Center of Excellence, and a Consultancy, that are consistently innovating and supporting one another across borders. Influencing and driving our security agenda is no small task, and we recognize the everyday contributions our talented security professionals make.
The Information Security Analyst position is a hands-on SAP GRC role that would be responsible for maintaining the Access Control module along with implementing continuous improvement initiatives, evaluating risks as it relates to SAP GRC. The analyst is preferred to have hand-on experience in Process Control and Risk Management modules within GRC.
The analyst will also be responsible for executing SOX controls and ensuring that operational activities are in compliance with security standards and policies. The analyst will also be required to participate in project-related activities while staying abreast with the latest solutions/ capabilities within SAP Security and GRC space.
The job responsibilities include:
Configure and maintain GRC 12 access control workflows and configuration
Ensure SAP GRC tickets are resolved in a timely manner and within SLA
Maintain and document GRC configuration standards
Monitor the GRC workflow and master data design to support Sarbanes-Oxley Compliance (SOX), including Segregation of Duties (SoD) and business/ technical sensitive transactions
Maintain SAP GRC systems to follow the Security standards and policies
Maintain Master data within GRC systems
Monitor the Security queues and ensure on-time resolution of incidents and service tasks
Assist during yearly GRC upgrades with the execution of test scripts, contributing to identifying new test cases
Analyzing SOD risks in partnership with the Control Organization
Manage Security and/or GRC requirements for Work intake Projects (estimates, cross-charges, requirements gathering, etc.)
Execution of ITGC control testing on GRC systems
Train end-users and IT teams on GRC processes and procedures
Provide assistance during external and internal audits
Participate and drive workshops and team discussions between SAP security and GRC teams
Integrate security governance within the overall control environment and sustain activities with the impacted parties
Interaction with audit, risk, and control personnel to explain and evaluate the structure and design of GRC processes
Plan, communicate and coordinate key control (e.g., SOX) activities such as the quarterly related IT application control reporting
Minimum of 2+ years' experience in implementing SAP GRC, Security and Controls
Minimum of one full life cycle implementation
Broad understanding of Sarbanes Oxley compliance framework. Familiarity with audit, business controls, and segregation of duties is a plus
General understanding of principles of risk and control processes and deep understanding of SAP GRC Access control concepts
Possess extensive knowledge about the SAP authorization concept and prior experience in security role design, GRC configuration and SOD mitigation
Good understanding of various role design concepts on SAP ECC, BI, CRM, XI, HANA, GRC systems
Proficient knowledge in Microsoft office tools including MS Access
Prior knowledge of ticketing tools and Change management process
SAP certification preferred
Ability to travel upto 50% for various deployments within US
Relocation Eligible: Not Applicable
Job Type: Regular
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status.
PepsiCo is an Equal Opportunity Employer: Female / Minority / Disability / Protected Veteran / Sexual Orientation / Gender Identity
Our Company will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of the Fair Credit Reporting Act, and all other applicable laws, including but not limited to, San Francisco Police Code Sections 4901 - 4919, commonly referred to as the San Francisco Fair Chance Ordinance; and Chapter XVII, Article 9 of the Los Angeles Municipal Code, commonly referred to as the Fair Chance Initiative for Hiring Ordinance.
If you'd like more information about your EEO rights as an applicant under the law, please download the available EEO is the Law & EEO is the Law Supplement documents. View PepsiCo EEO Policy
Please view our Pay Transparency Statement