Associate Director ERP Security and Controls

GSK is a global biopharma company with a special purpose – to unite science, technology and talent to get ahead of disease together – so we can positively impact the health of billions of people and deliver stronger, more sustainable shareholder returns – as an organization where people can thrive. Getting ahead means preventing disease as well as treating it, and we aim to impact the health of 2.5 billion people around the world over 10 years. Our success absolutely depends on our people. While getting ahead of disease together is about our ambition for patients and shareholders, it’s also about making GSK a place where people can thrive. We want GSK to be a place where people feel inspired, encouraged and challenged to be the best they can be. A place where they can be themselves – feeling welcome, valued and included. Where they can keep growing and look after their wellbeing. So, if you share our ambition, join us at this exciting moment in our journey to get Ahead Together

Key Responsibilities

• Day to day management of the team (direct & indirect reports) to provision user access in the ERP applications using the respective ticketing system.
• Responsible for designing, documenting standards and procedures for SAP user administration, outlining security creation and maintenance
• Responsible for the approval of designs for new ERP security roles
• Responsible for supporting the SAP security and authorization environment. This includes support for all security roles, profiles, Portal groups and detailed knowledge of Profile Generator within the SAP systems.
• Engage with the wider business obtaining role build requirements
• Provide detailed process improvement ideas
• Responsible for identifying, reporting and managing to resolution any non-compliances with mySAP security policy, coordinating the actions of Business users, the service provider and Controls and Compliance team Execute and maintain ERP security controls.
• Work with the internal Controls and Compliance team to support SOX compliance in relation to General IT Controls over the SAP landscape.
• Responsible for responding to, and acting on, compliance related issues, including those raised by internal and external audit
• Drive innovation within the area of mySAP security and controls, with a view to optimizing the control environment to enhance the security of our mySAP landscape
• Work closely with our Information Services team around technical activity and contract management, supporting in BAU and on a project basis as required including supporting new ERP platform implementations as required
• To ensure all activities that are completed in the system are fully auditable
• Provide periodic reports to the Head of ERP Security
• Develop relationships with stakeholders within the business
• Provide support for incidents relating to ERP Security
• 24*7 L2/L3 support services and project deliverables for all ERP/SAP systems.
• Maintenance of relevant SOPs, standards, and best practices.
• Drive performance of services delivered by service providers to meet GSK SLA requirements.
• Develop areas for improving the current processes

Experience Required:

• Total experience of 16+ years out of which at least 12 years of experience in SAP Security and GRC solutions including 5+ years experience in leadership roles managing SAP and GRC
• Previous Consulting or Big 4 experience preferred
• Experience developing security solutions that address Sarbanes-Oxley requirements.
• Strong expertise in designing and building highly automated SAP security frameworks.
• Proven experience in deploying SAP GRC solutions (10.x) and helping expand and optimise usage.
• Strong expertise in SAP security design architecture. The candidate should be a subject matter expert in SAP security design, being able to solve complex technical issues.
• Experience in designing and building SAP security monitoring mechanisms at database, operating system and application layers.
• Experience in integrating SAP GRC solutions (SAP Access Control with SAP Process Control).
• SAP Security Audit – experience in analysing issues and conducting remediation activities.
• SAP HANA Security – ideally experience in implementing HANA Security.
• Knowledge of security framework for SAP Portal and SAP Fiori will be a plus.
• Basic knowledge of ISO 27001, GDPR and SOX.
• Preferably knowledge of Agile project methodology.
• Experienced leader of people, able to engage, inspire and manage the ERP Team both on and offshore as well as influencing and communicating with various internal stakeholders within this wide-reaching business and at all levels.
• Experience of project management or service delivery background & ideally with experience working within a large, rapid organization who aspire to push boundaries and standards to achieve their goals.
• Security focused with ability to deliver at a fast pace environment and the ability to recognize, utilize and grow the existing talent and expertise within the team to successful, and industry leading service delivery.

Minimum Level Of Education Required

• Graduate in related discipline or equivalent experience.
• ITIL Foundation Certification

Preferred Level Of Education

• CISA, SAP Certified Technology Professional (System Security with SAP NetWeaver), ITIL Certification, CISM will be a plus

#LI-GSK

Why GSK?

Uniting science, technology and talent to get ahead of disease together.

GSK is a global biopharma company with a special purpose – to unite science, technology and talent to get ahead of disease together – so we can positively impact the health of billions of people and deliver stronger, more sustainable shareholder returns – as an organisation where people can thrive. We prevent and treat disease with vaccines, specialty and general medicines. We focus on the science of the immune system and the use of new platform and data technologies, investing in four core therapeutic areas (infectious diseases, HIV, respiratory/ immunology and oncology).

Our success absolutely depends on our people. While getting ahead of disease together is about our ambition for patients and shareholders, it’s also about making GSK a place where people can thrive. We want GSK to be a place where people feel inspired, encouraged and challenged to be the best they can be. A place where they can be themselves – feeling welcome, valued, and included. Where they can keep growing and look after their wellbeing. So, if you share our ambition, join us at this exciting moment in our journey to get Ahead Together.

  
Important notice to Employment businesses/ Agencies

GSK does not accept referrals from employment businesses and/or employment agencies in respect of the vacancies posted on this site. All employment businesses/agencies are required to contact GSK's commercial and general procurement/human resources department to obtain prior written authorization before referring any candidates to GSK. The obtaining of prior written authorization is a condition precedent to any agreement (verbal or written) between the employment business/ agency and GSK. In the absence of such written authorization being obtained any actions undertaken by the employment business/agency shall be deemed to have been performed without the consent or contractual agreement of GSK. GSK shall therefore not be liable for any fees arising from such actions or any fees arising from any referrals by employment businesses/agencies in respect of the vacancies posted on this site.

It has come to our attention that the names of GlaxoSmithKline or GSK or our group companies are being used in connection with bogus job advertisements or through unsolicited emails asking candidates to make some payments for recruitment opportunities and interview. Please be advised that such advertisements and emails are not connected with the GlaxoSmithKline group in any way.

GlaxoSmithKline does not charge any fee whatsoever for recruitment process. Please do not make payments to any individuals / entities in connection with recruitment with any GlaxoSmithKline (or GSK) group company at any worldwide location. Even if they claim that the money is refundable.

If you come across unsolicited email from email addresses not ending in gsk.com or job advertisements which state that you should contact an email address that does not end in “gsk.com”, you should disregard the same and inform us by emailing askus@gsk.com, so that we can confirm to you if the job is genuine.