Details

 

About the Company

Petroleum Development Oman is the leading exploration and production company in the Sultanate of Oman. The Company delivers the majority of the country's crude oil production and natural gas supply.

Purpose of the Job

To supervise, as a specialist, the organization’s overall SAP access control & security controls and standards in particular process design and role configurations for SAP ERP landscape, management and improvement of GRC tool deployment, development of fit-for-purpose segregation of duties (SoD) controls and ensuring compliance with an aim to optimize SAP security within PDO. 

Education & Experience

• Bachelor’s degree in accounting, Finance or Information Technology with related information security and/ or SAP certifications e.g. CISA, CISSP, CISM, SAP GRC certifications.
• At least 10 years of overall work experience in information systems security, controls and assurance with a minimum of 5 years specific experience in SAP ERP modules, SAP security and control standards.
   

Main Responsibilities

• Develop SAP security standards, controls, and procedures in particular for the SAP user access controls and role administration.
• Ensure that all relevant SAP security policies and procedures are kept updated and user access management is carried out accordingly to ensure continued compliance by exercising periodic control routines (i.e. daily, weekly, monthly quarterly assessments).
• Supervise the compliance of SAP security controls by monitoring access conflicts on a regular basis, ensuring all GRC mitigations are updated and reviewing all SAP role configuration changes for potential control implications.
• Collaborate with business process owners and SAP Security Architect to ensure full integration of SAP security controls and GRC ruleset in line with business processes to ensure appropriate risk mitigations for users/ roles and ensure that changes to SoD rules are appropriate and have a logical basis.
• Ensure effective implementation of and compliance with the company’s financial controls (specifically those related to SAP sensitive access and segregation of duties) and perform periodic assessments to provide assurance on the same.  
• Supervise delegation of business authorities process in SAP and provide periodic assurance on its compliance with the company’s approved structure of authorities.
• Act as a focal point between business process owners and SAP support/ development teams and advise, where appropriate, for all relevant security issues, processes and new initiatives. 
• Conduct periodic IT related assurance reviews including ITGC and ISO27001 based control assessments of the company’s IT organization.
• Provide support to the internal and external audit requirements and ensure that acceptable audit trail/ documentation is filed and accessible.
• Be aware and continually learn about an ever-changing environment of new system functionality and regulations wherever applicable and identify and recommend best practices.
• Function as coach/ mentor for the team to develop and enhance the SAP Security and GRC related skills set of the GRA Team. 
• Develop, compile and report monthly/ quarterly management information reports and KPI’s. 
• Perform any other tasks as directed by the Head of Governance, Risk and Assurance (FCC).