Previous Job
IT Compliance Consultant
Ref No.: 18-04071
Location: Philadelphia, Pennsylvania
Position Type:Right to Hire
Start Date: 04/19/2018
 Title: IT Compliance Consultant
Location:  Philadelphia, PA (100% Onsite)
Duration: 2 Year + ( contract to hire) – no sponsorship 
Start: ASAP
Interview Process: 
Phone Interivew and SKYPE/Onsite Interview (local candidates)

Position Details:
Application Controls experience is HUGE - this is where other candidates have missed the mark
The top two skills I am looking for in a candidate is:
  1. Implementation experience with S4/HANA as we are in the middle of a major SAP upgrade for the next 2 or so years
  2. SOX Application control experience
I do want them to be well rounded in SOX ITGC experience with identifying gaps, remediating deficiencies, etc. and having some cyber security knowledge.
IT Compliance Consultant
1.        SAP Application & Security Controls
·        Understanding of SAP S4/HANA, GRC and security best practices.
·        In depth knowledge of SAP functionality and business applications.
·        Centrally maintain the SAP IT application controls listing, corresponding IT and business owners, and controls to prevent unauthorized.
·        Coordinate, track, and report the status of application control remediation efforts.
2.      SOX IT Compliance and General IT Controls
·        Maintain the list of SOX ITGC and application controls.
·        Work with IT resources to assist them in managing their controls and security activities.
·        Partner with IT Control owners to update the SOX IT Control Book.
·        Track, evaluate, and report on the effectiveness and timely completion of IT SOX controls.
·        Track and publish compliance metrics.
·        Ensure policy exception approvals are documented and maintained as audit evidence.
·        Actively track and communicate constraints, conflicts or gaps in existing processes as well as cross functional team remediation.
·        Coordinate management responses to audit findings with corresponding evidence.
3.        IT Security & Risk Management
·        Assists with IT Security Assessments (SAP).
·        Perform compliance gap assessments.
·        Maintain and update IT policies.
·        Coordinate security awareness training for personnel as needed.
·        Following industry risk management best practices, methodologies, and frameworks, assist with the implementation of an enterprise risk management program.
·        Follows up to ensure risk avoidance practices are being followed.
Skills & Requirements
·        Knowledge of leading practices in SAP security, SAP GRC AC, ARA & EAM, Basis, and SAP business processes (such as Finance, Order to Cash, Procure to Pay, Make to Deliver).
·        Working understanding of SAP architecture and can discuss differences between ABAP programing, configuration, master data, and transactions.
·        Working understanding the configuration that enables leading practice controls in the areas listed above.
·          Excellent communication and presentation skills, both written and verbal at all levels of the organization and with external parties including auditors, agents, customers and regulators.
·          Demonstrated ability to effectively lead teams and work with others.
·          Strong knowledge of information security best practices, risk, and controls.
·          Ability to proactively identify the company's significant risks.
·          Ability to develop reports to assist in the identification and monitoring of current and emerging risks.
Additional information:
1.      Duration of the engagement: two years as a consultant with a potential of being hired full time at the end of the contract.
2.      Place of work: Philadelphia, PA
3.      Working hours: 5 days a week, 8h a day
4.      Years of experience required: Ideally I would like at least 8-10 years.
5.      Certifications: CISA, CISSP would be preferred.