Previous Job
IT Compliance Consultant
Ref No.: 18-04101
Location: Philadelphia, Pennsylvania
Position Type:Right to Hire
Start Date: 04/19/2018
Title: IT Compliance Consultant
Location: Philadelphia, PA (100% Onsite)
Duration: 2 Year + ( contract to hire) – no sponsorship
Start: ASAP
Interview Process: Phone Interivew and SKYPE/Onsite Interview (local candidates)

Position Details:

Application Controls experience is HUGE - this is where other candidates have missed the mark

The top two skills I am looking for in a candidate is:
  1. Implementation experience with S4/HANA as we are in the middle of a major SAP upgrade for the next 2 or so years
  2. SOX Application control experience

Need to be well rounded in SOX ITGC experience with identifying gaps, remediating deficiencies, etc. and having some cyber security knowledge.

IT Compliance Consultant

1. SAP Application & Security Controls
· Understanding of SAP S4/HANA, GRC and security best practices.
· In depth knowledge of SAP functionality and business applications.
· Centrally maintain the SAP IT application controls listing, corresponding IT and business owners, and controls to prevent unauthorized.
· Coordinate, track, and report the status of application control remediation efforts.

2. SOX IT Compliance and General IT Controls
· Maintain the list of SOX ITGC and application controls.
· Work with IT resources to assist them in managing their controls and security activities.
· Partner with IT Control owners to update the SOX IT Control Book.
· Track, evaluate, and report on the effectiveness and timely completion of IT SOX controls.
· Track and publish compliance metrics.
· Ensure policy exception approvals are documented and maintained as audit evidence.
· Actively track and communicate constraints, conflicts or gaps in existing processes as well as cross functional team remediation.
· Coordinate management responses to audit findings with corresponding evidence.

3. IT Security & Risk Management
· Assists with IT Security Assessments (SAP).
· Perform compliance gap assessments.
· Maintain and update IT policies.
· Coordinate security awareness training for personnel as needed.
· Following industry risk management best practices, methodologies, and frameworks, assist with the implementation of an enterprise risk management program.
· Follows up to ensure risk avoidance practices are being followed.

Skills & Requirements
· Knowledge of leading practices in SAP security, SAP GRC AC, ARA & EAM, Basis, and SAP business processes (such as Finance, Order to Cash, Procure to Pay, Make to Deliver).
· Working understanding of SAP architecture and can discuss differences between ABAP programing, configuration, master data, and transactions.
· Working understanding the configuration that enables leading practice controls in the areas listed above.
· Excellent communication and presentation skills, both written and verbal at all levels of the organization and with external parties including auditors, agents, customers and regulators.
· Demonstrated ability to effectively lead teams and work with others.
· Strong knowledge of information security best practices, risk, and controls.
· Ability to proactively identify the company's significant risks.
· Ability to develop reports to assist in the identification and monitoring of current and emerging risks.
Additional information:
1. Duration of the engagement: two years as a consultant with a potential of being hired full time at the end of the contract.
2. Place of work: Philadelphia, PA
3. Working hours: 5 days a week, 8h a day
4. Years of experience required: Ideally I would like at least 8-10 years.
5. Certifications: CISA, CISSP would be preferred.