Previous Job
IT Compliance Consultant
Ref No.: 18-04262
Location: Philadelphia, Pennsylvania
Position Type:Right to Hire
Start Date: 04/19/2018
Title: IT Compliance Consultant
Location: Philadelphia, PA (100% Onsite)
Duration: 2 Year + ( contract to hire) – no sponsorship
Start: ASAP
Interview Process:
Phone Interivew and SKYPE/Onsite Interview (local candidates)

Position Details:

Application Controls experience is HUGE - this is where other candidates have missed the mark

The top two skills I am looking for in a candidate is:
  1. Implementation experience with S4/HANA as we are in the middle of a major SAP upgrade for the next 2 or so years
  2. SOX Application control experience

I do want them to be well rounded in SOX ITGC experience with identifying gaps, remediating deficiencies, etc. and having some cyber security knowledge.

IT Compliance Consultant

1. SAP Application & Security Controls
· Understanding of SAP S4/HANA, GRC and security best practices.
· In depth knowledge of SAP functionality and business applications.
· Centrally maintain the SAP IT application controls listing, corresponding IT and business owners, and controls to prevent unauthorized.
· Coordinate, track, and report the status of application control remediation efforts.

2. SOX IT Compliance and General IT Controls
· Maintain the list of SOX ITGC and application controls.
· Work with IT resources to assist them in managing their controls and security activities.
· Partner with IT Control owners to update the SOX IT Control Book.
· Track, evaluate, and report on the effectiveness and timely completion of IT SOX controls.
· Track and publish compliance metrics.
· Ensure policy exception approvals are documented and maintained as audit evidence.
· Actively track and communicate constraints, conflicts or gaps in existing processes as well as cross functional team remediation.
· Coordinate management responses to audit findings with corresponding evidence.

3. IT Security & Risk Management
· Assists with IT Security Assessments (SAP).
· Perform compliance gap assessments.
· Maintain and update IT policies.
· Coordinate security awareness training for personnel as needed.
· Following industry risk management best practices, methodologies, and frameworks, assist with the implementation of an enterprise risk management program.
· Follows up to ensure risk avoidance practices are being followed.

Skills & Requirements
· Knowledge of leading practices in SAP security, SAP GRC AC, ARA & EAM, Basis, and SAP business processes (such as Finance, Order to Cash, Procure to Pay, Make to Deliver).
· Working understanding of SAP architecture and can discuss differences between ABAP programing, configuration, master data, and transactions.
· Working understanding the configuration that enables leading practice controls in the areas listed above.
· Excellent communication and presentation skills, both written and verbal at all levels of the organization and with external parties including auditors, agents, customers and regulators.
· Demonstrated ability to effectively lead teams and work with others.
· Strong knowledge of information security best practices, risk, and controls.
· Ability to proactively identify the company's significant risks.
· Ability to develop reports to assist in the identification and monitoring of current and emerging risks.
Additional information:
1. Duration of the engagement: two years as a consultant with a potential of being hired full time at the end of the contract.
2. Place of work: Philadelphia, PA
3. Working hours: 5 days a week, 8h a day
4. Years of experience required: Ideally I would like at least 8-10 years.
5. Certifications: CISA, CISSP would be preferred.

If qualified and interested, please send your most current resume as a word document to Jason Weinstein at