Senior Cybersecurity GRC Engineer

Job Details

Job Objectives

To lead and manage the SAP Governance, Risk, and Compliance (GRC) framework to ensure effective access controls, segregation of duties (SoD), risk monitoring, and regulatory compliance across all SAP landscapes, while strengthening internal controls, audit readiness, and IT security governance in line with business objectives and regulatory requirements.

Key Accountabilities - 1

Policies, Systems, Processes & Procedures

Follow of all relevant operational procedures and instructions so that work is carried out in a controlled and consistent manner.

Departmental Reports

Generate or assist in generation of any departmental reports are prepared as per management request, in a timely and accurate manner to meet company and department requirements governing reporting.

Health, Safety and Environment

Comply with all agreed occupational health, safety and environmental regulations in order to protect personnel and physical assets. Ensure that the work areas are kept in a clean and tidy state in order that work can be carried out safely and effectively.

Continuous Improvement

Provide input and recommend the continuous improvement of the company practices taking into account ‘international best practice’, changes in international standards and changes in the business environment which demand proactive action plans.

Qatarization

Support the development and training of National employees.

Key Accountabilities - 2

SAP GRC Governance

• Configure and maintain SAP GRC Access Control (AC) module for segregation of duties (SoD) analysis and Process Control (PC) for internal controls automation.
• Administer SAP GRC Risk Management (RM) module for enterprise risk assessment.
• Maintain SAP GRC Emergency Access Management (EAM) for privileged access controls.
• Configure business roles, composite roles, and authorization objects within SAP GRC framework.
• Experience with reporting tools (SAP BusinessObjects, Power BI).Familiarity with cloud security (AWS, Azure, GCP)
• Identify opportunities for GRC process automation.  Optimize existing GRC workflows and controls
• Monitor and analyze user access patterns for suspicious activities. Implement role-based access control (RBAC) principles.
• Conduct regular access reviews and user access certifications. Manage privileged access and emergency access procedures.

Cybersecurity Audit and Compliance:

• Knowledge of cybersecurity frameworks and standards. Ensure compliance with cybersecurity frameworks (NCSA, ISO 27001, NIST).
• Conduct security risk assessments and vulnerability analysis. Support internal and external audit activities. Maintain security documentation and evidence collection.
• Monitor SAP systems for security incidents and anomalies. Investigate security breaches and access violations.
• Identify opportunities for GRC process automation. Optimize existing GRC workflows and controls.
• Analyze, Implement and Manage Information Security Governance, and Compliance, Develop Compliance Management frameworks policies, standards, and best practices.
• Coordination with Internal & External Auditors, Assessors to ensure Corrective Action and Preventive Action (CAPA) on their recommendations.
• Conduct Forensic Analysis when required.

Cybersecurity Incident Management

• Coordinate with the ISIT and SOC – Security Operations Centre teams in Identification, Analysis, Prioritization, Response, Communications, Containment, Eradication, Recovery and Lessons Learned.
• Conduct and coordinate periodic Drills & Exercises

The above statements are intended to describe the general nature and level of the work to be performed. This is not an exhaustive list of all duties and responsibilities. Qatalum’s Management reserves the right to amend and change responsibilities to meet business and organizational needs as necessary.

Minimum Qualifications Required

Bachelor's degree (BS / BE / BTech) in an IT related discipline

Minimum Experience Required

Minimum 7 years of hands-on experience with SAP GRC Access Control, Process Control, and Risk Management modules.

Job Specific Skills

• Advanced knowledge and experience of SAP GRC to international Cybersecurity regulations, standards and frameworks e.g. GDPR, Cloud Security, ISO 27001, ISA 62443.
• Collaboration, engaging executive-level leadership and stakeholders to establish strategic plans for programs and projects.
• Demonstrate strong knowledge in SAP GRC, cybersecurity controls and testing of security measures.
• Be a thought leader in SAP GRC, Information Security Compliance and align initiatives with business objectives of the company.
• Advanced knowledge and experience of Information Systems, Information Security and Forensic Assessments and Audits.
• Conduct analysis and trending (reports, dashboards, etc.) on progress or events affecting the Qatalum environment and information security in general.
• Ability to deal effectively with a wide range of vendors, service providers, and regulatory agencies.
• Strong analytical and problem-solving abilities and excellent communication and documentation skills.
• Considerable writing proficiency, oral presentation skills, problem solving and decision-making skills.
• Certifications in SAP GRC Access Control certification and IT Security (any one certifications e.g. CISA, CISSP, CISM, ISO 27001 ISMS Implementer)

Competencies

Skills