(SAP) GRC Professional (Governance, Risks and Compliance)

Saudi Arabia
03 Oct 2016
02 Aug 2017
Oil and Gas
Contract Type
Full Time
Position Description
The Controller's organization is seeking a highly motivated (SAP) GRC Professional to join the organization. This role is part of the Finance Business Line in Saudi Aramco and is responsible for establishing process standards and governance across all finance business cycles, using standard Business Process Management methodology and best in class BPM tools. One of the key objectives of the organization is to enable a proactive business process management environment in which business process owners can view, control, measure, and dynamically adapt business processes to changing business conditions in order to improve operational performance.

The (SAP) GRC Professional/Consultant will be involved in a variety of different projects/initiatives. The applicant will be conducting risk assessments of business processes and supporting environments; include, but are not limited to:

Determination of risk and context setting
Evaluating the existence of controls that help reduce risk
Determine residual risk and risk treatment plans
Evaluate Finance processes against multiple best practice control frameworks, vertical specific requirements

Risk Management area is a critical area within the Finance Business Line and is a fast-moving, challenging area with huge potential. It offers variety, challenge, responsibility and the opportunity to realize your professional leadership potential from an Enterprise Risk Management (ERM) dimension.

The applicant will possess significant relevant risk management experience within the various Risk frameworks, knowledge of SOX (Sarbanes Oxley) Regulations, FDA, COSO, COBIT etc., which will allow the applicant to be considered a subject matter expert. The successful candidate will have the ability to establish personal credibility with various internal clients and demonstrate excellent interpersonal and engagement skills. The applicant must be a team player, be able to plan and coordinate their own workload and meet deadlines. The applicant will be able to add value by delivering work of the highest quality and be able to proactively overcome issues to ensure delivery. The applicant must be able to work with minimal supervision, possess good project management skills and be able to offer logical and innovative solutions to complex client risk issues.

The candidate should have a strong working knowledge of the system design but be able to seamlessly work with the business units to ensure the tools effectively support the needs of the business.

Minimum Requirements
As the successful candidate you will have:

A bachelor's degree in Accounting, Finance, MIS or equivalent from a recognized and approved program.
Professional certifications (IRM, Global Association of Risk professionals)
Minimum 12-15 years of experience with a significant portion working in Risk Management, Business Process Management and/or governance related fields.
Fluency in English
Thorough understanding of industry standards and regulations including COBIT, COSO, and SOX;
Very good understanding of Risk and Controls from a business function level and significant experience with GRC methodologies, tools and enablers.
Experience in SAP GRC Risk Management and/or Process Control
Knowledge of SAP security concepts, risk management, segregation of duties, remediation and mitigation.
Very good and effective communication skills
Experience in ARIS process modeling and analysis is a big advantage.
Working knowledge and experience in policy and regulatory environment of ARIS.
Good understanding of Business Process Management (BPM) Lifecycle and concepts
Demonstrated excellent project management skills, ability to inspire teamwork and engage with diverse stakeholders, and use current technology and tools to enhance the effectiveness of deliverables and services.

Duties and Responsibilities
You will be required to perform the following:

The primary responsibilities include, but are not limited to, a combination of the following:

Actively participate in Risk Management initiatives through designing specific SAP GRC business cases, configuring demo systems and participating in ERM relevant round tables.
Manage or participate in SAP GRC implementation projects according to ASAP and BPM (Prime) methodology.
Prepare projects documentation (process blueprints, functional/technical requirements, conceptual design, acceptance tests, etc.).
Work closely with project teams to provide advice on security approach, governance frameworks, policies and procedure documentations
Review and analyze reports from SAP GRC and give recommendations for resolutions
Implement Risk Management related solutions (infrastructure and/or application) including the design, configuration, development and testing.
Definition and development of process control designs including those required to support external regulations.
Contributes towards the design and operation of related compliance monitoring by improving activities to ensure compliance with internal security policies, applicable laws, regulations, etc.
Enhance Finance Business Processes with Risk Management concepts and improve business roles.
Anticipate client needs based on a strong understanding of the client and their processes.
Analyze business processes and user needs, and perform functional design and risk mitigation for SAP GRC, ECC, BW/BI, BPC.
Leading/assisting in SAP GRC projects (being responsible for the delivery of the SAP security approach and lead or be part of a team through the development and testing of authorization profiles.
Designs and executes Risk Management awareness training and related activities.