Principal - SAP Controls and Compliance - Ep&t

Principal - SAP Controls and Compliance - EP&T

About The Role

The role also requires strong background in SAP Security, SAP GRC, audit, and compliance management with analytical skills, attention to detail, and experience in IT audit, risk management, and SOX controls.

You will be responsible for providing a Governance oversight on the SAP Security and GRC functions, driving process improvements, managing audits, and ensuring compliance with regulatory standards.

The position is part of 1st line of defense within Haleon’s CTO organization in our Enterprise Applications function and reports into Director - ERP Security, Risk and Compliance.

Key Responsibilities

IT SOX Compliance:

- Lead the assessment, documentation, testing, and monitoring of IT SOX controls
- Collaborate with internal and external auditors during SOX audits, providing required artifacts, and explanations.
- Ensure that all IT controls related to SOX are appropriately designed and operating effectively.
- Ensuring proper access controls and segregation of duties (SoD) are maintained.
- Conduct regular security audits, access reviews, and ensure compliance with internal and external audit requirements.
- Collaborate with the IT and functional teams to develop and implement security best practices and solutions.
- Monitor SAP GRC Access Control, including user provisioning, access risk analysis, emergency access management (EAM/Firefighter), and periodic role review processes.
- Configure and optimize the GRC Access Control tool to improve workflows, monitoring, and reporting for SoD and risk management.
- Work closely with the audit teams to ensure GRC tool configurations align with organizational policies and regulations such as SOx.
- Analyze and mitigate SAP security risks through proactive monitoring and reporting.

IT Risk Management:

- Identify, assess, and document IT-related risks and ensure appropriate mitigating controls are in place.
- Develop and maintain the IT risk & Control framework, including performing risk assessments and developing remediation plans for any identified gaps.

Policy & Procedure Management:

- Assist in creating and updating IT policies, procedures, and standards to ensure compliance with SOX and other regulatory requirements.
- Ensure adherence to company-wide IT compliance policies.

IT General Controls (ITGC):

- Monitor and validate ITGC, including access controls, change management, system operations, and backup/recovery processes.
- Ensure that Privileged access to systems is properly controlled and monitored.

Compliance Monitoring & Reporting:

- Develop and maintain compliance dashboards, reports, and metrics for senior management.
- Proactively monitor and report on the effectiveness of controls and provide recommendations for improvements.
- Provide leadership and guidance in vendor and resource management, budgeting, and technical improvements.
- Conduct training sessions on SAP Security, GRC, and related topics for team members and stakeholders.
- Represent in CTO boards for entire Tech Function.

Qualifications
- Bachelor’s degree in information technology, Computer Science, or related field. Master's degree or relevant professional certifications (e.g., CISA, CRISC, ERP-specific certifications) are preferred.
- SAP GRC AC 12.0 certification or equivalent.
- Minimum of 12-15 years of experience in SAP Security, GRC, audit, and compliance.
- Hands on experience managing IT SOX compliance and Strong understanding and SAP Security concepts, including role design, authorization management, and user provisioning.
- Experience with SAP S/4 HANA Security, SAP IAG, and other SAP solutions.
- Proven track record in managing SAP Security and GRC teams, conducting audits, and driving process improvements.
- Excellent communication, leadership, and stakeholder management skills.
- Proficiency in project management methodologies such as Scrum, Agile, and outcome-based approaches.
- Proficiency in various security tools including CyberArk, SailPoint, SAP GRC, Archer, Splunk, and Imperva, with the ability to effectively utilize them in ERP security and compliance activities.

At Haleon we embrace our diverse workforce by creating an inclusive environment that celebrates our unique perspectives, generates curiosity to create unmatched understanding of each other, and promotes fair and equitable outcomes for everyone. We're striving to create a climate where we celebrate our diversity in all forms by treating each other with respect, listening to different viewpoints, supporting our communities, and creating a workplace where your authentic self belongs and thrives. We believe in an agile working culture for all our roles. If flexibility is important to you, we encourage you to explore with our hiring team what the opportunities are.

Haleon is an Equal Opportunity Employer. All qualified applicants will receive equal consideration for employment without regard to race, color, national origin, reli