TR - ITAC-SAP- Senior NFS

EY- Technology Risk– Senior

As an EY Technology Risk Senior member, you'll play a crucial role in our Technology Risk practice, addressing complex technology risks in SAP environments for a wide range of clients. Your tasks will include performing risk assessments, analyzing SAP configurations, and enhancing control environments. You'll need a deep understanding of SAP solutions to identify improvements and ensure compliance. Working with managers, you'll help develop audit plan, review and test controls & report on findings to clients. Your expertise in SAP modules and security will be crucial in delivering high quality results. Mentoring junior staff and upholding EY's service excellence, you will contribute to clients' operational improvements and trust-building. This role demands technical expertise, business process knowledge, and clear communication skills. You'll stay updated on technology trends to offer proactive client solutions.

The opportunity

We’re looking for candidates at Senior level to join our EY Technology Risk SAP CoE Team. This position offers professional growth through diverse challenges and the chance to work with industry experts, contributing to EY's reputation for excellence in service delivery and helping clients manage risks for improved efficiency and trust.

Your key responsibilities are to

• Participate in SAP ERP Risk and Assurance engagements.
• Work effectively as a team member, sharing responsibility, providing support, maintaining active communication, and updating managers on progress.
• Develop and maintain productive working relationships with onshore and client personnel.
• Identification and testing of SAP IT security and IT risk (e.g., data systems, network and applications) across the enterprise.
• Assist with facilitating practice wide training (SAP ITGC/ SAP ITAC /SAP Pre & Post Implementation/IPE) curriculum.
• Work closely with onshore, cross-functional teams and develop strong relationships as project senior across the organisation.
• Stay updated with and promote awareness of updated ERP versions & its functionalities, industry best practices.
• Active team member executing project management/ stakeholders’ management (Client, Assurance, onshore)
• Planning and Budgeting preparation and perform analysis of budget vs actuals.
• Provide quality deliverables with value addition on the engagements

Skills and attributes for success

Must have:

• Experience in reviewing and testing the key business process configurations (ITAC’s) in SAP S4 Hana / SAP ECC environment. Having knowledge of SAP S4 Hana / SAP ECC configurations (e.g., 3-way match, copy controls, release strategy, pricing controls).
• Experience in testing of interface controls and EDI functionality between multiple systems and testing of middleware controls.
• Experience in evaluation and testing of sensitive access and SOD (Segregation of Duties) ruleset across key business and IT process in SAP S4 Hana / SAP ECC and GRC environment.
• Experience in performing pre & post implementation reviews in SAP S4 Hana / SAP ECC environment and have been through S4 Hana/ ECC lifecycle & performing data migration testing.
• Knowledge and understanding of the TCode, tables, reports used to extract the data from SAP S4 Hana / SAP ECC with relation to ITGC and ITAC control testing.
• Experience in performing the walkthrough (Test of design) directly with the client, Operating Effectiveness and have knowledge of the financial statement’s assertions.
• Knowledge of SAP S4 Hana / SAP ECC standard functionalities in relation to business and IT controls.
• Experience in reviewing and testing of SAP S4 Hana / SAP ECC IT general controls (ITGC) for key domains such as access management, change management, computer operations, SDLC (System Development Life Cycle)
• Knowledge and understanding of SAP S4 Hana / SAP ECC user access security architecture (Roles, profiles, Authorisation objects)
• Experience in reviewing and testing the Operating System (OS) and Hana Database (DB) controls in SAP S4 Hana / SAP ECC environment.
• Knowledge and experience of industry specific SAP S4 Hana / SAP ECC modules (e.g. Oil & Gas, Telecom, Retail, Healthcare industry)
• Experience in testing the key custom and standard reports ensuring the risks (completeness & accuracy) related to IPE’s (Information Produced by Entity) are addressed.
• Experience in reviewing and interpretation the ABAP codes with relation to the control testing for ITGC’s, ITAC’s and IPE in SAP S4 Hana / SAP ECC environment.
• Knowledge and understanding of the auditing methodology.
• Knowledge and understanding of control frameworks such as ICFR (Internal Control Over Financial reporting), COSO and related regulations including SOX and J-SOX.
• Knowledge and understanding of common IT governance, and industry specific frameworks including COBIT and ISACA best practices.
• Knowledge and understanding of third-party attestation standards (particularly SSAE16/18), other reporting and industry specific standards.
• Experience in navigating SAP to extract the relevant tables, logs, reports and other relevant data for control testing.

Adon’s:

• Experience in reviewing and testing of firefighter controls in SAP S4 Hana / SAP ECC and GRC.
• Experience of working with other SAP applications such as GRC, Fiori, BW, BI, Ariba, Concur, Success Factor, VIM, Vistex.
• Experience in SAP GRC access control (AC) & process control (PC), financial compliance management (FCM).
• Experience in IT audit in the context of a financial audit & related regulations, auditing standards and guidelines.

To qualify for the role, you must have

• B.E/B.Tech (CS/ IT)/MBA, CA with at least 3 years of experience.
• Experience of working with other SAP applications such as GRC, Fiori, BW, BI, Ariba, Concur, Success Factor, VIM, Vistex
• Experience in SAP GRC access control (AC) & process control (PC), financial compliance management (FCM)
• SAP S4 Hana / SAP ECC functional modules/ ABAP/ Security Certification (Preferred)
• CISA certified (Preferred)
• ISO 27001:2013 certified (Preferred)
• Any other relevant certification (Preferred)

What we look for

• A Team of people with commercial acumen, technical experience, and enthusiasm to learn new things in this fast-moving environment.
• Opportunities to work with EY technology risk practices globally with leading businesses across a range of industries.

What working at EY offers

At EY, we’re dedicated to helping our clients, from start–ups to Fortune 500 companies — and the work we do with them is as varied as they are.

You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees, and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer:

• Support, coaching and feedback from some of the most engaging colleagues around
• Opportunities to develop new skills and progress your career.
• The freedom and flexibility to handle your role in a way that’s right for you.