GSK

Access Controls Manager

  • London, ENG (GBR), Brentford, England (GBR)
  • £380 - £430 Per Day
  • 6 Months
  • Start date: ASAP
  • Ref: GSK0JP00077349
Apply now
Must have skills
  • financial management
  • access
  • accounting
Nice to have skills
  • training
  • process development
  • internal compliance
  • SAP
  • test cases
  • business operations risk management
  • supply chain
  • pharmaceutical
  • internal controls
  • payables
  • remediation
  • order to cash
Job description Posted 03 May 2019

Access Controls Manager

GSK House, Brentford

6 Month Contract

Pay: up to £430 per day


Description:

Reporting to the IT Quality Director, work within the Global Applications and Development Quality Risk and Compliance (QRC) team (across SAP Single instance, CERPS and M-ERP) to ensure that high standards of internal control are maintained, and GSK Policies and Procedures are adhered to in Security and Authorisations, Business roles and Segregation of Duties areas.

Accountable for ensuring various compliance requirements are satisfactorily met in the following areas:

• Access Controls

• Business Role Design / Change and Build

• work with the relevant solution, design and security teams to ensure that business roles are designed and built with appropriate access controls (restrictions) in place to meet operational, confidential data/PII/SPII requirements.

• Review of Business Roles System Requirement (SR) documents to ensure that appropriate access controls and confidential data requirements are documented and fit for purpose Business Roles Testing (for generic access controls) – liaise with relevant teams to determine and agree testing scope.

• Review of test cases and test results to demonstrate that access controls have been implemented effectively as per design.

•Work with relevant teams to ensure that any required remediation activities are performed.

• Jobs Testing (for market-specific access controls) – liaise with relevant teams to determine and agree testing scope. Review of test cases and test results to demonstrate that access controls have been implemented effectively as per design.

• Work with relevant teams to ensure that any required remediation activities are performed. Segregation of Duties (SoD) Business Role Design and Build – work with the relevant solution, design and security teams to ensure that business roles are designed and built with appropriate segregations of duties in place.

• In conjunction with Security and Authorisations (S&A), ensure that new processes introduced to CERPS are included in the GRC landscape and rulesets for both SoD and Critical Transactions.

• Review and management of any required changes and enhancements to GRC global ruleset Ensure that the SoD ruleset is aligned and mapped to ERP Internal Controls Framework, for access controls.

• Manage and coordinate SoD Testing of business roles and jobs. Report results to key stakeholders, and coordinate and drive any remediation activities to completion. Manage the SoD Testing of Job to User Mapping, ensuring that prior to deployment of any given release, the user SoD position is acceptable to GSK, and that all accepted SoD violations have been agreed with relevant stakeholders, such as Market FDs.


Ensure that any approved SoD violations have been pre-mitigated prior to Go Live user provisioning. Manage the remediation of unacceptable user SoD violations during Go-Live. Manage and coordinate training for Market Compliance Teams, pre go-live of a release.

Training to cover the SoD activities required to be performed by Market Compliance teams in the BAU environment, such as SOD monthly reporting and the approval/rejection of user access requests with SoD violations.

Training to also cover the running of monthly mitigating controls (for users with SoD violations). Risk to the GSK business is controlled and mitigated through the effective management and implementation of Segregation of Duties principles and existing GSK ruleset – encompassing system role design/build AND end user system access.

• Compliance of confidential data/PII/SPII policies is adhered to via the effective management and implementation of appropriate data access restrictions in system role design/build and end user system access.


Attributes

  • Attention to detail.
  • Strong communication skills - with particular emphasis on written skills.
  • Strong analytical and problem-solving skills
  • Tenacious, determined and able to complete tasks within specified time constraints – a self-starter.
  • Good people skills and proven ability to influence.
  • No direct staff managed. However, this individual will work in a matrix organisation and needs to have the ability to influence through non-formal reporting lines.

Specialised Knowledge

  • Years of experience must not be used as an indicator of the level of knowledge required to perform the role.
  • Minimum bachelor’s degree education in related discipline or equivalent experience Knowledge of SAP Security concepts related to Role Design and Build, and User Provisioning Experience with segregation of duties risk analysis and access control design SAP GRC.

Understanding of the following business processes:

  1. Order to Cash
  2. Purchase to Payables
  3. Record to Report (Financials) o Warehouse & Distribution
  4. Supply Chain Planning

Strong Finance background with commercial experience 5+ year Post qualified Accounting Experience SAP IDM SAP functional experience in any of the below areas:

  1. FI-CO
  2. SD
  3. MM
  • Knowledge of SarbOx legislation Knowledge of Pharmaceutical industry Knowledge of Consumer industry
  • Knowledge of GSK Corporate Finance operations

Additional information about the process

All profiles will be reviewed against the required skills and experience. Due to the high number of applications, we will only be able to respond to successful applicants in the first instance. We thank you for your interest and the time taken to apply.

Elevate Platform LTD. Copyright © 2017 - All Rights Reserved.