Staff InfoSec Risk and Compliance Analyst (GRC Specialist)

As a Staff InfoSec Risk and Compliance Analyst at Illumina, you will be responsible for planning and implementing security measures on various SAP systems, including ECC, Solution Manager, GRC, APO, IBP, EWM, GTS, and Fiori. Your primary duties will involve assessing access impacts, ensuring SAP systems are integrated with SAP's GRC platform for proper segregation of duties, and developing custom GRC rulesets when necessary. You will also lead quarterly and weekly releases, providing guidance for role builds and custom transaction codes.

Must Have

• Plan and implement security measures on SAP systems (ECC, Solution Manager, GRC, APO, IBP, EWM, GTS, Fiori).
• Assess access impacts and ensure SAP systems integrate with GRC for segregation of duties.
• Develop custom GRC rulesets for applications without out-of-the-box solutions.
• Project lead for quarterly and weekly releases, providing guidance for role builds.
• Support Audit Activities (Internal, External, SOX and FDA).
• Perform GRC updates when new risks are identified.
• Maintain SAP vulnerability management program.
• Maintain SAP Role/Group for SAP cloud products (IBP, Ariba) and S4/HANA products.
• Ensure policies and procedures are followed by direct reports (for Bengaluru location).
• Work with SAP Role/Risk owners to provide security solutions.

Good to Have

• Bachelor's Degree

Perks & Benefits

• Expanding access to genomic technology to realize health equity.
• Being part of something bigger than yourself.
• Surrounded by extraordinary people, inspiring leaders, and world-changing projects.
• Zero-net gap in pay, regardless of gender, ethnicity, or race.
• Employee Resource Groups (ERG) for career development, cultural awareness, and social responsibility.

What if the work you did every day could impact the lives of people you know? Or all of humanity?

At Illumina, we are expanding access to genomic technology to realize health equity for billions of people around the world. Our efforts enable life-changing discoveries that are transforming human health through the early detection and diagnosis of diseases and new treatment options for patients.

Working at Illumina means being part of something bigger than yourself. Every person, in every role, has the opportunity to make a difference. Surrounded by extraordinary people, inspiring leaders, and world changing projects, you will do more and become more than you ever thought possible.

Position Summary:

As a Staff InfoSec Risk and Compliance Analyst (SAP GRC Specialist), you will utilize your application security skills to plan and implement security measures on a variety of SAP systems including ECC, Solution Manager, GRC, APO, IBP, EWM, GTS and Fiori. You will be primarily responsible for assessing access impacts and ensuring these SAP systems are integrated with SAP's GRC platform to ensure proper segregations of duties are established not only within the applications themselves, but across multiple applications as well. Lastly, if SAP doesn’t supply an out of the box GRC ruleset, you’ll be asked to develop one by understanding the functions tied with the application and working with risk owners to define which functions should not be combined.

Additionally, you will project lead for quarterly, and weekly releases by attending project meetings to gather requirements, provide guidance for role builds, and any utilization of custom transaction codes.

Responsibilities

SAP Security Administration

• Support Audit Activities (Internal, External, SOX and FDA)
• Support other SAP functions in implementing security measures
• Assess access impacts, including but not limited to role definition, updates, provisioning, de-provisioning, and user maintenance
• Ruleset maintenance for new transactions, functions, risks, and mitigation controls using SAP GRC
• Perform GRC updates when new risks are identified via partnership with Internal Audit
• Coordinate support pack upgrades, and security note implementation
• Implement workflows to support SAP GRC processes
• Implement GRC FIORI applications to enhance customer experience
• Maintain SAP vulnerability management program
• SAP Role/Group maintenance for SAP cloud products (IBP, Ariba)
• SAP Role creation/maintenance for S4/HANA products
• Implement security designs based on industry’s best practice recommendations

People Leadership

For Bangaluru location, you will be team lead for reports under the GRC Application Security Team.

Ensure policies and procedures are followed by direct reports

Ensure attendance and work performance goals are achieved

Work with onshore leads for new or altering work assignments

Documentation

• Policies, Work Instructions and Process Flows for business process
• Conduct training to SAP Security stakeholders on best practices and risk assessment for new functionality

Project Support

• Work with SAP Role/Risk owners to provide security solutions for new or existing functionality
• Partner with functional teams to design and implement access controls for new functionality

Requirements

• Minimum of 5 years Application Security experience (Application or Database Administration)
• Knowledge of access provisioning and de-provisioning, role administration, CUA implementation/support and licensing controls.
• Experience with implementation of SoX and FDA audit controls. Minimum of 4 audit cycles preferred
• Setting up GRC ruleset for an application where a default ruleset was not provided by SAP, including S/4HANA services and applications.
• Experience with security administration/risk management of SAP systems including but not limited to ECC, GRC, Solution Manager, Fiori, IBP, GTS, APO, EWM, HANA DB preferred.

Education

Bachelor's Degree preferred

We are a company deeply rooted in belonging, promoting an inclusive environment where employees feel valued and empowered to contribute to our mission. Built on a strong foundation, Illumina has always prioritized openness, collaboration, and seeking alternative perspectives to propel innovation in genomics. We are proud to confirm a zero-net gap in pay, regardless of gender, ethnicity, or race. We also have several Employee Resource Groups (ERG) that deliver career development experiences, increase cultural awareness, and offer opportunities to engage in social responsibility. We are proud to be an equal opportunity employer committed to providing employment opportunity regardless of sex, race, creed, color, gender, religion, marital status, domestic partner status, age, national origin or ancestry, physical or mental disability, medical condition, sexual orientation, pregnancy, military or veteran status, citizenship status, and genetic information. Illumina conducts background checks on applicants for whom a conditional offer of employment has been made. Qualified applicants with arrest or conviction records will be considered for employment in accordance with applicable local, state, and federal laws. Background check results may potentially result in the withdrawal of a conditional offer of employment. The background check process and any decisions made as a result shall be made in accordance with all applicable local, state, and federal laws. Illumina prohibits the use of generative artificial intelligence (AI) in the application and interview process. If you require accommodation to complete the application or interview process, please contact accommodations@illumina.com. To learn more, visit: https://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf. The position will be posted until a final candidate is selected or the requisition has a sufficient number of qualified applicants. This role is not eligible for visa sponsorship.