Application Controls Security Principal

Basic Function

An Application Controls Principal plays a vital role in managing the complex organization, execution, and optimization of the organization's SAP and non-SAP security controls. 

An Application Controls Principal must lead a team that has primary responsibility for end-to-end controls monitoring, validation, quality assurance, and improvement activities. In addition to the Application Controls Principal leading a dedicated IT Operations-based team, this role must act as a primary point of contact for all IT controls activities and be accountable to the Internal Controls, Governance/Risk/Compliance,  Audit departments, and Senior Leadership. 

This role will develop long-term strategies in partnership with Control Owners for controls execution and prioritize the team’s activities to ensure zero deficiencies in internal and external testing scenarios. This role will have ultimate responsibility for the remediation of areas of risk and is responsible for communicating status of IT controls, audit findings, remediation efforts, and long-term plans to senior leadership on a recurring basis. 

This role requires intensive collaboration to ensure successful execution of all continuous and periodic control activities.
 

Roles & Responsibilities

• Accountable for the IT controls program direction and influence, including overarching IT controls approach (defining controls, rewriting as necessary, launching renewed IT controls execution, etc.).
• Accountable for aligning non-SAP and SAP controls approach, harmonizing control automations, process efficiencies, and overall controls simplicity.
• Accountable for all IT controls activities including monitoring, validation, quality assurance, and improvement activities.Champion adoption of comprehensive application security processes, procedures, and guidelines, ensuring adherence to security best practices.
• Oversee the development of systems and integrations to drive greater automation and remove areas of human error.
• Act as Subject Matter Expert on all IT controls with internal and external auditors during IT audits.
• Regularly assess the program for effectiveness – continuously monitor defined metrics and indicators and quickly adapt to changing requirements.
• Operationalize team activities to be able to scale with changing IT controls requirements (additional SOx-relevant applications, systems, etc.).
• Prepare regular reports on team outcomes and initiatives for senior leadership or enterprise-wide distribution.
• Review existing processes and product architectures for IT control security design gaps and vulnerabilities and consult with product teams and cyber security to remediate or mitigate cyber risk.
• Provide strategic oversight to remediations proposed, influencing the technical direction of IT controls improvements.
• Provide strategic leadership and creative thinking to help various technical delivery teams through the project lifecycle.
• Manage a team of resources who proactively monitor IT security controls (data validation, authorization, encryption, audit logging, etc.) for key applications (on-premises and cloud-based) to identify weaknesses and potential vulnerabilities.
• Organize competing priorities amongst security alerts and application security control deficiencies, recommending and implementing corrective actions.

Min. Qualifications

• Bachelor's degree in Information Technology, Computer Science, or a related field (preferred).
• 7+ years of experience in IT security controls analysis, IT audit, or a similar role.
• Expert knowledge of IT security controls and best practices (data validation, authorization, encryption, audit logging, etc.).
• Proven experience in identifying, analyzing, and remediating non-SAP control deficiencies.
• In-depth understanding of security concepts, including authorization, segregation of duties, and user access review management
• Experience with tools such as ServiceNow or security tools and technologies used for control monitoring and analysis
• Understanding of cloud security concepts and technologies and on-prem technologies
• SOX knowledge, in addition to experience of implementing/auditing against US SOx IT framework control.
• 3 years of experience supporting software security governance and compliance activities, i.e. metrics, assessments, audits, exercises, risk frameworks, and maturity models
• Experience leading a team of resources and prioritizing complex activities and outcomes
• Identity and Access Management exposure
• Application Security Principles and Best Practices exposure 
• Security Tools and Technologies exposure
• Application cloud and on prem logic and data layer architecture, inc SQL, Oracle and Azure.

Desired Skills:

• Experience with security automation tools and scripting languages (e.g., Python, PowerShell).
• Experience with SharePoint and project management tools.
• Familiarity with GAAP and financial reporting.

Soft Skills

• Prioritization of complex activities
• Process improvement mindset
• Clear and effective communication, verbal and written
• Effective leadership and coordination
• Detailed and systematic thinking
• Detailed troubleshooting skills
• Issue resolution and risk mitigation
• Commitment to follow standards

Preferred Qualifications

Competencies