Sr. SAP Security Specialist

Overview

Sr. SAP Security Specialist – Job Vacancy in Toronto, Ontario – Canada

• Experience:- As Described below
  
• Job Location:-  Toronto, Ontario – Canada
• Education:- Degree or Equivalent
• Nationality:- Any Nationality
• Gender:- Male / Female
• Number of Vacant Positions:- Multiple Job Vacancies
• Salary:- Negotiable
• Job Type:- Permanent / Temporary

Working with Hydro One Networks Inc

We put stock in development — giving groundbreaking thoughts a spot to develop and succeed. At Hydro One, we invest heavily in offering our workers the opportunity to challenge customary approaches to getting things done and to change our cycles. We are not just an involved organization, we are pioneers in mechanical plan.

We must be.

Our electrical framework is one of the biggest on the planet and keeping up with and modernizing it requires top personalities both in the workplace and in the field. We have gained notoriety for being the most incredible in the power conveyance business and huge thoughts are at the core of our administration culture.

Our kin transparently share their insight and experience. This aggregate knowledge is essential for what makes major areas of strength for us extraordinary. At the point when you work with Hydro One, your group has you covered. The actual work might be the best award, yet there are various advantages to working with Hydro One:

 

Sr. SAP Security Specialist – Job Vacancy in Toronto, Ontario – Canada

The Sr. IT Security Specialist will report to the IAM Manager. The Sr. IT Security Specialist is the expert in SAP Security, SAP Roles, SOD Rule Sets, Risk Management, Process Controls, SAP security vision and strategy.  The Sr. IT Security Specialist has experience with SAP Applications (ECC, BW or BI, GRC, BOBJ, BPC, CRM, SCM), SAP BASIS NetWeaver, S4 HANA.  The Sr. IT Security Specialist has SAP Security Architect experience, providing strategic direction for the creation, development, execution, and leadership of all aspects within SAP Security. The Sr. IT Security Specialist has experience in designing and implementing SAP Security vision and strategy that aligns with corporate Identity Access Management goals and objectives. The Sr. IT Security Specialist is knowledgeable on different user and role types, Financial and ITGC Controls, SAP Authorization Concept, HR Structural Authorization, BW Analysis Authorization, Roles or Activity Groups, and User Administration on different SAP Platform. The Sr. IT Security Specialist is familiar of SailPoint, GRC Integration, ISIM, ISIM roles and policy.

General Accountabilities:

• Provide day to day review analysis of the perimeter IT network trying to determine unauthorized

access attempts, probes, pre-attack information gathering, network mapping and monitoring mail for

unauthorized data extraction.

• Review server and network security for inappropriate activity/incidents such as large amounts of

unauthorized data being moved or transferred or unauthorized access to financial or Executive data

including emails.

• Participate in Business and IT initiated projects. Ensure that security requirements for the projects are

defined and captured. Catalogue all security risks within projects, including those created within the

proposed solutions.

• Utilize ISD’s 5 Stage Project Methodology when delivering security guidance and services. Manage IT

Security sponsored projects. Manage or co-manage IT Security Operations.

• Participate in the ongoing development of Hydro One Security Policy, Procedures and Guidelines.

• The incumbent must possess a strong client service orientation and a desire to help the business

meet their objectives.

 

Specific Accountabilities:

• Provide day to day review analysis of the perimeter IT network trying to determine unauthorized

access attempts, probes, pre-attack information gathering, network mapping and monitoring mail for

unauthorized data extraction.

• Review server and network security for inappropriate activity/ incidents such as large amounts of

unauthorized data being moved or transferred or unauthorized access to financial or Executive data

including emails.

• Provide security scans of internal computer networks to search for unauthorized devices, detect

suspicious activity, such as inappropriate printing of files from key IT systems such as SAP, Customer

One, Peoplesoft, or any of the other key business or financial systems.

• Provide scans to detect the emailing of large attachments to personal email accounts, inappropriate

employee communication with suspicious persons, suspicious clearing of system audit logs,

information leaks, IT sabotage-specific detection and to identify inappropriate access or transmission

of sensitive data or use and presence of hacking tools.

• Participate in Business and IT initiated projects; Attend project reviews as required, including

assessment of Project Orders, RFP’s, Business Cases and Service Requirement Documents (SRD’s);

Ensure security requirements for the project are defined and captured.

• Provide security architecture expertise to the projects.

• Catalogue all security risks with the project, including those created within the proposed solution and

those generated through project activities; Review and recommend approval for proposed technology

solution.

• Review and recommend approval for sustainment adjustments as a result of remedial actions for risk

reduction

• Remain operationally current for all key and critical Hydro One IT systems and networks to ensure

investigations are necessary, core operational competencies and skills will improve and ensure that

the full range of potential root causes are explored without putting at risk the continued operation of

the system or network.

• Conduct complex and technical IT investigations and address general queries regarding recovery,

authentication, and analysis of electronic data when an investigation involves issues relating to

reconstruction of computer usage, examination of residual data, authentication of data by technical

analysis.

• Conduct IT security threat and risk assessments related to key and critical IT systems and networks

as it relates to external threats, labour disruptions and internal wrong-doing.

• Complete detailed investigative reports outlining the key elements, evidence collected, findings and

recommendations regarding IT security investigations.

• Work with Law Enforcement High Tech crime groups and maintain an operational skills level in order

to gather and protect key IT evidence that may lead to criminal, civil (or both) court proceedings.

• Remain current with the safe and effective securing of evidence on a wide variety of wired and

wireless electronic devices used for and within the Hydro One business.

• Provide assistance to physical security relating to Cyber asset security by identifying critical cyber

related devices and determine IT system relevance.

• Conduct IT Data and Cyber Security awareness programs through presentation and education.

• Review items posted to the corporate web page to determine if they represent an overall security risk.

• Assist the Director of Business Information Technology in the assessment of IT Security work

programs focused on the prevention, detection and response to breaches and malicious behaviours

targeting Hydro One’s IT systems and networks.

• Assist CSS Security Consultants in responding to their work programs.

 

Essential Knowlededge:

Selection Criteria:

• 5-8 years in a Cyber Defence Operations / SOC team

• 5-8 years experience with SIEM/Logging technologies (IBM qRadar, ArcSight, Splunk, ElasticSearch, etc)

• 5-8 years experience analyzing vulnerability data, running VA scans (Nessus, Qualys, IP360, etc) and

managing findings using a risk-based approach

• 5-8 years experience working hands-on with Offensive Security tools (Metasploit, Burp Professional,Kali Linux, nmap, crackmapexec, Bloodhound, Responder, Powershell Empire, etc)

• 5-8 years experience working hands-on with IPS and APT prevention technologies in an

administrative capacity (Tipping Point, Deep Discovery, Carbon Black, Crowdstrike, Checkpoint, Palo Alto, FireEye, Lastline, etc)

• 5-8 years experience administering IAM/PAM Solutions (CyberArk, RSA, Sailpoint, Oracle database, etc)

• 5-8 years experience in a Cyber Security Incident Response, Analysis & Triage related role

• 5-8 years of experience with hands-on technical forensic investigations (EnCase Enterprise, FTK,

Nuix, Autopsy, Volatility)

• CISSP or OSCP considered an asset

• Bachelor in Computer Science (or equivalent) or College Diploma in Computer Studies considered an asset

 

Job Vacancy in Toronto, Ontario – Canada | Working with Hydro One Networks Inc