Individual SAP GRC Access Control Consultant - TCCY (EOI) at the African Development Bank Group (AfDB)

African Development Bank Group (AfDB) - Established in 1964, the African Development Bank is the premier pan-African development institution, promoting economic growth and social progress across the continent. There are 80 member states, including 54 in Africa (Regional Member Countries). The Bank’s development agenda is delivering the financial and technical support for transformative projects that will significantly reduce poverty through inclusive and sustainable economic growth.

We are recruiting to fill the position below:

Job Title: Expression of Interest (EOI) - Individual SAP GRC Access Control Consultant - TCCY

Location: Abidjan, Côte d’Ivoire
Consultant type: Individual Consultant
Working hours: from 08:00 to 17:00 hours, Abidjan Local Time.
Duration: Six (6) months (with possibilities of extension)
Estimated starting date is 01 April 2023.
Job family: Information Technology

Description

• The African Development Bank hereby invites Individual Consultants to indicate their interest in the following assignment: SAP GRC Access Control Consultant.
• The Bank has implemented the SAP GRC system to provide seamless harmonization while maintaining compliance.
• The Consultant will be responsible for reviewing and re-designing roles, remediating potential segregation of duties (SoD) conflicts and providing basic training on role management in GRC.
• The SAP GRC Access Control Consultant is expected to lead the development of a centralized process for security role administration, review and design roles for business users, and ensuring compliance to security policies and control sets. The Consultant will report to the Head of Unit (Cybersecurity).

Main Responsibilities

• Evaluate, plan and implement improvements to the current SAP GRC system and security processes;
• Ensure the development and maintenance of SAP roles and authorizations are aligned with security best practices and the Bank’s security policies;
• Ensure business control designs are properly implemented in the GRC system;
• Reviewing and re-designing roles for business users in the ERP, Fiori and GRC systems;
• Lead the development of the SOD matrix;
• Assist in the remediation of users/roles SOD conflicts;
• Provide basic training on GRC fundamentals;
• Perform any other SAP ERP/GRC related assignments as advised by the Head of Unit (Cybersecurity).

The Consultant Profile

• The consultant should have a relevant Master's Degree and a minimum of 5 years of experience;
• Good communication and interpersonal skills;
• Relevant SAP security and authorizations certifications;
• Demonstrable experience in the GRC implementation at the project level;
• A demonstrable knowledge and experience in the following:
  • Business Role Management (BRM),
  • Access Risk Analysis and Remediation (ARA),
  • Emergency Access Management (EAM),
  • Access Request Provisioning (ARQ),
  • SAP security and authorization,
  • Performing segregation of duties (SOD),
• Fluent in English or French;

Establishment of the Short List
A shortlist of three to six individual consultants will be established at the end the request of
expressions of interest. The consultants on the shortlist will be judged on the following:

• Level of education in general 20%
• Certifications relevant to the assignment 20%
• Years of experience in general 20%
• Experience relevant to the assignment 40%

Application Closing Date
10th March, 2023 at 17.00 GMT.