Governance and Authorisation Controller

Governance and Authorisation Controller Permanent Midrand Overview

We are a Supply Chain and Sales & Merchandising partner adding value to your business through a fully integrated, temperature-controlled network in Southern Africa.

But we are also more than that. We are people serving people. While we boast the best in tech and infrastructure, our people are our greatest resource. With our skilled, curious, can-do people at the forefront, our assets become your assets, our service your solutions.

Vector’s vehicle fleet includes a food industry first in ‘multi-temperature’ vehicles enabling the company to service business across frozen, chilled and ambient temperature zones on a single delivery.

• To understand risks exposed to the business if user access is not appropriately provisioned with the correct business role.
• To have a good understanding of business processes and be able to convert these to technical specifications.
• To analyse business requirements of the group and configure business roles with the minimum amount of risk exposed to the group.
• To develop with business risk mitigation and remediation strategies/controls for risk exposed by the business.
• To manage user provisioning for access to systems across the group.
• To develop & implement best practice governance processes for the group around the key IT & Financial systems.
• To provide guidance and recommend best practices to the group for user access across all key IT & financial systems.

• Owner of the Governance Risk & Compliance systems application.
• Analyze and gain an understanding of the Group business requirements for the User Access Management, Emergency Access Management, Business Role Management and Access Risk Analysis.
• Applying the Business requirements of the Group to configuring the GRC application.
• Identify potential risk to the business for user access (segregation of duties) and business role development.
• Assessing, recommending and configuring financial and operational controls around all SAP and other ERP applications.
• Identify potential risk to the business for user access (segregation of duties) and business role development.
• Recommending mitigation and remediation strategies to business process owners to reduce risk exposure of the business.
• Preparing and constructing blueprints from best practices for security of systems to reduce risk exposure, Governance & Authorization Manager.
• Implementing authorized best practice strategies documented in Group blueprints in the GRC space.
• Manage relationships with internal and external stakeholders. Provide risk analysis reports to Internal and external audit.
• Liaise with internal audit to ensure that the controls designed and implemented are in line with Audit requirements.
• Owner of all external audit queries around user access and role management for key financial system.
• Assist Business Process Owners to understand key security and privacy issues, risks, exposures and vulnerabilities using workshops and assessments to develop security business needs.
• Identify identical or similar objects spread across the local systems for enabling best practice around building authorisations.

• Administer and manage user provisioning and authorisations across the SAP and other ERP technology platforms and key IT Systems.
• Provide advisory services in terms of Information Security.
• Maintain access to securable SAP and other ERP resources.
• Troubleshoot and resolve security problems/failures for user access.
• Implement and document measures to safeguard the SAP and other ERP operating environments against accidental or unauthorized modification, destruction or disclosure.
• Analyse, categorise and resolve negative audit findings reported by internal or external auditors.
• Developing and updating access control tables for licences and groupings.
• Ensuring appropriate licence classifications are assigned to users thus preventing any additional costs the group may incur.
• Setting up user logon ids and assigning/resetting/revoking passwords and access.
• Develop best practice policies, procedures and standards, to ensure consistency in key system applications across the organisation.
• Perform normal and exceptional process of security authorization requests.
• Document information security standards and procedures relevant to the across the system applications for the group.
• Provide user statistics on respective systems (e.g. created users, deleted users, locked user, users not logged in 90 days).
• Understanding of and commitment to internal control.
• Assess risks and controls and identify, construct and implement opportunities for improvement.
• Act as both SAP and other ERP systems Security, providing troubleshooting and problem resolution while supporting the active user environment.
• Technicals approve user access for Vector Logistics systems access.
• Create exceptional requirements that business requires i.e. Developers for systems.
• Ensure that the risks associated with these…