At Ericsson, you can be a game changer! Because working here isn’t just a deal. It’s a big deal. This means that you get to leverage our 140+ years of experience and the expertise of more than 95,000 diverse colleagues worldwide. As part of our team, you will help solve some of society´s most complicated challenges, enabling you to be ‘the person that did that.’ We’ve never had a greater opportunity to drive change; setting the bar for technology to be inclusive and accessible; empowering an intelligent, sustainable, and connected world.

Are you in?

ICT Security Analyst - Access Control

Job Description

Date: Mar 20, 2020

Job Summary:

 

 

We are now looking for an Information and Communication Technology (ICT) Security Analyst for Access Control domain. In this role, you will ensure proper protection of information assets, accessed through the Ericsson IT environment. You will be a key player by providing IT security operations, expertise, support and solutions, based on the IT Security requirements and enabling compliance with applicable internal /external requirements, laws, regulations and standards.

 

Responsibilities:

 

 

  • Execute on the IT Security strategy and operational plan to evolve and improve IT Security and Access Control
  • Develop and maintain authorization concepts used for Access Control (RBAC/PBAC)
  • Assume ownership of IT Security Access Control services, including SLA reporting
  • Act as SME in the IT Security Access Control domain
  • Provide professional guidance towards stakeholders on how to implement and enforce Access Controls
  • Define use cases for Access Control monitoring based on ISMS (ISO 271001/27002), risk and best practices
  • Define and Implement information systems controls
  • Drive automation and analytical insights to improve operational efficiency and detection capabilities in Access Cntrl
  • Write assignment specifications or “request for service” towards suppliers in relation to IT Security projects/solution needs
  • Participate in IT projects, steering groups and operational reference groups
  • Drive change management activities and communicate with stakeholders
  • Conduct operational governance meetings with key IT suppliers related to IT Security Access Control
  • Participate in IT audits (internal/external) and drive management action remediation's in Access Control domain
  • Support investigations & audits by providing data or logs from IT applications
  • Establish and leverage interfaces to relevant internal or external functions and experts
  • Manage Roles & Authorizations (or policies) in IT systems to ensure timely and correct accesses based on least privilege
  • Manage IT demands from business, oversee design, build & test of new/changed IT access roles and/or policies
  • Interpret business needs and define IT requirements to fulfill the need in a secure and compliant way
  • Manage Segregation of Duties and perform analysis (technical framework, role design and assignment on user base)
  • Review & approve proposals and technical designs for Roles & Authorizations and/or policies
  • Execute regulatory and internal controls
  • Act as gatekeeper and provide approvals for IT access roles
  • Manage extended & emergency access solutions & requests
  • Act as 3rd line support for Access Control matters coming from support & operations teams
  • Support IT security incidents on request in accordance with agreed and established processes

 

 

Key Qualifications:

 

 

  • University degree in Information Technology, Computer Science or related field
  • Excellent written and verbal communication skills with business acumen
  • Ability to interact with a broad cross-section of stakeholders to explain and enforce security measures
  • At least 5 years’ hands on experience working with SAP R&A (SAP ERP ECC, BW, BW/4HANA, SAP S/4HANA etc.)
  • Deep knowledge in SAP Roles & Authorizations role design, development, implementation & support
  • Strong Knowledge and experience working with SAP User & Role Administration
  • Experience in trouble shooting SAP ERP authorizations
  • Experience from working in SAP key modules/processes (Finance, Supply etc.)
  • Experience with regulatory requirements such as e.g. SOX and/or GDPR in large IT and ERP landscapes
  • In-depth and working knowledge of ISO 27001/27002 controls and how they should be implemented to secure information technology environments

 

 

Valued competence (differentiator but not required)

 

 

  • ISO certifications such as ISO 27001 Lead Auditor/Implementer
  • Certifications: CISA, CISM, CRISC, CISSP, CAP, ITIL
  • SAP certifications: SAP Certified Technology Professional - System Security Architect or Finance & Supply etc
  • SAP Security training modules: ADM940, ADM945, ADM950, ADM960, ADM900
  • Certifications/training in GDPR (privacy)
  • Has an understanding of current and future technologies affecting IAM
  • Understand the current and future business value of PBAC and weigh its operational and strategic implications
  • Experience with standards: eXtensible Access Control Markup Language (XACLM), OpenID Connect (OIDC), Oauth, SAML
  • Experience working with ABAC/PBAC Access Controls and systems
  • Experience working with Access Management processes and IAM tools
  • Experience with SAP GRC Access Control, Process Control
  • Experience with Virtual Forge suite for Cyber Security for SAP
  • Experience with SAP HANA 2.0, SAP FIORI, S/4 application

 

 

 

Behavioral competences:

 

 

  • Acts with integrity
  • Applying expertise & technology
  • Balance expectation and reality
  • Deciding & initiating action
  • Delivering results
  • Relating & networking
  • Adapting & responding to change

 

 

In case of any further questions please contact the Recruiter, Lukasz Rokitowski: lukasz.rokitowski@ericsson.com

 

Ericsson provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, sexual orientation, marital status, pregnancy, parental status, national origin, ethnic background, age, disability, political opinion, social status, veteran status, union membership or genetics.

Ericsson complies with applicable country, state and all local laws governing nondiscrimination in employment in every location across the world in which the company has facilities. In addition, Ericsson supports the UN Guiding Principles for Business and Human Rights and the United Nations Global Compact.

This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, training and development.

Ericsson expressly prohibits any form of workplace harassment based on race, color, religion, sex, sexual orientation, marital status, pregnancy, parental status, national origin, ethnic background, age, disability, political opinion, social status, veteran status, union membership or genetic information.

 

Primary country and city: Sweden (SE) || || Stockholm || IT

Req ID: 304693