Executive - IT Audit

KPMG in India, a professional services firm, is the Indian member firm affiliated with KPMG International and was established in September 1993. Our professionals leverage the global network of firms, providing detailed knowledge of local laws, regulations, markets, and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, and Vadodara. KPMG in India offers services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focussed, and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment. KPMG Advisory professionals provide advice and assistance to enable companies, intermediaries, and public sector bodies to mitigate risk, improve performance, and create value. KPMG firms provide a wide range of Risk Advisory and Financial Advisory Services that can help clients respond to immediate needs as well as put in place the strategies for the longer term

Role Overview:
Responsible for ensuring SAP systems meet IT General Controls (ITGC), SOX, and corporate governance requirements. Focused on access management, risk mitigation, audit compliance, and continuous monitoring across SAP landscapes.

Key Responsibilities:

• Ensure compliance with ITGC, SOX, and internal audit requirements across SAP production and non-production environments.
• Perform manual user provisioning validations and support the adoption of SAP GRC solutions to enhance automation and workflow efficiency.
• Conduct security monitoring by analyzing system logs, audit reports, and traces to detect potential malicious activities or policy violations.
• Perform Firefighter ID (FFID) log reviews, ensuring proper approvals, timely sign-offs, and mitigation of emergency access usage.
• Execute periodic user access reviews to validate role appropriateness and remove obsolete or excessive access.
• Conduct Segregation of Duties (SoD) analysis to identify, assess, and remediate access conflicts in alignment with audit standards.
• Review and control elevated access (e.g., debug and developer access), ensuring proper authorization, justification, and time-bound usage.
• Monitor direct profile assignments and temporary roles to prevent unauthorized privilege escalations in production environments.
• Review newly created custom transactions to ensure appropriate authorization checks, secure design, and compliance with SAP standards.
• Support role maintenance activities, including validation, testing, and maintaining audit-ready documentation of role changes.
• Monitor and validate Secure Store & Forward (SSF) configurations to ensure effective encryption, secure key management, and protected system communication.

Bachelor’s degree in IT, Computer Science, Engineering, or related field; CA or MBA

 •  Consulting mindset with ability to manage multiple engagements

 • Preferred Certifications: CISA, CISSP or Cloud related certification