Senior - IT Audit

Role Overview:
Responsible for ensuring SAP systems meet IT General Controls (ITGC), SOX, and corporate governance requirements. Focused on access management, risk mitigation, audit compliance, and continuous monitoring across SAP landscapes.

Key Responsibilities:

• Ensure compliance with ITGC, SOX, and internal audit requirements across SAP production and non-production environments.
• Perform manual user provisioning validations and support the adoption of SAP GRC solutions to enhance automation and workflow efficiency.
• Conduct security monitoring by analyzing system logs, audit reports, and traces to detect potential malicious activities or policy violations.
• Perform Firefighter ID (FFID) log reviews, ensuring proper approvals, timely sign-offs, and mitigation of emergency access usage.
• Execute periodic user access reviews to validate role appropriateness and remove obsolete or excessive access.
• Conduct Segregation of Duties (SoD) analysis to identify, assess, and remediate access conflicts in alignment with audit standards.
• Review and control elevated access (e.g., debug and developer access), ensuring proper authorization, justification, and time-bound usage.
• Monitor direct profile assignments and temporary roles to prevent unauthorized privilege escalations in production environments.
• Review newly created custom transactions to ensure appropriate authorization checks, secure design, and compliance with SAP standards.
• Support role maintenance activities, including validation, testing, and maintaining audit-ready documentation of role changes.
• Monitor and validate Secure Store & Forward (SSF) configurations to ensure effective encryption, secure key management, and protected system communication.

Core Skills & Tools:

• SAP Security & Authorizations
• SAP GRC (Access Control)
• ITGC & SOX Compliance
• Segregation of Duties (SoD)
• Firefighter Access Management (FFID)
• Audit & Risk Management
• Access Reviews & User Provisioning
• SAP Logs & Security Monitoring
• Transport & Change Management
• SSF (Secure Store and Forward)

Qualification:

• Technical Knowledge of IT Audit Tools

• Experience in carrying out OS/DB/Network reviews

• Exposure to Risk Management and Governance Frameworks/ Systems will be an added advantage 

• Exposure to ERP systems will be added advantage

• Experience in performing technical code reviews (understanding code logic based on business requirement) Strong project management, communication (written and verbal) and presentation skills

• A team player

• Strong self-directed work habits, exhibiting initiative, drive, creativity, maturity, self-assurance, and professionalism

• Preferred Certifications – CISA/CISSP//CISM

• Exposure to automation Data Analytics tools such as QlikView/Qlik sense, ACL, Power BI will be an advantage

• Proficiency with Microsoft Word, Excel, Visio, and other MS Office tools

Equal employment opportunity information 

KPMG India has a policy of providing equal opportunity for all applicants and employees regardless of their colour, caste, religion, age, sex/gender, national origin, citizenship, sexual orientation, gender identity or expression, disability, or other legally protected status. KPMG India values diversity and we request you to submit the details below to support us in our endeavour for diversity. Providing the below information is voluntary and refusal to submit such information will not be prejudicial to you.