Columbia Sportswear Company Sr. SAP Application Security Analyst in Portland, Oregon

Sr. SAP Application Security Analyst

United States, Oregon, Portland

Information Services

100001XF Requisition #

Aug 24, 2016 Post Date

General Position Summary

The SAP Application Security Senior Analystis responsible for the support and execution of application security and userprovisioning processes across Columbia Sportswear global SAP landscape,inclusive of development, test, quality and production systems. This position directlysupports the enablement of the business through effective design of applicationtask roles, provisioning and de-provisioning activities, security transaction testing,and researching specific application security issues when required. Experience performingsecurity support of an SAP application environment is required.

Knowledge of and experience withproblem resolution and change management solutions, such as Remedy and HPQuality Center (HPQC) areessential in performing daily job functions. Specific technical experience inSAP Solution Manager, BW,GRC 10.1 and HANA are also required of this positionas part of the user security support responsibilities within the SAP platform.

Functional knowledge of SAP securityauthorization concepts and SAP GRC is required as is experience in theenablement of Active Directory technologies and middleware integrationsolutions. This position works closely with SAP Security Architecture, BASIS,ABAP and Enterprise Change and Release services in supporting the production,test, development and QA landscapes. General knowledge of IT operationalprocess is expected as part of this role. This position is part of the SAPSecurity team and reports to the Director of Columbia’s Advisory, Risk,Compliance and Security function.

Essential Functions/Responsibilities

  • Lead the enhancement,standardization and improvement of SAP security intake and prioritizationprocesses associated with service desk and user request tickets.
  • Participate inand provide input to the design of user dialog and non-dialog roles, taskassignments, role mapping and user provisioning inclusive of Fire Fighterdesign and assignments. Knowledge and experience with SAP GRC is essential.
  • Lead, support andexecute quarterly user review processes in conjunction with the Compliancefunction in maintaining control operation requirements established withinColumbia.
  • Develop, trackand maintain metrics related to usage statistics, user access, t-code analysisand SOD evaluation as requested by various Governance functions.
  • Develop servicelevel agreements (SLAs) for user processes, role assignments, provisioning andde-provisioning tasks and socialization with stakeholders.
  • Support andparticipate in SAP security projects, upgrades and initiatives as necessary inenabling standardization and efficiencies across the SAP security environment.
  • Understandrole design techniques such as composite roles, business roles, authorizationobjects and SAP role architecture.

Supervisory Responsibility

Job is not supervisory but may periodically servein team lead positions for various project assignments.

Specific Job Skills

  • Possess athorough knowledge of IT processes, application and information securityprocesses and customer support experience.
  • Knowledge of andexperience with information security standards (e.g., ISO 17799/27002, etc.)and application security principles (e.g. OWASP) are beneficial.
  • Demonstratedcompetency in strategic thinking with strong abilities in relationshipmanagement.
  • Knowledge ofMicrosoft application structures, Active Directory and SAP authenticationtechniques.
  • Knowledge of SAPNWBC, Business Objects and SAP SSO technologies are required.
  • Experience withor ability to work in an active implementation environment, where certainprocesses and activities may be less formal and require active involvement inimproving and formalizing.


  • Bachelor’s degreein Computer Science, Computer Engineering or Information Systems
  • Master’sdegree in above desired but not required
  • Possess one ormore of the following certifications or be able to obtain within one year ofservice:

  • Certified Information Systems Security Professional(CISSP)

Required Experience

  • 5-7 years of IT experience where a significantportion is related to

  • SAP role development, SAP securityadministration or SAP application support.

  • SAP architecture principles and design.
  • SAP GRC experience inclusive of provisioningand de-provisioning processes.

  • Demonstratedunderstanding of security methodologies, tools, and best practices.

  • 2-3 years ofexperience using Remedy, HPQC or other ticketing support applications toprioritize and respond to user requests.
  • Support andinvolvement in role testing, role and task assignment user assignments stagedgo-live activities.
  • Minimumof 2 years GRC use and experience in using GRC to assign and de-provision userroles and develop SOD rules.

T his job description is not meant to be an all-inclusive list ofduties and responsibilities, but constitutes a general definition of theposition's scope and function in the company.

EEO/AA Employer/Vets/Disabled/Race/Ethnicity/Gender/Age .