Engineer, Information Security (SAP Security Role Design)

What Information Security contributes to Cardinal Health

Information Security is responsible for managing information security risk factors. The SAP Security Role Design Engineer is responsible for understanding requirements, creating designs, developing, testing, implementing, and documenting security roles.  The Engineer will design and facilitate implementation of information security and IT controls within Cardinal Health’s enterprise SAP implementations and provide troubleshooting support throughout the project lifecycle.

Accountabilities in this role

  • Establish strong reporting and metrics to support the program and influence behaviors.
  • Partner with SAP implementation teams to design an appropriate SAP IT control structure that addresses information security and IT regulatory risks
  • Perform analysis of existing role structure, provisioning processes and security designs in place and ensure new systems/enhancements support the design
  • Partner closely with business leads, process owners and IT development teams to design and build SAP security roles to meet the business needs and the controls structure needed to meet company and compliance policies.
  • Produce all supporting documentation related to the security design
  • Troubleshoot SAP security role defects during and after the implementation effort
  • Review existing Cardinal Health SAP implementations to identify short & long term recommendations to improve security & controls


  • (MS + 3 yr)  or (BS + 5yr) of SAP role design and administration experience
  • Bachelor of Science (BS) Master of Science (MS) in Computer Science Engineering, Business or related field preferred or equivalent work experience required.
  • Ability to analyze segregation of duty violations and provide recommendations for remediation
  • Understanding of controls (SOX/ Audit/ FDA) as related to SAP Security.
  • Completion of at least two life cycle SAP security implementation including SAP role maintenance skills, design, build, troubleshooting
  • Experience with requirements gathering, design, development, testing and implementation required.
  • Experience in SAP security implementations and configuration of ECC, MDG, SRM, CRM and BI/BOBJ
  • Experience with PI Security, Solution Manager ChaRM, SAP Portal Security, IDM, LDAP, SSO
  • Experience with SAP GRC 10 or 10.1 Access Controls (ARA, EAM, ARM).
  • Expertise in configuring MSMP workflows and BRFplus rules. Ability to design/modify workflows based on the business needs.
  • Experience in HANA Security: Designing and developing HANA analytical privileges, run time and design time roles. HANA integration with BI/BOBJ
  • Experience with creating HANA transports using CTS+
  • Strong understanding of SAP t-codes, authorization objects and SU24 maintenance
  • Creating, releasing and tracking of SAP Transport Management process
  • Experience with Manhattan (WMS & TMS) security administration will be a huge plus.
  • Strong analytical, problem solving, organizational, and planning skills
  • Knowledge of manufacturing, sales, or finance business process controls.
  • Excellent communication skills, both oral and written, to effectively transfer knowledge to key stakeholders with the ability tailor messages to the audience
  • Excellent interpersonal skills with demonstrated ability to drive results through influence.
  • Team player with the ability to multitask in a fast paced project environment
  • Motivated self-starter with the ability to work well with all levels of the corporate structure.
  • Proficient PC skills; including working knowledge of Microsoft Office products

    What is expected of you for success in your role

  • Drives major information security initiatives through the system development lifecycle
  • Define comprehensive solutions that balance information security requirements against business needs 

    What is expected of you and others at this level in IT - Center of Expertise for functional success

  • Uses deep subject matter/functional expertise, influence and process skills to help internal/external customers and stakeholders identify and meet their high priority needs while considering cultural and diversity implications.
  • Jointly develops practical implementation plans that consider cultural sensitivities with other accountable parties.
  • Encourages informed Risk-taking and acts as a catalyst for innovation at Cardinal Health; generates practical, sustainable and creative options to solve problems and create business opportunities, while maximizing existing resources.
  • Proactively develops and maintains technical knowledge in specialized area(s), remaining up-to-date on current trends and best practices;
  • Performs assessments and listens to internal/external customers to understand and anticipate their needs and determine their priorities in the context of the overall enterprise.
  • Professional senior individual contributor role.
  • In-depth experience, knowledge and skills in information security and risk management approaches.
  • Applies knowledge and skills to a wide range of standard and non-standard situations.
  • Works independently with minimal guidance.
  • Usually determines own work priorities.
  • Ability to learn new concepts and technologies
  • Acts as a resource for colleagues with less experience.