What are the responsibilities and job description for the Security Architect - SAP position at Costco?
Costco IT is responsible for the technical future of Costco Wholesale, the third largest retailer in the world with wholesale operations in fourteen countries. Despite our size and explosive international expansion, we continue to provide a family, employee centric atmosphere in which our employees thrive and succeed. As proof, Costco ranks seventh in Forbes “World’s Best Employers”.
This is an environment unlike anything in the high-tech world and the secret of Costco’s success is its culture. The value Costco puts on its employees is well documented in articles from a variety of publishers including Bloomberg and Forbes. Our employees and our members come FIRST. Costco is well known for its generosity and community service and has won many awards for its philanthropy. The company joins with its employees to take an active role in volunteering by sponsoring many opportunities to help others.
Come join the Costco Wholesale IT family. Costco IT is a dynamic, fast-paced environment, working through exciting transformation efforts. We are building the next generation retail environment where you will be surrounded by dedicated and highly professional employees.
Security Architects play an integral role in defining and assessing the organization's security strategy, architecture and practices. Security Architects effectively translate business objectives and risk management strategies into specific security processes enabled by security technologies and services. Security Architects anticipate potential threats and design systems to preempt them. Security Architects plan, implement, and supervise computer and network security systems. They blend knowledge of security hardware and software, organizational needs and cybersecurity risks with organizational policies and industry standards. Security Architects respond to security breaches and assess causes, damages, and data recovery. They also implement appropriate changes, updates and upgrades in response to vulnerabilities and attacks.
If you want to be a part of one of the worldwide BEST companies “to work for”, simply apply and let your career be reimagined.
ROLE
● Utilizes deep technical expertise of Cloud IaaS, PaaS and SaaS to provide cybersecurity consulting to our internal partners and value streams.
● Creates design patterns through Security reference architectures, technical target architectures, and conceptual solution architectures that can be repeatedly utilized across Costco systems.
● Leads and participates in Security Governance planning and execution.
● Determines security requirements by evaluating business strategies and requirements.
● Creates comprehensive security requirements documenting certifications, compliance, and privacy requirements prior to product release.
● Identifies dependencies with Costco value streams and shared services based on enterprise security architectures.
● Plans security systems by evaluating technologies and developing requirements that adhere to industry best practices.
● Identifies and integrates essential safeguards and practices into the overall solution design of technology initiatives to deliver security requirements, documenting any residual risks.
● Leads the integration of IT components with enterprise security capabilities.
● Co-manages security capabilities over their lifetime, including redesigns or enhancements.
● Identifies risks, threats, and/or vulnerabilities, that may impact the enterprise in collaboration with peer Security teams.
● Assists in the definition of the security processes for assurance, management and compliance.
● Co-designs the security related integration and deployment architectures for our on-premise and Cloud Networks.
● Supports the development of product roadmaps based on delivery or prioritized features.
● Supports Costco’s Architecture ecosystem by working with Enterprise Architecture, Solution Architects, System Architects and Platform Architects to ensure security by design.
● Hands on design, implementation of SAP Security and SAP GRC solutions from requirements gathering to delivery.
● Works within SAP specific ITGCs to drive efficiency into compliance processes by leveraging SAP and other automated tools.
● Analyzes long-term impact of new or anticipated strategies and decisions.
● Applies broad knowledge of product/service capabilities and environment to identify new growth areas, new technology and emerging product/service opportunities.
● Conducts technological research guided by organization goals, strategies, practices, and user projects.
● Identifies security problems; evaluates trends; anticipates requirements.
● Partners with various parties including IS Compliance, SAP Technical and Functional Teams to continually refine roles and optimize the security implementation based on our ITGCs.
● Gathers requirements from internal clients and provides security and technical expertise to development of roles to satisfy business and compliance requirements.
● Develops security objects that meet business requirements while adhering to the principle of least privilege.
● Develops and recommends strategies for SAP Security and GRC models to continually improve service.
● Partners with business areas and project teams to troubleshoot issues with security objects and identify and implement appropriate solutions.
● Identifies gaps and recommend solutions to security administration processes and procedures as well as area for significant improvement, optimization and automation
● Participates in the decision-making processes for the selection of software architecture solutions that impact SAP landscape.
● Committed to upholding governance and corporate security guidelines including Segregation of Duties (SoD), Sarbanes-Oxley (SOX) and Payment Card Industry (PCI) standards.
● Participates in team activities and planning to improve team skills, awareness and quality of work.
● Stays current with SAP Security technology strategies and requirements by independent study, interaction with SAP Security users’ groups and Costco policies and platforms.
REQUIRED
● Minimum of 9-12 years SAP Security, GRC and compliance experience.
● Delivered multiple SAP and GRC security solutions.
● Advanced knowledge of SAP GRC including: Access Request Management, Access Risk Analysis, Emergency Access Management, Process Control & Business Role Management.
● Advanced knowledge of SAP Security configuration in the following areas: S/4 HANA, ECC (HCM/FICO), CRM, BW/BOBJ, BODS, Solution Manager, GRC, Fiori, HANA Database, JAVA.
● Expert with SOX ITGC audits and working with compliance, internal and external auditor teams.
● Has working knowledge of SAP HANA Security.
● Certification preferred, such as SAP GRC, SAP Security, CISSP, Security .
● Excellent written and verbal communication skills.
● Strong project management and organizational skills.
● Strong understanding of audit and documentation requirements.
● Strong understanding of control environment impacts related to cloud applications.
● Strong knowledge of industry trends in security technology.
● Ability to think and work analytically.
● Ability to work independently.
● Ability to document policies, procedures, and technical diagrams.
● Ability to manage a substantial unplanned workload with short deadlines.
● Must have the ability to work with limited supervision and exhibit a strong sense of urgency.
● Strong conceptual, analytical, problem-solving, troubleshooting and resolution skills.
● Documentation and presentation skills catered to a diverse technical and business audience.
● Team leadership and role-model.
● Deep technical knowledge of the relevant part(s) of the SAP environment.
● Scheduling flexibility to meet the needs of the business including nights, weekends, and holidays.
Recommended
● Bachelor’s degree in Computer Science or a minimum of 3 to 5 years’ Information Systems security or related data processing auditing experience.
● Certified Information Systems Security Professional (CISSP), Security certification.
● Familiarity with Regulatory Compliance and industry standards, such as HIPAA, SOX, and PCI.
Required Documents
● Cover Letter
● Resume
California applicants, please click here to review the Costco Applicant Privacy Notice.
Pay Ranges:
Level 2 - $140,000 - $180,000
Level 3 - $170,000 - $215,000, Bonus and Restricted Stock Unit (RSU) eligible
We offer a comprehensive package of benefits including paid time off, health benefits - medical/dental/vision/hearing aid/pharmacy/behavioral health/employee assistance, health care reimbursement account, dependent care assistance plan, short-term disability and long-term disability insurance, AD&D insurance, life insurance, 401(k), stock purchase plan to eligible employees.
Costco is committed to a diverse and inclusive workplace. Costco is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or any other legally protected status. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to IT-Recruiting@costco.com
If hired, you will be required to provide proof of authorization to work in the United States.
Salary : $200,000 - $245,000