Costco IT is responsible for the technical future of Costco Wholesale, the third largest retailer in the world with wholesale operations in fourteen countries. Despite our size and explosive international expansion, we continue to provide a family, employee centric atmosphere in which our employees thrive and succeed. As proof, Costco ranks eighth in Forbes “World’s Best Employers”.

This is an environment unlike anything in the high-tech world and the secret of Costco’s success is its culture. The value Costco puts on its employees is well documented in articles from a variety of publishers including Bloomberg and Forbes. Our employees and our members come FIRST.  Costco is well known for its generosity and community service and has won many awards for its philanthropy. The company joins with its employees to take an active role in volunteering by sponsoring many opportunities to help others. 

Come join the Costco Wholesale IT family. Costco IT is a dynamic, fast-paced environment, working through exciting transformation efforts. We are building the next generation retail environment where you will be surrounded by dedicated and highly professional employees.

Security Analysts support the values and business goals as they relate to legal, ethical, and regulatory obligations; protect privacy; and maintain a secure technology environment.  Security Analysts develop and execute security controls, defenses, and countermeasures to intercept and prevent internal/external attacks, infiltration of company data, and compromising of systems and accounts. Security Analysts research attempted/successful efforts to compromise systems security; design countermeasures; implement and maintain physical, technical, and administrative security controls; and provide information to management regarding the negative impact to the business.

The SAP Security Analyst is responsible for the creation and maintenance of General IT control objectives in the area of SAP GRC. This position will be responsible for ensuring that all SAP GRC IT control objectives are in compliance and running to full efficiency. In addition, this role will assist with the daily and monthly reporting of SOD (Segregation of Duties) activities from SAP GRC in support of meeting applicable compliance objectives. Candidates must have direct “hands-on” experience in IT audits and functional experience using SAP GRC. This is a cross-functional role, working closely with the SAP Security team and other functional teams to ensure security requirements and solutions meet compliance objectives. Effective communication and technical leadership is critical to the success of this role. Candidates must be able to mentor and teach junior level employees as well as possess the ability to fluently speak both technical and business language interchangeably.

If you want to be a part of one of the worldwide BEST companies “to work for”, simply apply and let your career be reimagined.

 

ROLE

●      Provides security and technical expertise to support the development of security objects to satisfy business requirements.

●      Analyzes and administers security policies to control physical and virtual system access.

●      Identifies and investigates security issues and develops security solutions that address compliance requirements that

can/do impact security.

●      Identifies, develops, and implements mechanisms to detect security incidents in order to enhance compliance and support of the security standards and procedures.

●      Assesses business role requirements, reviews authorization roles, and supports authorizations.

●      Demonstrates a comprehensive skill set with testing authorizations for multiple environments and coordinates testing with business/technical users.

●      Validates system configurations to ensure the safety of information systems assets and protects information systems from intentional or inadvertent access or destruction.

●      Implements best practice when applying knowledge of information systems security standards/practices (e.g.access control and system hardening, system audit and log file monitoring, security policies, and incident handling).

●      Identifies security gaps that expose Costco to potential exploit and develop short and long term prioritized remediation to address those gaps.

●      Determines strategy and protocol for network behavior, analysis techniques, and tool implementation.

●      Creates dashboards, configures alerts, implements and supports security software platforms, and monitors tools/apps.

●      Identifies opportunities for streamlining, and increasing effectiveness through continuous process improvement.

●      Implements practices, processes, and procedures consistent with Costco's information security policy and IT standards.

●      Develops and documents security events and incident handling procedures into Playbooks.

●      Ensures that incident documentation is comprehensive, accurate, and complete.

●      Triages, prioritizes, investigates, and coordinates security events and incident handling activities.

●      Creates and/or remediates GITC (General IT Controls) in support of meeting audit objectives for all SAP modules, and their supporting Databases, within the Costco SAP landscape (i.e. Finance, Retail, Warehouse Management, Payroll, Oracle, HANA, etc.)

●      Designs IT testing procedures to identify and evaluate risk exposures and determine the effectiveness and efficiency of controls.

●      Assists with the creation of effective remediation solutions and/or exception documentation where applicable.

●      Serves as the subject matter expert and point of contact to Internal and External Auditors.

●      Assists project teams with creation and implementation of IT controls objectives and integration into SAP-GRC.

●      Assists with the successful completion of the quarterly UAR (User Access Review) audit process.

●      Collaborates with Internal Audit in developing, testing, and devising solutions to effectively meet applicable IT control objectives.

●      Takes responsibility for continued personal growth in the areas of technology, business knowledge, Costco policies, and platforms.

●      Participates in team activities and team planning in regards to improving team skills, awareness, and quality of work.

REQUIRED

●      Minimum of 7 years of experience of SAP GRC Access 10.0 and or 12.0 with expertise using the following modules:

●      Account Request Management (ARM)

●      Access Risk Analysis (ARA)

●      Emergency Access Management (EAM)

●      User Access Review (UAR)

●      Process Control (PC)

●      SAP ETD

●      Minimum of 5 years work experience in IT Risk Management, SOX compliance, and/or auditing with a strong background in IT controls.

●      Minimum of 5 years of experience with SAP Security across various applications including but not limited to S/4 HANA, ECC, BW, MDG, Fiori, PI/PO, eWM, and Solution Manager.

●      Understanding of SAP cloud security.

●      Minimum of 5 years of experience with SOD conflict resolution.

●      Strong understanding of Sarbanes-Oxley (SOX) and other compliance requirements that may impact SAP Security

●      Expertise in working with Internal and External auditors.

●      Experience developing security solutions that address Sarbanes-Oxley requirements.

●      Ability to effectively mentor less experienced team members on SAP compliance.

●      Experience in successful project implementation and follow-up.

●      Strong conceptual, analytical, problem-solving, troubleshooting, and resolution skills.

●      Ability to monitor and manage the progress of tasks and work independently.

●      Ability to design, develop, and maintain SAP user management and security architecture across SAP environments. This includes hands-on role design and build across a number of complex SAP applications and databases.

●      Strong time management skills.

●      Good decision-making skills.

●      Available for 24x7 on call rotational support.

Recommended

●      Bachelor’s degree in Accounting, Business, Information Technology, or Computer Science preferred.

●      Documentation and presentation skills catered to a diverse technical and business audience.

●      Technical knowledge of SAP landscapes and roadmaps.

 

Required Documents

●      Cover Letter

●      Resume

 

California applicants, please click here to review the Costco Applicant Privacy Notice. 

 

Pay Ranges: 

Level 3  - $125,000 - $165,000

Level 4  - $150,000 - $195,000

We offer a comprehensive package of benefits including paid time off, health benefits - medical/dental/vision/hearing aid/pharmacy/behavioral health/employee assistance, health care reimbursement account, dependent care assistance plan, short-term disability and long-term disability insurance, AD&D insurance, life insurance, 401(k), stock purchase plan to eligible employees.

Costco is committed to a diverse and inclusive workplace. Costco is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or any other legally protected status. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to IT-Recruiting@costco.com

If hired, you will be required to provide proof of authorization to work in the United States.