IT LEAD ENGINEER - APPLICATION SECURITY
The Ulta Beauty IT Risk Management team is looking for an Application Security Engineer. This position is accountable for supporting security-related aspects of IT applications and infrastructure, with an emphasis on the BI Reporting platforms. This position interfaces with associates at varying levels of the organization and works closely with project managers and Application Development / Infrastructure / Operations personnel. The overall mission of the ITRM Security Engineer is to ensure ULTA’s IT environment is protected against internal and external threats and in compliance with the Sarbanes Oxley Act (SOX), the Payment Card Industry Data Security Standard (PCI DSS) and all applicable state and federal privacy laws and regulations.
REQUIRED JOB SKILLS
- Security Administration - Monitors the application and compliance of security administration procedures and reviews information systems for actual or potential breaches in security. Ensures that all identified breaches in security are promptly and thoroughly investigated and that any system changes required to maintain security are implemented. Ensures that security records are accurate and complete and that requests for support are dealt with according to set standards and procedures. Contributes to the creation and maintenance of policy, standards, procedures and documentation for security.
- Business Process Improvement: Analyzes business processes; evaluates alternative solutions, assesses feasibility, and recommends new approaches, typically seeking to exploit technology components. Evaluates the financial, cultural, technological, organizational and environmental factors which must be addressed in the change program. Develops business requirements for the implementation of significant changes in organizational mission, business functions and process, organizational roles and responsibilities, and scope or nature of service delivery.
- IT Governance – Understands relevant standards and the principles embedded within them. Evaluates new business proposals and provides specialist advice on compliance issues.
- Research - Leverages resources to gain an up-to-date knowledge of any relevant technology and security vulnerabilities.
- Data Analysis: Reviews and investigates corporate data requirements, and undertakes data analysis, data modelling and quality assurance techniques, to establish, modify or maintain data structures and their associated components.
- Information Management: Ensures that the business processes and information required to support the organization are defined and devises appropriate standards, processes and data architectures. Evaluates the impact of any relevant statutory, internal or external regulations on the organization's use of information and develops strategies for compliance.
- Problem Management: Ensures that appropriate action is taken to anticipate, investigate and resolve problems in systems and services. Ensures that such problems are fully documented within the relevant reporting system(s). Leads the development of problem solutions. Coordinates the implementation of agreed remedies and preventative measures. Evaluates patterns and trends.
- Relationship Management: Facilitates open communication and discussion between stakeholders, acting as a single point of contact by developing, maintaining and working to stakeholder engagement strategies and plans. Negotiates with stakeholders at senior levels and ensures that organizational policy and strategies are adhered to. Uses feedback from customers and stakeholders to help measure effectiveness of stakeholder management. Contributes to the development and enhancement of customer and stakeholder relationships.
PRINCIPAL DUTIES & RESPONSIBILITIES (*Essential Functions)
- Responsible for all Ulta Beauty application security including user and role management with an emphasis on SAP BI Hana, Hana Database SQL Modeler and BI Cloud experience
- Provide input to Architect to designing highly available and scalable systems on cloud platforms
- Develop automation and processes to quickly and rapidly deploy, manage, configure, secure and scale cloud-based systems and stacks
- Implement methodologies and systems to automate and support application deployments
- Administer security requests for internal applications such as SAP ECC, PI, BI, BOBJ, CPI, S/4 Hana, Fiori, SuccessFactors, Hana database security and IBM OMS.
- Manages SAP GRC system configuration, workflow, emergency access management, User Access Reviews as well as other functions within the SAP GRC module.
- Participates in security design and development for projects for all applications.
- Identifies process improvement opportunities to streamline application security and contribute to developing a Role Based Access Control model.
- Ensure application role management meet Segregation of Duties and SoX compliance requirements.
- Maintains and enforces security policies and standards
- Participates and contributes to information security-related internal / external audits
- Performs other duties as assigned
- Bachelor’s degree in a technical discipline (or equivalent work experience)
- Minimum of ten+ years’ experience in a technology position with a broad knowledge of IT hardware and software, within an SAP environment.
- Minimum of five years’ experience in SAP BI/Hana and Hana database security administration
- Experience in SAP HANA Security Studio/Eclipse
- Knowledgeable as to IT security concepts, compliance, principles and tools
- Ability to understand business needs; ability to establish and maintain a high level of business partner trust and confidence in ITRM’s concern for end users and other stakeholders
- Ability to clearly and effectively communicate both business and technical information
- Ability to follow-up, follow through and deliver timely results
- Retail industry experience preferred
- Fast-paced, dynamic environment with new tasks changing daily/weekly
- Dependability is essential