REQUEST FOR EXPRESSIONS OF INTEREST
“SAP GRC Access Control Consultant”
AFRICAN DEVELOPMENT BANK
Avenue Joseph Anoma, 01 B.P. 1387, Abidjan, CÔTE D’IVOIRE
Security Unit – Information Security
- The African Development Bank hereby invites Individual Consultants to indicate their interest in the following assignment : SAP GRC Access Control Consultant ;
- The Bank has implemented the SAP GRC system to provide seamless harmonization while maintaining compliance ;
- The Consultant will be responsible for reviewing and re-designing roles; remediating potential segregation of duties (SoD) conflicts and providing basic training on role management in GRC ;
- The SAP GRC Access Control Consultant is expected to lead the development of a centralized process for security role administration, review and design roles for business users, and ensuring compliance to security policies and control sets. The Consultant will report to the Chief Information Security Officer ;
- The main responsibilities are :
- Evaluate, plan and implement improvements to the current SAP GRC system and security processes ;
- Ensure the development and maintenance of SAP roles and authorizations are aligned with security best practices and the Bank’s security policies ;
- Ensure business control designs are properly implemented in the GRC system ;
- Reviewing and re-designing roles for business users in the ERP, Fiori and GRC systems ;
- Lead the development of the SOD matrix ;
- Assist in the remediation of users/roles SOD conflicts ;
- Provide basic training on GRC fundamentals ;
- Perform any other SAP ERP/GRC related assignments as advised by the Chief Information Security Officer.
- The Consultant Profile :
- The consultant should have a relevant master’s degree and a minimum of 5 years of experience ;
- Good communication and interpersonal skills ;
- Relevant SAP security and authorizations certifications ;
- Demonstrable experience in the GRC implementation at the project level ;
- A demonstrable knowledge and experience in the following ;
- Business Role Management (BRM) ;
- Access Risk Analysis and Remediation (ARA), o Emergency Access Management (EAM) ;
- Access Request Provisioning (ARQ), o SAP security and authorization ;
- Performing segregation of duties (SOD) ;
- Fluent in English or French.
- Interested individuals are invited to indicate their interest in providing the above-described services. Interested Consultants shall provide information on their qualifications and experience demonstrating their ability to undertake this Assignment (CV, reference to similar services, experience in similar assignments, etc.) ;
- The eligibility criteria, the establishment of a short list and the selection procedures shall be in conformity with the Bank’s procedures for the acquisition of consulting services funded by the administrative or capital expenditure. Please, note that interest expressed by a Consultant does not imply any obligation on the part of the Bank to include him/her in the shortlist ;
- The estimated duration of services is six (6) months, with possibilities of extension; and the estimated starting date is 25 October 2020 ;
- Interested Individual Consultants may obtain further information at the address below during the Bank’s working hours: from 08:00 to 17:00 hours, Abidjan Local Time ;
- Expressions of interest must be received at the address below no later than 25 September 2020 at 17:00 GMT and specifically mentioning “Individual SAP GRC Access Control Consultant”.
For the attention of
Information Security Team African Development Bank
Avenue Joseph Anoma, 01 B.P. 1387, Abidjan, CÔTE d’IVOIRE E-mail : [email protected]
Tel : (+225) 20 26 43 11
- ESTABLISHMENT OF THE SHORT LIST
A shortlist of three to six individual consultants will be established at the end the request of expressions of interest. The consultants on the shortlist will be judged on the following:
- Level of education in general 20% ;
- Certifications relevant to the assignment 20% ;
- Years of experience in general 20% ;
- Experience relevant to the assignment 40%.