IT Security & Controls Analyst

Since 1952, Lawson Products has worked hard to make our customers' jobs easier by improving their operational efficiency, productivity, and overall performance. As a leader in the MRO industry, we partner with customers to make sure they have the right maintenance and repair parts on hand when needed. We are looking for a motivated Security & Controls Lead responsible for supporting audit cycles and ensuring compliance with Sarbanes–Oxley and other regulatory standards. This position is also tasked with creating and implementing security standards for the SAP landscape, Active Directory, and other ancillary systems, based on best practices. Our corporate headquarters is in Chicago, IL. We offer 401k plus vision, dental and medical benefits, as well as a paid holiday and PTO package. Responsibilities: • Regularly performs spot checks on account and role creation, user account onboarding, and termination reviews. Follows up with Lawson staff and consultants if deficiencies are found. • Oversees and coordinates with offshore SAP Security Analyst. Performs spot checks on their work, providing best practice and process improvement. Gives direction and ensures they are following the methodologies and standards set by this job function. • Adheres to regulatory and compliance requirements, such as segregation of duties, SOX, and other regulatory standards, as required. • Liaises with the business, service delivery, internal audit, and external audit teams to ensure a consistent and comprehensive security approach. • Supports and monitors SOX related activities for all in scope applications to ensure compliance. • Participates in periodic audits with internal and external audit personnel and constructs action plans for addressing any noted deficiencies. • Establishes and maintains procedures and other technical documentation related to the IT security environment. • Collaborates with functional and technical teams to resolve system issues. • Monitors user administration processes and continuously implements improvements. • Other duties as assigned. Qualifications & Requirements: • Undergraduate degree in engineering, computer science, or other technical discipline, plus five to seven years of security-specific experience, with at least the most recent three years of progressive applied experienced as an IT Security Professional, or an equivalent combination of education and experience. • Must have three to five years of previous demonstrated work experience implementing SOX Security and Audit Controls. • Strong team player with excellent collaboration skills and the ability to work in cross-functional and cross-cultural environment. • The following certifications are a plus: • Completed SAP Security Certification. • Professional certification(s) such as a CISA, CISSP, CGEIT, or CRISC. • An experienced IT security professional, well-versed in IT security policy management, information security risk management, IT security governance, industry best practices in securing IT systems, and security audit engagement management. • A working level knowledge of Active Directory, groups, users, organizational units, group policy and how to provision the minimum security required for a user’s job function. • Deep knowledge of the following areas: position-based SAP security; table level restrictions; authorization groups; company code restrictions; SAP file level restrictions; SAP Java AS security; mass user creation; deletion; ECATT scripting and SAP security logs. • An in-depth understanding of SAP security authorization concepts, SAP Segregation of Duty, access controls and SAP GRC Administration. Experience with GRC 5.3 and 10 is a plus. • Understanding and experience implementing and supporting SAP security for ECC, GRC, BW, BOBJ, BODS, BPC, CRM, PI and SAP Mobile Platform. • Demonstrates knowledge and skill in managing security process controls over critical and sensitive SAP transactions. • Able to work closely with the business, internal audit and IT to implement and maintain consistent SAP security controls across multiple SAP landscapes. • Able to take the initiative and work independently on implementing security processes for major projects. • Able to demonstrate progressive, broad-based IT, and business experience. • Strong analytical, troubleshooting, and problem-solving abilities. • Strong customer service skills and commitment to providing quality service in support of IS/IT goals. • Excellent communication, interpersonal/team building skills, and time management skills. Our salary range for this role is $83,00 - $99,640 including a full benefits package. Lawson Products is an Equal Opportunity Employer of women, minorities, protected veterans and individuals with disabilities.