McCormick & Company
Website:
mccormickcorporation.com
Job details:
The SAP GRC Analyst II is responsible for leading and continuously enhancing McCormick’s SAP Governance, Risk & Compliance (GRC) capabilities across Process Controls (PC), Access Controls (AC), and Emergency Access Management (EAM). This role focuses on strengthening enterprise risk management, internal control effectiveness, segregation of duties (SoD) governance, and audit readiness across McCormick’s global SAP landscape (e.g., S/4HANA, ECC, BW, Fiori, and integrated applications).
This position requires a deep understanding of SAP GRC frameworks, risk management methodologies, SOX compliance requirements, and control monitoring best practices. The analyst partners closely with Internal Audit, IT Security, business process owners, and external auditors to proactively identify risk, monitor control effectiveness, and provide actionable reporting that supports regulatory compliance and enterprise risk mitigation.
The incumbent will take ownership of GRC strategy execution, risk analytics, and continuous control improvement initiatives. This role is responsible for driving maturity in automated controls, access governance frameworks, firefighter oversight, and risk reporting processes aligned to enterprise policies and compliance standards as established by the Director of Information Systems Security.
The GRC Application Analyst II must demonstrate strong analytical, communication, and influencing skills, proactively collaborating with cross-functional stakeholders to ensure sustainable controls, transparency of risk posture, and alignment between compliance objectives and business operations.
Role and Responsibilities:
- Lead SAP GRC strategy execution across Process Controls (PC), Access Controls (AC), and Emergency Access Management (EAM), ensuring alignment with enterprise risk management objectives, SOX requirements, and internal control frameworks.
- Own and maintain the Segregation of Duties (SoD) framework, including ruleset governance, risk catalog management, mitigating control design, and risk impact assessments for system implementations and business transformations..
- Oversee Emergency Access Management (Firefighter) governance, including provisioning standards, usage monitoring, log review processes, escalation management, and continuous improvement of emergency access controls.
- Manage and optimize Process Controls (PC), including automated control design, control testing coordination, deficiency tracking, and validation of remediation efforts to ensure sustained control effectiveness.
- Generate, analyze, and present GRC risk reports, dashboards, and trend analyses for Internal Audit, IT Security leadership, and business stakeholders, translating technical risk data into clear business impact insights and remediation recommendations.
- Partner with business process owners, IT teams, and Internal Audit to evaluate control design, document risks, support walkthroughs, coordinate audit evidence, and ensure timely remediation of findings.
- Drive continuous improvement of GRC governance standards, policies, procedures, and reporting methodologies, promoting automation, efficiency, and transparency across the enterprise control environment.
Desired Skills & Profile:
- Bachelor’s Degree in Information Systems, Accounting, Finance, Business Administration, Cybersecurity, or a related field preferred.
- May consider 8 years of relevant experience in IT Risk, Compliance, Internal Controls, Audit, or SAP GRC administration in lieu of a degree
- 6+ years of experience in IT, Risk, Compliance, or Internal Controls, including at least 4 years focused on SAP Governance, Risk & Compliance (GRC) with hands-on experience in Access Controls (AC), Process Controls (PC), and Emergency Access Management (EAM). Demonstrates a strong understanding of Segregation of Duties (SoD) frameworks, automated control monitoring, risk assessment methodologies, and SOX compliance requirements across multiple SAP environments (e.g., ECC, S/4HANA, Fiori, BW).
- Experience working in a manufacturing or global enterprise environment with ERP systems, applying governance best practices to strengthen internal controls, enhance audit readiness, and balance compliance requirements with operational efficiency and business enablement.
Click on Apply to know more.