05-17-2007 6:50 PM
Hi All
We are looking to implement SAP Virsa Compliance cabilator and i was asked to draft job description for the Virsa resources.
Can anyone please help to write job descripton for "to-be" VIrsa resource.
Does this person need to have technical background e.g SAP BASIS, ABAP or
from functional areas. Also how much JAVA experince is required etc.
Any thought is highly appreciated.
Thank you very much.
05-18-2007 11:17 AM
Hi Julio,
From my humble experience, I'd recommend you to involve three different types (groups - ?) of resources in your project work: System Administrators, Security Experts and Audit:
System administrator needs to have some expereince with:
- configuration of Netweaver Server (Java stack);
- setup of users in UME;
- setup of JCo connections;
- basic knowledge of Oracle DB to check / request certain updates.
Security Expert:
- solid knowledge of authorisation concept: roles, objects, etc;
- clear understanding of provided ruleset info;
- setting up new risks in Compliance Calibrator;
- ability to analyse provided SoD info to come up with the possible solutions: remediation (e.g. splitting the role) or mitigation (controlled risk);
Audit:
- control changes in ruleset;
- monitor alerts / mitigation controls;
- identify new risks and agree them with Business
As you see, there is no requirement to have ABAP developer or Java expert. Although, knowledge of J2EE administration is a plus, as it may save some of your time with the system deployment and tuning.
Hope it helps. If yes, add some extra points to my forum account
Best regards,
Laziz
05-18-2007 11:17 AM
Hi Julio,
From my humble experience, I'd recommend you to involve three different types (groups - ?) of resources in your project work: System Administrators, Security Experts and Audit:
System administrator needs to have some expereince with:
- configuration of Netweaver Server (Java stack);
- setup of users in UME;
- setup of JCo connections;
- basic knowledge of Oracle DB to check / request certain updates.
Security Expert:
- solid knowledge of authorisation concept: roles, objects, etc;
- clear understanding of provided ruleset info;
- setting up new risks in Compliance Calibrator;
- ability to analyse provided SoD info to come up with the possible solutions: remediation (e.g. splitting the role) or mitigation (controlled risk);
Audit:
- control changes in ruleset;
- monitor alerts / mitigation controls;
- identify new risks and agree them with Business
As you see, there is no requirement to have ABAP developer or Java expert. Although, knowledge of J2EE administration is a plus, as it may save some of your time with the system deployment and tuning.
Hope it helps. If yes, add some extra points to my forum account
Best regards,
Laziz
05-18-2007 5:05 PM