IT Security Specialist

-

• Bachelor’s degree in Information Security, Computer Science, or a related field.
• 3+ years of experience in IT security or internal controls, with at least 1–2 years focused on Microsoft D365 F&O.
• Strong understanding of SoD principles, role-based access control, and critical object protection in ERP systems.
• Experience with RCM development and maintenance, preferably in a regulated or audit-intensive environment.
• Familiarity with Azure Active Directory, Microsoft Defender, and compliance tools such as Microsoft Purview.
• Relevant certifications (e.g., CISA, CISSP, Microsoft Certified: Security Operations Analyst Associate).

Preferred Skills

• Experience with GRC tools (e.g. Sailpoint, Pathlock   or similar) for SoD and access control monitoring.
• Knowledge of Power Platform security (Power BI, Power Apps).
• Strong analytical, documentation, and communication skills.
• Ability to work cross-functionally with IT, audit, and business teams.

Responsibilities

• Implement, and monitor SoD-compliant role structures within D365 F&O to prevent conflicts of interest and fraud.
• Monitoring and secure critical business objects and transactions, including financial, procurement, and Commercial modules.
• Maintain and update the Risk Control Matrix (RCM), mapping business processes to risks and controls within the D365 environment.
• Collaborate with internal audit, compliance, and business process owners to ensure control effectiveness and audit readiness.
• Conduct regular access reviews, security audits, and SoD conflict analysis using automated tools and manual assessments.
• Support incident response and remediation activities related to access violations or control failures.

Document security configurations, control mappings, and audit findings in alignment with regulatory and internal standards (e.g., SOX, GDPR).