IT Lead Engineer Application Security - Remote

OVERVIEW

Live the experience. From professional empowerment to continual learning opportunities. From ongoing investment in new and emerging technologies to a career of self-determination. At Ulta Beauty, our tech team is critical to our scalability—and is recognized that way. We’ve been defined as a “mature start-up.” A place where interdepartmental exposure, open doors, and genuine collaboration is ubiquitous. Where challenges come fast and furious, requiring agility, mental dexterity, and creativity. Where our passion for better solutions drives us and is core to who we are.

We’re engineering for the future of retail, and it’s no-holds-barred. But for those motivated by continual change and ambiguity, by superior leadership, by whip smart colleagues who will press you daily for your very best, you’ll find that virtually nothing’s impossible at Ulta Beauty.

THE IMPACT YOU CAN HAVE: 

This position will join a team responsible for Application Security within Ulta. The Application Security team is primarily responsible for supporting security-related aspects of IT applications and infrastructure, with an emphasis on the SAP platforms. This position interfaces with associates at varying levels of the organization and works closely with project managers and Application Development / Infrastructure / Operations personnel.  The overall mission of the ITRM Security Engineer is to ensure ULTA’s IT environment is protected against internal and external threats and in compliance with the Sarbanes Oxley Act (SOX), and all applicable state and federal privacy laws and regulations. 

YOU'LL ACCOMPLISH THESE GOALS BY: 

• Security Administration – Monitors the application and compliance of security administration procedures and reviews information systems for actual or potential breaches in security. Ensures that all identified breaches in security are promptly and thoroughly investigated and that any system changes required to maintain security are implemented. Ensures that security records are accurate and complete and that requests for support are dealt with according to set standards and procedures. Contributes to the creation and maintenance of policy, standards, procedures, and documentation for security.
• Business Process Improvement - Analyzes business processes; evaluates alternative solutions, assesses feasibility, and recommends new approaches, typically seeking to exploit technology components. Evaluates the financial, cultural, technological, organizational and environmental factors which must be addressed in the change program. Develops business requirements for the implementation of significant changes in organizational mission, business functions and process, organizational roles and responsibilities, and scope or nature of service delivery.
• Research – Leads research plans and identifies appropriate opportunities for publication and dissemination of research findings. Where necessary, designs data collection tools and techniques for both qualitative and quantitative data.
• Incident Management - Manages the prioritization and diagnosis of incidents according to agreed procedures. Investigates causes of incidents and seeks resolution. Manages the escalation of unresolved incidents. Coordinates recovery, following resolution of incidents. Manages the documentation and closure of resolved incidents according to agreed procedures.
• Problem Management - Ensures that appropriate action is taken to anticipate, investigate and resolve problems in systems and services. Ensures that such problems are fully documented within the relevant reporting system(s). Leads the development of problem solutions. Coordinates the implementation of agreed remedies and preventative measures. Evaluates patterns and trends.
• Relationship Management - Facilitates open communication and discussion between stakeholders, acting as a single point of contact by developing, maintaining and working to stakeholder engagement strategies and plans.  Negotiates with stakeholders at senior levels and ensures that organizational policy and strategies are adhered to. Uses feedback from customers and stakeholders to help measure effectiveness of stakeholder management. Contributes to the development and enhancement of customer and stakeholder relationships.
• Information Security – Recommends and contributes advice and guidance on security strategies to manage identified risks and ensure adoption and adherence to standards. Assesses and acts on vulnerability information and undertakes security risk assessments, business impact analysis and accreditation on complex information systems. Contributes to development of information security policy, standards, and guidelines.
• Relationship Management - Facilitates open communication and discussion between stakeholders, acting as a single point of contact by developing, maintaining and working to stakeholder engagement strategies and plans.  Negotiates with stakeholders at senior levels and ensures that organizational policy and strategies are adhered to. Uses feedback from customers and stakeholders to help measure effectiveness of stakeholder management. Contributes to the development and enhancement of customer and stakeholder relationships.

ADDITIONAL RESPONSIBILITIES:

• Responsible for all Ulta Beauty application security including user and role management with an emphasis on SAP BI Hana, Hana Database SQL Modeler and BI Cloud experience
• Provide input to Architect to designing highly available and scalable systems on cloud platforms
• Develop automation and processes to deploy, manage, configure, secure and scale cloud-based supported systems and stacks quickly and rapidly
• Implement methodologies and systems to automate and support application deployments
• Administer security requests for internal applications such as SAP ECC, PI, BI, BOBJ, CPI, S/4 Hana, Fiori, SuccessFactors (ECP), Hana database security, Solution Manager w/Rev Trac, Ariba and IBM OMS.
• Management of complex application landscape
• Understand the concept of Catalogs/Spaces/Pages
• Use and understanding of Identity Management Solution and how it relates to SAP Security
• Manages SAP GRC system configuration, workflow, emergency access management, User Access Reviews as well as other functions within the SAP GRC module.
• Participates in security design and development for projects for all applications.
• Identifies process improvement opportunities to streamline application security and contribute to developing a Role Based Access Control model.
• Ensure application role management meet Segregation of Duties and Sox compliance requirements. 
• Maintains and enforces security policies and standards
• Participates and contributes to information security-related internal / external audits
• Mentor other team members
• Maintains and enforces security policies and standards
• Supports information security-related internal / external audits tasks
• Remains aware of and applies industry best practices in security techniques 
• Performs other duties as assigned

ESSENTIALS FOR SUCCESS: 

• Bachelor’s degree in Computer Science, a related field, or applicable work experience
• 10+ years of IT experience, with a focus on Identity Access Management
• Experience in SAP HANA Security Studio/Eclipse
• Strong understanding SAP authorization objects/fields/values and ability to challenge business to maintain best practice
• Ability to understand business needs; ability to establish and maintain a high level of business partner trust and confidence in ITRM’s concern for end users and other stakeholders
• Ability to communicate and understand both business and technical information clearly and effectively
• Ability to follow-up, follow through and deliver timely results with focused attention to detail
• Team member etiquette
• Strong Communications, customer focus and leadership skills required.
• Strong team player with proven experience and ability to collaborate with security professionals.
• Proven experience and ability to manage problem resolution of complex or intermittent issues in a multi-vendor, integrated enterprise environment.
• Strong verbal, written and presentation skills with the ability to effectively interact with internal and external business partners.
• Solid knowledge of industry best practices and technical systems.
• Normal office demands, ability to lift a minimum of 25 pounds.
• Off-Hours support including 24x7 on-call required.

 

The pay range for this position is $98000.00 - $166300.00 / Year with the opportunity to earn additional compensation pursuant with the Company’s bonus plan. Exact pay will be based on factors including but not limited to relevant education qualifications certifications experience level shift geographic location and business and organizational needs. Visit our Benefits and Career Development page:https://careers.ulta.com/careers/about-us/benefits-and-career-development

ABOUT

At Ulta Beauty (NASDAQ: ULTA), the possibilities are beautiful. Ulta Beauty is the largest North American beauty retailer and the premier beauty destination for cosmetics, fragrance, skin care products, hair care products and salon services. We bring possibilities to life through the power of beauty each and every day in our stores and online with more than 25,000 products from approximately 500 well-established and emerging beauty brands across all categories and price points, including Ulta Beauty’s own private label. Ulta Beauty also offers a full-service salon in every store featuring—hair, skin, brow, and make-up services.

We will consider for employment all qualified applicants, including those with arrest records, conviction records, or other criminal histories, in a manner consistent with the requirements of any applicable state and local laws, including the City of Los Angeles’ Fair Chance Initiative for Hiring Ordinance, the San Francisco Fair Chance Ordinance, and the New York City Fair Chance Act.