A&A Specialist

About The Position

Requirements

• Proven leadership skills at a Manager level, with a track record of successfully navigating complex federal audits or large-scale cybersecurity transformations.
• In-depth knowledge of Cybersecurity Frameworks, including experience with NIST, FISMA, or SOC 1/SOC 2 compliance within an ERP environment.
• Strong communication and interpersonal skills to effectively collaborate with Chief Information Security Officers (CISOs), Internal Auditors, and technical architects.
• Proficiency in risk management and mitigation, specifically the ability to translate technical vulnerabilities into business-risk impact statements for leadership.
• US Citizen (no dual citizenship).
• Must be eligible to obtain a government Secret Clearance.

Responsibilities

• Lead complex risk assessments, security governance, and compliance monitoring.
• Lead efforts to enable security-compliant S/4HANA solutions, ensuring "Security by Design" and "Least Privilege" principles are incorporated into functional and technical designs.
• Oversee the development of SAP Security Roles, ensuring Segregation of Duties (SoD) is maintained and sensitive federal data is protected through robust authorization concepts.
• Assess and manage risk-reducing behaviors and processes, implementing continuous monitoring frameworks to detect and mitigate insider threats and external vulnerabilities.
• Drive the implementation of SAP GRC (Access Control / Process Control) or similar tools to automate audit logging and compliance reporting.
• Review and integrate security requirements across the Universal Journal, PII-heavy modules (H2R), and high-value financial workstreams (B2R/P2R).
• Provide input into final decisions regarding cybersecurity tools, identity and access management (IAM), encryption standards, and secure integration with external interfaces.
• Manage and ensure compliance with federal mandates, such as NIST 800-53, FISMA, and the DATA Act, while preparing the organization for unmodified audit opinions.
• Facilitate the audit lifecycle, serving as the central point of contact for audit inquiries, managing the collection of evidence, and driving the remediation of any identified findings.
• Execute program management support functions for the security workstream, including staffing specialized cyber resources, budgeting for security software, and forecasting compliance needs.
• Monitor and report on security posture, providing executive-level dashboards on risk exposure, SoD violations, and the status of audit-readiness activities.
• Mentor and train junior team members, fostering a culture of risk awareness and technical excellence in SAP security configuration and audit techniques.

Benefits

• Hands-on experience
• Certifications
• Industry training