Risk Consulting - Risk Technology - SAP GRC & Security - Senior Consultant
About The Position
With rapid growth across SAP and Governance, Risk, and Compliance (GRC), EY is seeking SAP Security and GRC professionals who understand risk management challenges and can support improved business performance through SAP Application Security and GRC solutions. As a Senior Consultant in Risk Technology, you will support client engagements by contributing to the design, configuration, and implementation of SAP Security and GRC capabilities across transformation initiatives. You will work alongside experienced managers and partners, gaining exposure to complex SAP environments while building deep technical expertise and client-facing skills within a collaborative, people-oriented culture.
Requirements
- Hands-on experience supporting SAP Security and SAP GRC Access Control implementations
- Understanding of SAP Application Security concepts across on‑premise, cloud, and SaaS SAP applications
- Ability to execute defined tasks independently while escalating risks and issues appropriately
- Strong analytical, problem-solving, and documentation skills
- Effective written and verbal communication skills, with the ability to work collaboratively across teams
- Comfort working in fast-paced environments with shifting priorities
- 3–5+ years of experience supporting SAP Security and/or SAP GRC engagements
- Hands-on experience with Design, Build, Test, and Deploy activities for SAP Application Security across systems such as SAP ECC, S/4HANA, FIORI, ARIBA, HCM, or SuccessFactors
- Experience supporting SAP GRC Access Control (e.g., version 12.0 or similar technologies), including exposure to IAM integrations (e.g., Saviynt, SailPoint, SAP IAG)
- Experience supporting SoD and Critical Action rule sets, access provisioning, and emergency access processes
- Ability to manage multiple workstreams with guidance and supervision
- Willingness to travel based on client needs (estimated up to 80%); valid U.S. driver’s license and passport required
Nice To Haves
- Progress toward or interest in obtaining relevant certifications (e.g., CISA, SAP Security, SAP GRC)
- Exposure to SAP audit processes and regulatory or compliance frameworks (e.g., SOX, GDPR)
- Familiarity with tools such as ServiceNow or HP ALM
- Awareness of emerging SAP technologies such as BTP, SAC, AI, or RPA
Responsibilities
- Supporting the design, configuration, and implementation of SAP Application Security and SAP GRC Access Control solutions across SAP environments
- Assisting with SAP transformation initiatives, including S/4HANA and cloud-based SAP solutions, under the guidance of managers and senior leaders
- Performing security role design, user provisioning, access reviews, and Segregation of Duties (SoD) analysis in alignment with defined risk frameworks
- Supporting SAP audit activities (internal and external), including evidence collection, issue remediation, and control documentation
- Collaborating with functional and technical stakeholders to gather requirements and document security-related processes
- Contributing to the development of deliverables, workpapers, and client-facing documentation
- Working effectively within onshore and offshore delivery models as part of a broader project team
- Staying current on SAP Security, GRC tools, and industry developments through training and on-the-job learning
Benefits
- medical and dental coverage
- pension and 401(k) plans
- a wide range of paid time off options
- flexible vacation policy
- designated EY Paid Holidays
- Winter/Summer breaks
- Personal/Family Care
- other leaves of absence
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
Education Level
Associate degree
