SAP Security / GRC - Roles, Authorizations, Compliance

About The Position

Requirements

• 3-7 years of SAP security and authorization experience.
• 3+ years of direct SAP GRC experience.
• Proven experience supporting enterprise SAP security and compliance initiatives.
• Strong understanding of SAP authorization concepts and governance frameworks.
• Experience with SAP role design and authorization management.
• Experience with SAP GRC Access Control.
• Experience with Segregation of Duties (SoD) analysis.
• Experience with SAP Fiori and cloud security.
• Experience with security audits and compliance processes.
• Knowledge of SAP authorization objects.
• Understanding of security architecture principles.
• Familiarity with IAM and SSO technologies.
• Knowledge of audit and regulatory compliance requirements.
• Understanding of SAP transport and change management processes.
• Experience with SAP S/4HANA.
• Experience with SAP BTP.
• Experience with SAP BRIM.
• Experience with SAP HCM/SuccessFactors.
• Familiarity with identity federation and MFA solutions.
• Strong analytical and security troubleshooting abilities.
• Bachelor’s degree in Information Security, Information Technology, Computer Science, Information Systems, or a related technical discipline.

Nice To Haves

• Experience with Azure Active Directory, Okta or enterprise IAM platforms.
• Experience with SAP Cloud Identity Services.
• Experience with SAP Solution Manager or SAP Cloud ALM.
• Experience with Cloud-native SAP environments.
• Experience in utilities, transportation, finance, manufacturing, public sector, or large enterprise environments.
• Experience supporting Agile and DevOps delivery methodologies.
• Prior consulting or contractor experience in enterprise SAP environments.
• SAP Certified Technology Associate - SAP System Security Architect.
• SAP Certified Technology Associate - SAP Authorization and Auditing.
• SAP GRC certifications.
• SAP S/4HANA security certifications.
• Certified Information Systems Security Professional (CISSP).
• Certified Information Security Manager (CISM).
• Certified Information Systems Auditor (CISA).
• Identity and access management certifications.

Responsibilities

• Design, configure, and maintain SAP security roles, profiles, and authorizations across SAP environments including SAP S/4HANA, SAP BRIM, SAP FI-CA, SAP HCM/SuccessFactors, SAP BW/4HANA, SAP Datasphere, SAP Fiori, and SAP BTP.
• Ensure secure and scalable access management aligned with enterprise policies and business requirements.
• Manage composite roles, derived roles, Fiori catalogs and groups, and authorization objects.
• Support user provisioning, access requests, and role lifecycle management processes.
• Troubleshoot authorization issues and perform root cause analysis for access-related incidents.
• Administer SAP GRC Access Control, including Access Risk Analysis (ARA), Emergency Access Management (EAM), Business Role Management (BRM), and Access Request Management (ARM).
• Manage Segregation of Duties (SoD) and sensitive access controls.
• Ensure audit readiness and regulatory compliance.
• Develop and maintain SoD rulesets and mitigation controls.
• Support audit reviews, compliance assessments, access certifications, and regulatory reporting.
• Ensure compliance with enterprise policies, cybersecurity standards, and regulatory frameworks.
• Support remediation activities related to audit findings and access risks.
• Monitor SAP environments for security and authorization-related risks.
• Support security assessments, vulnerability management, and remediation initiatives.
• Participate in incident response and security investigations involving SAP systems.
• Assist with the implementation of security best practices and operational controls.
• Support integrations between SAP security frameworks and enterprise IAM platforms.
• Assist with Single Sign-On (SSO), Multi-Factor Authentication (MFA), and identity federation implementations.
• Configure and maintain security for SAP Fiori applications, SAP Business Technology Platform (BTP), APIs, OData services, and cloud integrations in hybrid SAP landscapes.
• Perform security testing, access validation, role testing, and SoD analysis and remediation testing.
• Validate role changes, authorization updates, and compliance controls.
• Support user acceptance testing (UAT) and production deployment validation.
• Develop and maintain security design documents, role matrices, compliance documentation, and operational procedures.
• Support governance, change management, and release management activities.
• Ensure adherence to enterprise security and compliance standards.
• Provide guidance and training related to SAP security and compliance processes.
• Support business users and technical teams with access management processes.
• Mentor junior security analysts and support personnel.

Benefits

• Equal opportunity employer