Specialist Identity & Access Management - SAP Security and Controls

About The Position

Requirements

• Minimum 5 - 7 years of experience in Identity & Access Management, Application Security, IAM Integrations and SAP Cloud Identity Services
• Minimum 5 years of experience in SAP Application role design
• Bachelor’s Degree in Computer Science, Information Systems, or an equivalent combination of education and relevant work experience.
• Adapt to evolving requirements and unexpected challenges within a fast‑paced SAP program environment.
• Communicates with impact across diverse audiences.
• Demonstrates accountability and ownership for deliverables.
• Exercises sound judgment in identifying, managing, and escalating risks.
• Results‑oriented, with a strong focus on quality and timely delivery.
• Ability to manage multiple concurrent assignments of moderate complexity.
• Strong problem‑solving skills, applying ingenuity and creativity.
• Detail‑oriented with a strong quality mindset.
• Produces clear, concise documentation tailored to various audiences.
• Strong time management, prioritization, and organizational skills.
• Able to think and act decisively under pressure.
• Works effectively with limited supervision while demonstrating a sense of urgency.
• Capable of resolving complex security issues through research and technical investigation.
• Demonstrates strong teamwork and collaboration skills, adapting communication style as needed.
• Application security knowledge across SAP ABAP and Fiori, SAP Cloud Applications, SAP Cloud Identity Services, SAP HANA, and SAP RISE environments.
• Strong functional and integration knowledge of Saviynt.
• Integration experience with ServiceNow, Active Directory, enterprise portals, RPA solutions, MFA, and SSO platforms.
• Experience integrating SAP systems with third‑party applications.
• Solid understanding of SOX requirements, ITGC frameworks, and audit methodologies related to access management.
• Knowledge of IAM processes, including user lifecycle management, provisioning, deprovisioning, and recertification.
• Familiarity with IAM tools, enterprise systems, and access governance principles.
• Strong analytical skills to identify, assess, and mitigate security risks.

Nice To Haves

• Experience with SAP Migrations (Greenfield and Brownfield) as well as RISE Migrations a plus

Responsibilities

• Serve as a trusted authority on Saviynt IGA functionality, configuration, and enterprise integrations, providing guidance to technical and business stakeholders.
• Design and monitor high‑quality integrations between Saviynt and systems including ServiceNow, Active Directory, SaaS and PaaS applications, and on‑premise target systems.
• Configure, maintain, and enhance identity integrations between SaaS/PaaS applications and SAP Cloud Identity Services, ensuring secure and reliable data flows.
• Oversee execution and be a subject matter expert for identity personas and identity-related data across connected systems (create, update, decommission).
• Oversee execution and be a subject matter expert for integrations with Active Directory, enterprise portals, RPA solutions, MFA, and SSO platforms.
• Oversee execution and be a subject matter expert for onboarding and integration of new target systems (cloud and on‑prem), to ensure integration patterns are secure, scalable, and compliant.
• Support user lifecycle management processes, including joiner, mover, and leaver (JML) workflows and automation.
• Support Saviynt Risk and Compliance capabilities, including Segregation of Duties (SoD) analysis, Critical Action monitoring, access certifications, and audit evidence generation.
• Direct and participate in unit testing, and support end‑to‑end functional validation of integrations and automation workflows.
• Design, build, unit test, and deploy SAP roles, translating functional business requirements into security technical role designs.
• Demonstrate comprehensive knowledge of various SAP security role types and authorization concepts.
• Possess hands-on experience with SAP Fiori Spaces and Pages.
• Utilize SAP Change Request Management (ChaRM) to manage security transports across SAP landscapes.
• Support security role design, modification, and lifecycle maintenance across multiple SAP platforms, modules, and SaaS and PaaS applications, including SAP Analytics Cloud, SAP Business Technology Platform (BTP), SAP Cloud ALM, SAP Cloud Identity Services, SAP Datasphere, SAP Enable Now, SAP HANA Databases, SAP Integrated Business Planning (IBP), SAP Signavio, and Vertex.
• Demonstrate a strong understanding user provisioning process in multiple SAP platforms and SaaS and PaaS applications, perform manual user provisioning steps when automated solutions are unavailable.
• Ensure SAP roles are free of unmitigated segregation of duties conflicts or critical action risks and align with least-privilege principle.
• Troubleshoot access issues, analyze authorization failures, and resolve security conflicts.
• Provide application security support for both on-premises SAP environments and SAP RISE solutions.
• Participate in testing cycles to validate access changes, role updates, and remediation activities.
• Possess hands-on experience with SAP Cloud Identity Services, including user authentication and user provisioning for SaaS and PaaS applications.
• Collaborate closely with technical, functional, data, risk, and control teams across SAP and IAM initiatives.
• Communicate effectively with both technical and non‑technical stakeholders, clearly explaining security concepts, design decisions, and recommendations.
• Manage incoming requirements, competing priorities, and deadlines using strong organizational and planning skills.
• Provide regular status updates, identify risks and roadblocks, and propose mitigation strategies.
• Support end‑user acceptance testing (UAT) and regression testing activities.
• Maintain current process documentation, control narratives, and audit evidence for assigned IAM controls.
• Contribute to the continuous improvement of IAM compliance procedures, templates, validation checklists, and operational standards.
• Promote knowledge sharing within the IAM team to strengthen audit readiness and control maturity.

Benefits

• Holidays follow Quebec statutory standards.