Sr. Product Manager

About The Position

Requirements

• Bachelor’s degree in Computer Science, Computer Information Systems or a related field (or foreign degree equivalent), plus eight (8) years of experience in the job offered, as a GRC and/or SAPSecurity professional, or in a related occupation.
• The position requires each of the following skills, which must have been gained through eight (8) years of experience:
• Experience with SAP application security across multiple platforms, including user and role administration, monitoring, and auditing for ECC, Security Weaver (Pathlock), GRC Access Control, GRC Process Control, and S/4HANA.
• Experience with operating system and database security.
• SAP Application Security Expertise: Experience across SAP ECC, S/4HANA, Security Weaver (Pathlock), GRC Access Control, and GRC Process Control, including user and role administration, monitoring, and auditing.
• Operating System & Database Security: Experience with Windows, Linux, and HANA database security principles, including hardening, encryption, and privileged access management.
• SAP HANA Database Security: Hands-on experience with HANA user and role management, analytic privileges, catalog roles, XS Advanced security, and audit policy configuration.
• SAP Licensing & Compliance: Experience with SAP user licensing models (Professional, Limited Professional, ESS, etc.), indirect access evaluation, and compliance reporting.
• SAP GRC Access Control: Experience with Access Risk Analysis (ARA), Emergency Access Management (EAM/Firefighter), Access Request Management (ARM), and Business Role Management (BRM), including rule set customization.
• SAP Process Control: Experience with implementation and maintenance of automated and manual controls, workflow configuration, control testing, and continuous monitoring aligned with compliance frameworks (SOX, ISO etc).
• Onapsis Platform: Hands-on experience with Onapsis for SAP vulnerability scanning, configuration assessment, transport analysis, and integration with SIEM tools for centralized threat monitoring.
• SOX & Audit Readiness: Experience with SOX compliance across OS, database, and SAP application layers, including logging, change control, and segregation of duties controls.
• Security Monitoring & Integration: Experience with security monitoring, logging, and forensic analysis, leveraging tools like SAP Security Audit Log, STAD, SM20.
• The position requires the following certification: SAP Security Certification.
• Position requires up to 15% domestic travel.

Responsibilities

• Responsible for strategic and operational user security tasks within NBCU.
• Design, develop, and maintain the company’s SAP user management and security architecture across multiple SAP environments in addition to providing solution recommendations.
• Exhibits sound, generally accepted principled judgment in solution planning to guide team members and ensure compliance with established procedures.
• Contribute to lending guidance and direction to other team members and ensure the technical competency of the team is maintained.
• Analyze and understand the current Roles and Access Restrictions from Audit standpoint and synchronize with existing GRC access management solution to provide a risk-free environment.
• Maintain, manage, and monitor compliance with the SAP IT Security framework.
• Tracking Internal Security Control (ISC) gaps and exceptions for the global IT control environment.
• Commitment to upholding government and corporate security guidelines, including Segregation of Duties (SoD), Sarbanes-Oxley (SOX) and Privacy related standards.
• Assist the Lead in developing and Implementing SAP security policies, processes, architecture, training, and communications.
• Identify security solutions, implementing standards and best practices, proactively identifying and remediating vulnerabilities.
• Responsible for SAP ERP, SAP BW, SAP PI, Fiori, Gateway, SAP S/4, SAP GRC, Access Violation Management and Regulation Management, SAP SRM, SAP HANA, SecurePro, Emergency Request, and Separation Enforcer Implementation in accordance with SAP Security Strategy and Administration/Troubleshooting the complex SAP Security Issues.
• Responsible for working with the solution architects and the business process owners to translate the business requirement into the SAP Security design and maintenance of the SAP Security Roles in SAP Systems.
• Assist in periodic control activities such as regular review of user access on monthly super user review, monthly and quarterly critical role review and quarterly user account review.
• Monitor and maintain IT user accounts, roles, and SAP licensing.
• Ensure that SAP security architecture is in line with the company’s policies and procedures.
• Facilitate internal and external audits as requested.
• Develop and deliver documentation and training as needed to ensure proper system usage and understanding.
• Review, assess, and implement quarterly SAP Security Notes and patches released by SAP to ensure systems remain compliant and protected against known vulnerabilities.
• Perform troubleshooting and root-cause analysis for complex authorization and access issues using SU53, SUIM, and system traces; collaborate with ABAP developers to identify and resolve code-level authorization conflicts.
• Conduct SAP License Auditing and ensure user classification accuracy to maintain licensing compliance and cost optimization.
• Coordinate periodic access review cycles, report results to control owners, and support remediation of identified gaps.
• Partner with audit and compliance teams to respond to internal and external audit requests, supporting SOX, GDPR, and privacy requirements.
• Participate in design of role-based and position-based security models ensuring least-privilege access and scalable maintenance.
• Evaluate and recommend emerging SAP Security and GRC technologies to enhance risk management and operational efficiency.
• Configure and support Security Weaver, Pathlock (Unify), or equivalent GRC tools for new business unit integrations and compliance automation.
• Collaborate closely with functional, technical, and audit teams to define, test, and validate access controls during system implementations and upgrades.

Benefits

• This position is eligible for company sponsored benefits, including medical, dental and vision insurance, 401(k), paid leave, tuition reimbursement, and a variety of other discounts and perks.