Job Description

• Support ongoing SAP GRC initiatives, including ruleset governance, Segregation of Duties (SoD) analysis, and compliance reporting.
• Review, maintain, and enhance SAP GRC rulesets to align with evolving business processes and organizational requirements.
• Refine authorization object and field-level ruleset logic to minimize false positives while maintaining comprehensive risk coverage.
• Analyze security risks and recommend improvements to strengthen SAP controls and compliance posture.

• Review and evaluate SAP access requests to ensure appropriate role assignments and adherence to the principle of least privilege.
• Assess and validate mitigating controls to confirm they effectively address identified access and compliance risks.
• Identify security and compliance risks associated with system enhancements, projects, and business process changes.
• Partner with business and IT stakeholders to implement appropriate controls and risk mitigation strategies.

• Support internal and external audits by gathering, analyzing, and providing required security and compliance documentation.
• Prepare reports and metrics related to SAP security, access controls, SoD conflicts, and compliance activities.
• Assist with ongoing monitoring and remediation of compliance findings and security risks.

• Serve as a trusted advisor to business partners and IT teams on SAP security and compliance matters.
• Communicate complex security concepts to non-technical stakeholders and provide guidance on appropriate access solutions.
• Mentor junior team members and contribute to continuous improvement initiatives within the SAP security and compliance function.

• Bachelor's degree in Information Systems, Computer Science, Accounting, Finance, or a related field, or an equivalent combination of education and experience.
• 5+ years of experience in information security, SAP security, compliance, or related disciplines.
• 3+ years of direct hands-on experience with SAP GRC and/or SAP Security.
• Strong experience administering and supporting SAP GRC Access Control.
• Solid understanding of SAP authorization concepts, authorization objects, roles, profiles, and transaction codes (T-codes).
• Experience supporting SAP modules including:
  • Extended Warehouse Management (EWM)
  • Treasury Management (TML)
  • Finance (FI)
  • Materials Management (MM)
  • Global Trade Services (GTS)
  • Human Resources (HR)
• Proven ability to analyze complex business processes and identify security, compliance, and control risks.
• Strong communication and interpersonal skills with the ability to influence stakeholders and explain access-related decisions.
• Experience working with auditors, compliance teams, and risk management functions.

• Experience with SAP Ariba or other procurement platforms.
• Knowledge of SAP S/4HANA security concepts and best practices.
• Experience with SAP audit, compliance, and risk management frameworks.
• Prior experience mentoring team members or leading security/compliance initiatives.

• Maintaining a secure and compliant SAP environment.
• Reducing unnecessary SoD conflicts and false positives.
• Ensuring timely and effective access reviews and risk mitigation.
• Building strong partnerships between IT, security, audit, and business stakeholders.
• Supporting successful internal and external audit outcomes.