Job Description

DXC Technology (NYSE: DXC) helps global companies run their mission-critical systems and operations while modernizing IT, optimizing data architectures, and ensuring security and scalability across public, private, and hybrid clouds. The world’s largest companies and public sector organizations trust DXC to deploy services across the Enterprise Technology Stack to drive new performance levels, competitiveness, and customer experience. Learn more about how we deliver excellence for our customers and colleagues at DXC.com.

SAP Security/GRC administrator

The SAP Security & GRC Administrator is responsible for the design, implementation, and maintenance of the SAP security architecture across the entire landscape (S/4HANA, ECC, BTP, Fiori). This role ensures that user access is managed efficiently while maintaining strict adherence to SoD (Segregation of Duties) policies and regulatory requirements (SOX, GDPR, GxP). You will be the primary owner of the SAP GRC (Governance, Risk, and Compliance) suite.

Requirements

• GxP Mastery: Expert knowledge of FDA 21 CFR Part 11, EU Annex 11, and GAMP 5 guidelines.

• Experience: 7+ years in CSV, with at least 2 years in a leadership or coordination capacity within a regulated industry.

• System Knowledge: Experience validating platforms such as SAP S/4HANA, LIMS, QMS (TrackWise/Veeva), MES, or clinical trial systems.

• Cloud Compliance: Understanding of validating SaaS/Cloud solutions and managing the shared responsibility model

• Attention to Detail: An uncompromising eye for documentation quality and "audit-ready" evidence.

• Risk Management: Ability to apply ICH Q9 principles to scale validation efforts effectively (don't over-validate low-risk items).

• Communication: Ability to negotiate between IT (who want speed) and QA (who want compliance).

Key Responsibilities

• Role Management: Design, build, and maintain SAP roles (PFCG) using Task-based or Job-based methodologies (Single, Composite, and Derived roles).

• S/4HANA & Fiori Security: Manage Fiori catalogs, groups, and OData service authorizations.

• User Lifecycle: Oversee user provisioning, de-provisioning, and periodic access reviews.

• Cloud Security: Manage security for SAP BTP (sub-accounts, role collections) and cloud-based solutions like SuccessFactors or Ariba.

• Access Control (AC): Configure and maintain GRC modules: ARA (Access Risk Analysis), ARM (Access Request Management), EAM (Emergency Access Management / Firefighter), and BRM (Business Role Management).

• Risk Remediation: Identify and remediate SoD and critical action violations. Work with business process owners to define mitigating controls.

• Rule Set Management: Maintain and update the GRC Global Rule Set to reflect current business processes.

• Audit Support: Act as the lead technical contact for internal and external audits. Provide evidence, reports, and logs as requested.

• Monitoring: Perform regular system audits and security health checks (e.g., monitoring the Security Audit Log, EWA reports).

• Vulnerability Management: Monitor and apply SAP Security Notes (Patching) in collaboration with the Basis team.

Basic Qualifications

• Experience: 5+ years of hands-on experience in SAP Security and GRC.

• Platform Expertise: Deep knowledge of S/4HANA security and SAP GRC 12.0 (on-premise or cloud).

• Database: Experience with HANA DB user management and analytical privileges.

• Analytical Mindset: Ability to trace complex authorization errors (SU53, ST01) and identify root causes.

• Ethical Integrity: A high degree of discretion, as you will have access to sensitive data and "God-mode" credentials.

• Detail-Oriented: Zero tolerance for sloppy role design that could lead to audit findings.

Preferred Certifications

• SAP Certified Technology Associate – SAP System Security and Authorizations.

• SAP Certified Application Associate – SAP GRC Access Control.

• CISA (Certified Information Systems Auditor) is a significant advantage.

Physical Requirements / Work Environment

• Project location Budapest - Hybrid

• Ability to participate in virtual meetings across multiple time zones.

#LI-hybrid

At DXC Technology, we believe strong connections and community are key to our success. Our work model prioritizes in-person collaboration while offering flexibility to support wellbeing, productivity, individual work styles, and life circumstances. We’re committed to fostering an inclusive environment where everyone can thrive.

Recruitment fraud is a scheme in which fictitious job opportunities are offered to job seekers typically through online services, such as false websites, or through unsolicited emails claiming to be from the company. These emails may request recipients to provide personal information or to make payments as part of their illegitimate recruiting process. DXC does not make offers of employment via social media networks and DXC never asks for any money or payments from applicants at any point in the recruitment process, nor ask a job seeker to purchase IT or other equipment on our behalf. More information on employment scams is available here