SAP Security and GRC Lead Consultant

Job Summary

Senior Lead — SAP Security & GRC

Enterprise S/4HANA Digital Transformation Program

Position Title: Lead Consultant— SAP Security & GRC** Program:** Enterprise Digital Transformation — S/4HANA Implementation** Location:** Hybrid / Remote** Duration:12–18 months (with extension based on rollout timeline) Reports To:** Security & GRC Architect** Band/Level:** Lead Consultant

1.

Role Context:

The SAP Security & GRC Lead Consultant is responsible for designing, implementing, and managing SAP security and Governance, Risk, and Compliance (GRC) solutions to ensure secure, compliant, and efficient access to SAP systems across the enterprise. Managing SSO using Identity Authentication Service and provisioning between IAS & BTP using Identity Provisioning service. Designing and implementing GRC AC Firefighter workflow and ruleset.

2.

Key Responsibilities:

Security Administration

• Design and implement role-based access control (RBAC), including business roles, technical roles, derived and composite roles, Fiori catalogs, and OData service authorizations.

• Ensure Segregation of Duties (SoD) compliance across the landscape.

• Expertise in S/4HANA on-premises security design and implementation, aligned with SOX requirements, including mapping to GRC risk rules and access request workflows.

• Perform ruleset design, risk analysis execution, and remediation planning.

• Conduct role remediation in line with compliance requirements.

GRC Access Control:

• SAP GRC Access Control (AC), Emergency access Management implementation experience. Setting up Workflow, Firefighter ID, Owner and controller.

• Define and maintain risk rulesets as per the compliance requirements.

• Perform risk analysis on User and role and able to do remediation.

• Establish mitigation controls across S/4 Hana and documentation

IAM Integration

• Integration of GRC Access control, S/4 Hana, BTP and S/4 Hana private cloud with IAM solution i.e. Saviynt which is used for Joiner, leave and mover process.

BTP

• Configure users and role collections at the BTP subaccount level and manage access to applications deployed within the subaccount.

• Experience with SAP Cloud Identity Services (IAS/IPS), including setting up identity directories.

• Configure SSO, conditional authentication, enable federation with corporate Id Ps (e.g., Azure AD) via IAS.

• Set up Identity Provisioning Service (IPS) integrations between:

CIS ↔ BTP

CIS ↔ Success Factors

• Enable automated user provisioning and access assignment within SAP BTP.

Key Responsibilities

1. Design, configure, and administer sap security grc (governance, risk, and compliance) solutions.

2. Conduct regular security assessments, audits, and reviews to identify and mitigate risks.

3. Collaborate with cross functional teams to implement security best practices and policies.

4. Provide expertise in resolving security incidents and implementing security patches and upgrades.

5. Develop and deliver training programs to educate users on security protocols and procedures.

Skill Requirements

1. Proficiency in sap security grc administration, including user access controls, role maintenance, and security policies.

2. Strong knowledge of sap grc tools such as access control, process control, and risk management.

3. Experience in designing and implementing security solutions within sap landscapes.

4. Ability to analyze complex security issues and provide effective solutions.

5. Excellent communication and interpersonal skills to collaborate with stakeholders at all levels.

Other Requirements

1.SAP Certified Technology Associate SAP Security and Authorizations