SAP Center of Excellence (COE) Senior Security / GRC Admin Expert

The Senior SAP S/4HANA Security & GRC Administrator is responsible for ensuring secure, compliant, and efficient access management across the SAP S/4HANA landscape within a sustain operations environment. The role manages user access, roles, authorizations, and Segregation of Duties (SoD) controls while maintaining compliance with internal policies, audit requirements, and regulatory standards through platforms such as SAP GRC Access Control and SAP Cloud Identity Access Governance. Acting as a subject matter expert for SAP Security and access governance, the position supports steady-state operations, change and release management, and continuous improvement initiatives to ensure business continuity and strong control effectiveness.

Goal of function:

Tasks*

1) Main tasks:

1. SAP Security Administration (S/4HANA Sustain)

• Manage end-to-end user lifecycle: provisioning, modification, and deprovisioning across S/4HANA and connected systems.
• Design, maintain, and optimize SAP roles and authorization concepts aligned with business processes and segregation of duties (SoD) principles.
• Perform role remediation and authorization troubleshooting for business users and support teams.
• Support transports related to security roles and authorization objects across environments (DEV, QA, PRD).
• Ensure security configuration stability and support during patching, upgrades, and release cycles.

2. SAP GRC & Compliance Management

• Administer SAP GRC Access Control (AC), including:
• Access Risk Analysis (ARA)
• Emergency Access Management (Firefighter)
• Access Request Management (ARM)
• Monitor and manage SoD conflicts and mitigation controls.
• Support internal and external audits by providing access reports, evidence, and remediation plans.
• Maintain compliance with SOX, GDPR, and internal IT controls.

3. SAP IAG (Cloud Identity Access Governance)

• Configure and maintain IAG for cloud and hybrid access governance.
• Integrate IAG with S/4HANA, Ariba, IBP, SAC, and BTP.
• Maintain cloud SoD rulesets and risk libraries.
• Automate cloud access provisioning workflows and approvals.

4. Operational Support & Incident Management

• Act as L3/L4 support for SAP Security and GRC-related incidents and problems.
• Investigate security-related issues and access failures impacting business processes.
• Perform root cause analysis and implement preventive controls.
• Participate in on-call or hyper care support as required during critical periods.

5. Change, Release & Continuous Improvement

• Participate in release management cycles to ensure security readiness for new functionality.
• Review functional changes for security and SoD impact.
• Propose and implement automation and simplification of access processes where possible.
• Maintain security documentation, role catalogues, and operating procedures.

6. Stakeholder & Vendor Collaboration

• Work closely with Functional Leads, Basis, Infrastructure, and Compliance teams.
• Coordinate with external partners (e.g., Accenture or AMS vendors) for aligned security operations.
• Act as trusted advisor on SAP Security and GRC topics for business and IT stakeholders.

2) Stakeholder Engagement

• Work closely with Functional Leads, Basis, Infrastructure, and Compliance teams.
• Coordinate with external partners (e.g., Accenture or AMS vendors) for aligned security operations.
• Act as trusted advisor on SAP Security and GRC topics for business and IT stakeholders.

3) Miscellaneous tasks:

As and when needed

Organization*

The function incumbent reports to:

Organizational unit:

GBS-ITS Integration lead

GBS ITS

Important internal interfaces:

Important external interfaces:

Please list cooperation with important departments, sites, subsidiaries etc.SAP COE workstreams

• PMO
• Global/Regional Business Process Owners
• Integration Teams
• Release Management teams
• Senior Leadership / Executive Steering Committees

Please list cooperation with important external companies, agencies, authorities etc.

• External communications agencies
• Consulting partners
• Technology vendors

Key Performance Indicators

Operational KPIs

• % of access requests delivered within SLA.
• Number of security-related incidents per month.
• Mean Time to Resolve (MTTR) for security issues.
• % of successful first-time-right role assignments.

Compliance KPIs

• Number of unresolved SoD conflicts.
• Audit findings related to access and controls (target: zero critical findings).
• Firefighter usage compliance (100% review and approval rate).
• % of completed periodic user access reviews on time.

Quality & Improvement KPIs

• Reduction in manual access provisioning through automation.
• Documentation accuracy and process adherence.
• Continuous improvement initiatives delivered per quarter

Qualifications, experience, know-how and skills critical for success*

1) Required training and education:

• Bachelor’s degree in computer science, Information Security, or related field (Master’s preferred).​

2) Required professional experience (in years):

• 9+ years of experience in SAP Security and GRC administration, with at least 3 years in a senior lead role.​
• Strong expertise in SAP S/4HANA security concepts.​
• Professional certifications such as SAP Certified Technology Associate (Security/GRC) is highly desirable.
• Proven experience across both on-premise and cloud SAP solutions.
• Hands-on experience with SAP IAG and hybrid GRC models.
• A hybrid SAP Security architect & hands-on expert
• Comfortable operating across S/4HANA, BTP, and multiple SAP SaaS solutions
• Strong in compliance and audit environments.
• Experienced in global role harmonization initiatives
• Capable of leading cloud access governance transformation using SAP IAG
• Proven track record in managing compliance frameworks (SOX, GDPR, ISO 27001 etc).​
• Experience in SAP application maintenance and development projects.​
• Familiarity with IT audit processes and risk management methodologies.

3) Important personal qualities:

• Strong communication skills to engage with business users, auditors, and IT teams.
• High attention to detail and risk awareness mindset.
• Ability to handle sensitive access data with integrity and discretion.
• Structured problem-solving and analytical thinking.
• Ability to work under pressure during critical incidents and audit cycles.
• Collaborative mindset to work across global and cross-functional teams.
• Proactive approach to identifying risks and improvement opportunities.

4) Other specialized knowledge:

a) Technical Knowledge

• SAP Security Architecture & Role Design: Advanced expertise in end-to-end role design, authorization concepts, Fiori security (Catalogs, Spaces & Pages), CDS/DCL, and SoD frameworks within SAP S/4HANA environments.
• Transport & Landscape Management: Proven experience managing security transports (roles, profiles, authorization objects) across DEV/QA/PRD landscapes, including release cycles, retrofit strategies, and upgrade/patch impact assessments.
• SAP GRC & Hybrid Access Governance: Deep expertise in administering SAP GRC Access Control (ARA, ARM, EAM/Firefighter, BRM), global SoD ruleset management, mitigation controls, audit support, and integration with SAP Cloud Identity Access Governance (IAG) for hybrid access governance.
• Cloud & BTP Security: Strong knowledge of SAP Business Technology Platform security including global accounts, subaccounts, role collections, IAS/IPS integration, trust configurations (SAML/OAuth2), principal propagation, and securing extension applications and APIs.
• SAP Cloud Applications Security: Hands-on security administration and data-level access control across SAP Integrated Business Planning (IBP), SAP Analytics Cloud (SAC), SAP Datasphere (DSP), and SAP Ariba, including integration security with S/4HANA.
• Identity, Integration & Compliance: Expertise in identity federation (IAS/IPS, enterprise IdPs), API/SCIM-based provisioning, cross-system role mapping, SOX & GDPR compliance, ITGC controls, access certifications, and automation of governance processes.

b) Languages

English (fluent); additional languages beneficial for global audience engagement.

c) IT Skills

• Governance execution
• Audit support capability
• Automation mindset
• Incident handling
• Analytical and problem-solving ability
• Strong analytical and problem-solving abilities​
• Excellent communication and stakeholder management

d) Product knowledge

SAP S/4HANA and associated business processes (preferred).

5 ) Special personal requirements:

Please list requirements such as willingness to travel or work weekends or shifts etc.

• Willingness to work across global time zones.
• Occasional travel depending on project needs