Job Summary

Senior Lead — SAP Security & GRC

Enterprise S/4HANA Digital Transformation Program

 

Position Title: Lead Consultant— SAP Security & GRC Program: Enterprise Digital Transformation — S/4HANA Implementation Location: Hybrid / Remote Duration: 12–18 months (with extension based on rollout timeline) Reports To: Security & GRC Architect Band/Level: Lead Consultant

 

1. Role Context

The SAP Security & GRC Lead Consultant is responsible for designing, implementing, and managing SAP security and Governance, Risk, and Compliance (GRC) solutions to ensure secure, compliant, and efficient access to SAP systems across the enterprise. Managing SSO using Identity Authentication Service and provisioning between IAS & BTP using Identity Provisioning service. Designing and implementing GRC AC Firefighter workflow and ruleset.

 

2. Key Responsibilities

Security Administration

• Design and implement role-based access control (RBAC), including business roles, technical roles, derived and composite roles, Fiori catalogs, and OData service authorizations.
• Ensure Segregation of Duties (SoD) compliance across the landscape.
• Expertise in S/4HANA on-premises security design and implementation, aligned with SOX requirements, including mapping to GRC risk rules and access request workflows.
• Perform ruleset design, risk analysis execution, and remediation planning.
• Conduct role remediation in line with compliance requirements.

 

GRC Access Control

 

• SAP GRC Access Control (AC), Emergency access Management implementation experience. Setting up Workflow, Firefighter ID, Owner and controller.
• Define and maintain risk rulesets as per the compliance requirements.
• Perform risk analysis on User and role and able to do remediation.
• Establish mitigation controls across S/4 Hana and documentation

 

IAM Integration

 

• Integration of GRC Access control, S/4 Hana, BTP and S/4 Hana private cloud with IAM solution i.e. Saviynt which is used for Joiner, leave and mover process.

 

BTP

• Configure users and role collections at the BTP subaccount level and manage access to applications deployed within the subaccount.
• Experience with SAP Cloud Identity Services (IAS/IPS), including setting up identity directories.
• Configure SSO, conditional authentication, enable federation with corporate IdPs (e.g., Azure AD) via IAS.
• Set up Identity Provisioning Service (IPS) integrations between:

    CIS ↔ BTP

    CIS ↔ SuccessFactors

• Enable automated user provisioning and access assignment within SAP BTP.

 

Key Responsibilities

1. Implement and manage sap security grc solutions to ensure alignment with business requirements and compliance standards.
2. Develop and maintain access controls, user roles, and authorization management within sap systems.
3. Monitor and analyze sap security logs, assess risks, and implement corrective actions to mitigate potential threats.
4. Collaborate with cross functional teams to integrate security measures into sap solutions and enhance overall security posture.
5. Conduct regular security assessments, audits, and remediation activities to uphold sap security best practices.
6. Provide guidance and support to internal stakeholders on sap security policies, procedures, and processes.

Skill Requirements

1. Proficiency in sap security governance, risk, and compliance (grc) administration.
2. In-depth knowledge of sap security concepts, including role design, authorization objects, and user provisioning.
3. Experience with implementing and managing sap grc access control, process control, and risk management modules.
4. Strong analytical and problem-solving skills to identify security vulnerabilities and implement effective solutions.
5. Excellent communication and interpersonal skills to collaborate with teams and communicate security requirements effectively.

Other Requirements

1.SAP Certified Technology Associate SAP Authorization and Auditing for SAP NetWeaver (if applicable)