SAP SecurityGRC administrator

Job Description:

DXC Technology (NYSE: DXC) helps global companies run their mission-critical systems and operations while modernizing IT optimizing data architectures and ensuring security and scalability across public private and hybrid clouds. The worlds largest companies and public sector organizations trust DXC to deploy services across the Enterprise Technology Stack to drive new performance levels competitiveness and customer experience. Learn more about how we deliver excellence for our customers and colleagues at .

SAP Security/GRC administrator

The SAP Security & GRC Administrator is responsible for the design implementation and maintenance of the SAP security architecture across the entire landscape (S/4HANA ECC BTP Fiori). This role ensures that user access is managed efficiently while maintaining strict adherence to SoD (Segregation of Duties) policies and regulatory requirements (SOX GDPR GxP). You will be the primary owner of the SAP GRC (Governance Risk and Compliance) suite.

Requirements

• GxP Mastery: Expert knowledge of FDA 21 CFR Part 11 EU Annex 11 and GAMP 5 guidelines.

• Experience: 7 years in CSV with at least 2 years in a leadership or coordination capacity within a regulated industry.

• System Knowledge: Experience validating platforms such as SAP S/4HANA LIMS QMS (TrackWise/Veeva) MES or clinical trial systems.

• Cloud Compliance: Understanding of validating SaaS/Cloud solutions and managing the shared responsibility model

• Attention to Detail: An uncompromising eye for documentation quality and audit-ready evidence.

• Risk Management: Ability to apply ICH Q9 principles to scale validation efforts effectively (dont over-validate low-risk items).

• Communication: Ability to negotiate between IT (who want speed) and QA (who want compliance).

Key Responsibilities

• Role Management: Design build and maintain SAP roles (PFCG) using Task-based or Job-based methodologies (Single Composite and Derived roles).

• S/4HANA & Fiori Security: Manage Fiori catalogs groups and OData service authorizations.

• User Lifecycle: Oversee user provisioning de-provisioning and periodic access reviews.

• Cloud Security: Manage security for SAP BTP (sub-accounts role collections) and cloud-based solutions like SuccessFactors or Ariba.

• Access Control (AC): Configure and maintain GRC modules: ARA (Access Risk Analysis) ARM (Access Request Management) EAM (Emergency Access Management / Firefighter) and BRM (Business Role Management).

• Risk Remediation: Identify and remediate SoD and critical action violations. Work with business process owners to define mitigating controls.

• Rule Set Management: Maintain and update the GRC Global Rule Set to reflect current business processes.

• Audit Support: Act as the lead technical contact for internal and external audits. Provide evidence reports and logs as requested.

• Monitoring: Perform regular system audits and security health checks (e.g. monitoring the Security Audit Log EWA reports).

• Vulnerability Management: Monitor and apply SAP Security Notes (Patching) in collaboration with the Basis team.

Basic Qualifications

• Experience: 5 years of hands-on experience in SAP Security and GRC.

• Platform Expertise: Deep knowledge of S/4HANA security and SAP GRC 12.0 (on-premise or cloud).

• Database: Experience with HANA DB user management and analytical privileges.

• Analytical Mindset: Ability to trace complex authorization errors (SU53 ST01) and identify root causes.

• Ethical Integrity: A high degree of discretion as you will have access to sensitive data and God-mode credentials.

• Detail-Oriented: Zero tolerance for sloppy role design that could lead to audit findings.

Preferred Certifications

• SAP Certified Technology Associate SAP System Security and Authorizations.

• SAP Certified Application Associate SAP GRC Access Control.

• CISA (Certified Information Systems Auditor) is a significant advantage.

Physical Requirements / Work Environment

• Project location Budapest - Hybrid

• Ability to participate in virtual meetings across multiple time zones.

#LI-hybrid

At DXC Technology we believe strong connections and community are key to our success. Our work model prioritizes in-person collaboration while offering flexibility to support wellbeing productivity individual work styles and life circumstances. Were committed to fostering an inclusive environment where everyone can thrive.

Recruitment fraud is a scheme in which fictitious job opportunities are offered to job seekers typically through online services such as false websites or through unsolicited emails claiming to be from the company. These emails may request recipients to provide personal information or to make payments as part of their illegitimate recruiting process. DXC does not make offers of employment via social media networks and DXC never asks for any money or payments from applicants at any point in the recruitment process nor ask a job seeker to purchase IT or other equipment on our information on employment scams is availablehere.