SAP GRC / Audit / Risk Management

Job Description:

At DXC Technology we believe strong connections and community are key to our success. Our work model prioritizes in-person collaboration while offering flexibility to support wellbeing productivity individual work styles and life circumstances. Were committed to fostering an inclusive environment where everyone can thrive.

The SAP GRC Consultant is responsible for designing implementing and supporting SAP Governance Risk and Compliance (GRC) solutions to strengthen internal controls risk management user access governance and compliance reporting. The consultant will work closely with security audit and business stakeholders to ensure regulatory adherence (SOX IFRS ISO local compliance) and alignment with enterprise risk management frameworks.

Key Process & Technical Knowledge

The consultant should have strong expertise in:

SAP GRC Access Control (AC):

• User Access Management (UAR).
• Emergency Access Management (EAM / Firefighter).
• Access Risk Analysis (ARA).
• Business Role Management (BRM).

SAP GRC Process Control (PC):

• Control design documentation monitoring and testing.
• Continuous Control Monitoring (CCM).
• Policy management & workflow.

SAP GRC Risk Management (RM):

• Enterprise Risk Management framework configuration.
• Risk assessment methodologies.
• Key Risk Indicators (KRIs).

SAP Audit Management (AM):

• Planning and execution of audit engagements.
• Integration with risk and process control.
• Audit reporting and follow-up tracking.

Integration Skills:

• SAP GRC with SAP S/4HANA security concepts.
• Interfaces with Identity Management (IDM) and LDAP/AD.
• Understanding of SoD (Segregation of Duties) frameworks.

Key Responsibilities

• Conduct requirement gathering workshops with Audit Risk Compliance and IT Security teams.
• Configure and support GRC Access Control Process Control Risk Management and Audit Management modules.
• Perform SoD analysis remediation and mitigating control design.
• Implement workflow automation for user provisioning and access approvals.
• Support business role design and access governance.
• Enable continuous monitoring of controls and risks in SAP and non-SAP environments.
• Provide expertise during internal and external audits.
• Deliver end-user and key-user training on SAP GRC functionalities.
• Work closely with Basis and Security teams to ensure compliance with corporate IT policies.
• Support cutover hypercare and ongoing compliance operations.

Required Qualifications & Skills

Education & Certifications

• Bachelors degree in Information Systems Computer Science Finance or related field.
• SAP GRC Certification (preferred).
• CISA CISM CRISC or similar audit/security certifications (advantage).

Experience

• 58 years in SAP Security & Compliance with minimum 3 years in SAP GRC.
• Hands-on implementation/support in Access Control at least one of PC/RM/AM.
• Experience with SoD rule set customization and remediation.
• Exposure to compliance frameworks like SOX GDPR ISO 27001 NCA/NCA ECC.

Technical Skills

• Strong knowledge of SAP authorization concepts (roles profiles SUIM SU24 PFCG).
• Expertise in GRC workflow BRF MSMP configuration.
• Understanding of connector setup between GRC and SAP systems.
• Familiarity with audit and risk management best practices.

Soft Skills

• Strong analytical and problem-solving skills.
• Excellent communication for engaging business audit and IT teams.
• Ability to work under compliance pressure and deadlines.

At DXC Technology we believe strong connections and community are key to our success. Our work model prioritizes in-person collaboration while offering flexibility to support wellbeing productivity individual work styles and life circumstances. Were committed to fostering an inclusive environment where everyone can thrive.

Recruitment fraud is a scheme in which fictitious job opportunities are offered to job seekers typically through online services such as false websites or through unsolicited emails claiming to be from the company. These emails may request recipients to provide personal information or to make payments as part of their illegitimate recruiting process. DXC does not make offers of employment via social media networks and DXC never asks for any money or payments from applicants at any point in the recruitment process nor ask a job seeker to purchase IT or other equipment on our information on employment scams is availablehere.