IT SAP Security Engineer

Job Description:

General Summary:

The SAP Security Analyst Role Design & SailPoint will be responsible for the day-to-day management of SAP user access security role design and governance processes across the AM region. This includes provisioning SAP accounts collaborating with functional teams on secure access design and supporting identity lifecycle management using SailPoint. The analyst will ensure the integrity and compliance of SAP S/4HANA access while providing support for audits access reviews and segregation of duties (SoD) monitoring.

Job Summary:

This position plays a vital role in maintaining secure and compliant SAP environments by designing administering and reviewing access controls. The ideal candidate will have a deep understanding of SAP security concepts (roles authorizations profiles) and hands-on experience with role provisioning GRC tools and identity governance platforms such as SailPoint. The analyst will also support global and regional initiatives participate in SAP rollout projects and contribute to continuous improvement in SAP security processes.

Job Responsibilities:

• Design and maintain SAP security roles (single composite derived) for SAP S/4HANA and related systems.
• Support new project rollouts security role mapping and SoD (Segregation of Duties) compliance.
• Collaborate with functional leads to define access requirements and translate them into secure role concepts.
• Partner with the Identity & Access Management (IAM) team to support SailPoint provisioning workflows.
• Manage day-to-day user provisioning and de-provisioning for all AM Region SAP accounts ensuring timely and accurate access.
• Conduct periodic access reviews audit support and remediation of identified risks.
• Provide technical guidance for GRC ruleset maintenance and SoD analysis.
• Develop documentation for security design user provisioning processes and governance procedures.
• Perform user and role analysis to identify redundant obsolete or excessive access.
• Investigate and resolve access issues violations or user provisioning errors.
• Stay updated on SAP security trends tools and regulatory changes impacting access control.
• Provide support during go-live cutovers and critical production support windows.

Qualifications:

Knowledge Skills and Abilities:

• Strong understanding of SAP authorization concepts and role-based access control.
• Ability to manage high-volume provisioning and support multiple SAP environments.
• Experience supporting manufacturing or regulated industries preferred.
• Strong communication skills for collaboration with business users and audit teams.
• Familiarity with IT general controls SOX compliance and access certification processes.
• Ability to prioritize and manage multiple tasks in a fast-paced environment.
• Experience working in international or global teams is a plus.

Technical Skills:

• Hands-on experience in SAP Security for S/4HANA Fiori and ECC systems.
• Proficiency in SAP authorization objects PFCG role maintenance SUIM ST01 SU53 and SU24.
• Experience with SAP GRC Access Control (ARA BRM ARM).
• Experience with SailPoint IdentityNow or other Identity Governance tools.
• Familiarity with ticketing systems like ServiceNow or SAP Solution Manager.
• Understanding of SAP modules such as MM SD PP and FICO from a security perspective.

Education: Bachelors degree in business Engineering Computer Science Information Systems or related field.

Experience:

• Minimum 5 years of experience in SAP Security administration.
• At least 2 years of experience with S/4HANA security and/or Fiori applications.
• Experience with SailPoint Identity Governance tools highly preferred.
• Experience supporting SAP implementations and working on project teams.
• Audit and compliance support experience is a plus.

Working Conditions

• Open to travel up to 30% including extended stays for project implementation.
• Ability to work in a professional setting adhering to company and regulatory safety requirements.
• Work in a safe and professional manner while adhering to all regulatory requirements (OSHA EPA State and Federal regulations etc.).
• Comprehend and adhere to management directions and/or safety instructions with no restrictions.
• Effectively communicate in Business English language.

Location: Close to at least one of the US plants is highly desirable

Equal Opportunity Employer (EOE) Qualified applicants will receive consideration without regard to their race color religion sex sexual orientation gender identity disability protected veteran status and national origin.

At Astemo were challenging the status quo with the power of diversity inclusion and collaboration. Our goal is to build an inclusive work environment that celebrates the differences of our employees. We want to ensure that every employee feels valued respected and empowered. We dont just accept differencewe celebrate it we support it and we thrive on it for the benefit of our employees our products and our community. Astemo is proud to be an equal opportunity employer.

If you need a reasonable accommodation to apply for a job at Astemo please send the nature of the request and contact information to when applying for the position.