SAP GRC Analyst SAP Security Analyst

We are seeking an experienced SAP GRC Analyst to serve as the critical link between IT and business stakeholders ensuring a secure compliant and scalable SAP environment.

This role is responsible for supporting SAP Governance Risk and Compliance (GRC) initiatives conducting security and compliance assessments and helping to identify evaluate and mitigate access and segregation of duties (SoD) risks across the organization.

The ideal candidate will possess strong SAP GRC Access Control expertise a deep understanding of SAP security concepts and the ability to collaborate effectively with both technical and business teams.

Key Responsibilities

SAP GRC Governance & Ruleset Management

• Support ongoing SAP GRC initiatives including ruleset governance Segregation of Duties (SoD) analysis and compliance reporting.
• Review maintain and enhance SAP GRC rulesets to align with evolving business processes and organizational requirements.
• Refine authorization object and field-level ruleset logic to minimize false positives while maintaining comprehensive risk coverage.
• Analyze security risks and recommend improvements to strengthen SAP controls and compliance posture.

Access Control & Risk Management

• Review and evaluate SAP access requests to ensure appropriate role assignments and adherence to the principle of least privilege.
• Assess and validate mitigating controls to confirm they effectively address identified access and compliance risks.
• Identify security and compliance risks associated with system enhancements projects and business process changes.
• Partner with business and IT stakeholders to implement appropriate controls and risk mitigation strategies.

Audit Compliance & Reporting

• Support internal and external audits by gathering analyzing and providing required security and compliance documentation.
• Prepare reports and metrics related to SAP security access controls SoD conflicts and compliance activities.
• Assist with ongoing monitoring and remediation of compliance findings and security risks.

Collaboration & Leadership

• Serve as a trusted advisor to business partners and IT teams on SAP security and compliance matters.
• Communicate complex security concepts to non-technical stakeholders and provide guidance on appropriate access solutions.
• Mentor junior team members and contribute to continuous improvement initiatives within the SAP security and compliance function.

Required Qualifications

• Bachelors degree in Information Systems Computer Science Accounting Finance or a related field or an equivalent combination of education and experience.
• 5 years of experience in information security SAP security compliance or related disciplines.
• 3 years of direct hands-on experience with SAP GRC and/or SAP Security.
• Strong experience administering and supporting SAP GRC Access Control.
• Solid understanding of SAP authorization concepts authorization objects roles profiles and transaction codes (T-codes).
• Experience supporting SAP modules including:
  • Extended Warehouse Management (EWM)
  • Treasury Management (TML)
  • Finance (FI)
  • Materials Management (MM)
  • Global Trade Services (GTS)
  • Human Resources (HR)
• Proven ability to analyze complex business processes and identify security compliance and control risks.
• Strong communication and interpersonal skills with the ability to influence stakeholders and explain access-related decisions.
• Experience working with auditors compliance teams and risk management functions.

Preferred Qualifications

• Experience with SAP Ariba or other procurement platforms.
• Knowledge of SAP S/4HANA security concepts and best practices.
• Experience with SAP audit compliance and risk management frameworks.
• Prior experience mentoring team members or leading security/compliance initiatives.

What Success Looks Like

• Maintaining a secure and compliant SAP environment.
• Reducing unnecessary SoD conflicts and false positives.
• Ensuring timely and effective access reviews and risk mitigation.
• Building strong partnerships between IT security audit and business stakeholders.
• Supporting successful internal and external audit outcomes.