SAP GRC Security Lead Analyst

GENERAL DESCRIPTION OF POSITION

The SAP GRC Security Lead Analyst is crucial to business operations, as they focus on protecting SAP systems, applications, and sensitive business data from unauthorized access. As a SAP GRC Security Analyst, you will be involved in every stage of the application lifecycle, from design to deployment, and will be responsible for delivering comprehensive SAP security capabilities and solutions within the SAP landscape.

The SAP GRC Security Lead Analyst will serve as a lead with a strong background in SAP application security design, particularly in S/4HANA, S/4HANA Private Cloud, and RISE, in conjunction with SAP GRC, SAP BTP, and other non-SAP tools. This role will provide comprehensive knowledge of SAP security structure, user authentication methods, user access and authorization concepts, user activity monitoring, and audit/compliance reporting.

The SAP GRC Security Lead Analyst will provide foundational operational-layer security expertise, as well as strategic governance and support for risk management.

ESSENTIAL DUTIES AND RESPONSIBILITIES

• Lead and collaborate with a team of AMS SAP Security and GRC Analysts to build and implement robust security measures
• Responsible for designing, implementing, and supporting SAP Governance, Risk, and Compliance (GRC) solutions (specifically Access Control, Process Control, and Risk Management)
• Utilize available tools and applications to provide comprehensive SAP security capabilities, adhering to SAP best practices and industry standards
• Lead design and implementation of security capabilities (roles, profiles, authorization objects, etc.) as part of project teams, ensuring alignment with organizational goals
• Develop, maintain, and enhance a secure SAP environment, with a focus on continuous improvement and risk mitigation
• Oversee security aspects of system builds, upgrades, patching, client copies, and refreshes, validating compliance with security protocols
• Perform, monitor, and report on GRC compliance and audit trails, ensuring adherence to regulatory requirements
• Ensure best practices are followed when configuring Firefighter IDs (EAM), User Access Review (UAR) workflows, and user provisioning
• Perform regular system checks to identify potential security gaps and develop prevention action plans
• Support internal and external audits (SOX, GDPR, and organizational policies), guaranteeing systems adhere to regulatory standards and corporate security policies
• Respond to cyber attacks or breaches after a security incident by following the incident response plan and organizational procedures
• Perform any other related duties as required or assigned.
• The ability to handle stress and work well with others is an essential function of this position.
• Due to our obligation to provide continuous, reliable electric service to our customers, the ability to maintain regular and punctual attendance and the ability to work outside your regularly scheduled office hours when necessary are essential functions of the job

MINIMUM QUALIFICATIONS

Bachelor’s or Master’s degree in Computer Science, Information Systems, Cybersecurity, or a related field. Extensive practical experience

10 years of experience in SAP Security and GRC implementation and support

REQUIRED CERTIFICATES, LICENSES, REGISTRATIONS

SAP Certified Technology Associate: S/4HANA System Administration.

SAP Certified Application Associate: SAP GRC Access Control.

ENVIRONMENTAL CONDITIONS

The following work environment characteristics described here are representative of those an employee
encounters while performing essential functions of this job. Reasonable accommodations may be made
to enable individuals with disabilities to perform the essential functions.

The noise level in the work environment is usually moderate.

PHYSICAL ACTIVITIES

The following physical activities described here are representative of those that must be met by an
employee to successfully perform the essential functions of this job. Reasonable accommodations may
be made to enable individuals with disabilities to perform the essential functions and expectations.
Moderate diversity, low physical. Work activities which allow for a moderate amount of diversity in the
performance of tasks which are not as varied as those positions with high-level diversity and decision making.

While performing the functions of this job, the employee is continuously required to talk or hear;
regularly required to stand, walk, sit, use hands to finger, handle, or feel; and occasionally required to
reach with hands and arms, climb or balance, stoop, kneel, crouch, or crawl, taste or smell. The
employee must occasionally lift and/or move up to 50 pounds; frequently lift and/or move up to 10
pounds. Specific vision abilities required by this job include close vision; distance vision; color vision;
peripheral vision; depth perception; and ability to adjust focus. 

ADDITIONAL INFORMATION

Strong expertise in SAP GRC modules: Access Control, Process Control, Risk Management

Solid understanding of SAP Security concepts across ECC, S/4HANA, and Fiori

Knowledge of ERP control frameworks and regulatory requirements and standards such as SOX, GDPR, HIPAA, and ISO 27001..

Proficiency in SAP application security methodologies, role-based user authorization, access controls, and Segregation of Duties (SoD) concepts.

Hands‑on experience performing SoD analysis, role creation, and authorization design

Hands-on experience configuring GRC modules (Access Control, Process Controls, Risk Management)

Experience in SAP landscape security strategy, architecture, and supporting project implementations with SAP GRC, SAP BTP, and other security tools

Proficiency in SAP Vulnerability Assessment

Strong organizational skills to manage multiple priorities, deliverables, and project milestones

Excellent analytical, problem-solving, and communication skills

Experience as a SAP Security leader for IT projects with the ability to serve as a liaison between business units, technical teams, and external system integrators

Knowledge of applicable data privacy practices and laws.

Proficient in Microsoft Office, Teams, Outlook, and ITSM systems (ServiceNow, Jira, Remedy, etc.)