METRO AG - Assistant Manager - SAP GRC Module

Responsibilities

• Monitor and review user access controls for SAP and non-SAP applications to ensure compliance with organizational policies and regulatory standards (e.g., SOX, GDPR).
• Manage user access provisioning, modification, and revocation processes to ensure appropriate authorization levels and prevent unauthorized access.
• Conduct regular access reviews and certification campaigns involving business stakeholders to validate user access rights.
• Identify and resolve Segregation of Duties (SoD) conflicts and access risks through remediation and risk acceptance processes.
• Collaborate with IT, security teams, and business units to enforce IT compliance policies and implement controls related to user access management.
• Develop and maintain compliance monitoring reports and dashboards for management review.
• Support internal and external audits by providing documentation, evidence, and responses related to user access controls and compliance status.
• Assist in the development and enhancement of policies, procedures, and workflows around access management.
• Lead and mentor junior team members in compliance monitoring activities and user access governance.
• Stay updated with industry best practices, regulatory changes, and emerging trends in IT compliance and user access Qualifications :
• Bachelors degree in Information Technology, Computer Science, or related field.
• Minimum 9 years of experience in IT compliance, audit, or governance roles with a focus on SAP and non-SAP user access management.
• Strong understanding of IT control frameworks such as SOX, COBIT, ISO 27001, and knowledge of ITGC (IT General Controls).
• Hands-on experience with SAP GRC (Governance, Risk, and Compliance) tools or equivalent SAP security tools.
• Familiarity with non-SAP systems access management and compliance monitoring tools.
• Experience in managing access reviews, SoD conflict analysis, and remediation.
• Knowledge of user provisioning tools (e.g., SailPoint, Oracle Identity Manager) is a plus.
• Excellent analytical, problem-solving, and communication skills.
• Ability to work independently and collaboratively in a fast-paced Information :
  

Preferred Skills

• Certifications such as CISA, CISM, or SAP Security certification.
• Experience working with global or multi-location organizations.
• Strong stakeholder management and presentation skills.