SAP GRC Administrator

We are seeking a seasoned SAP GRC Administrator with hands on experience in implementing and managing SAP GRC Access Control solutions. The ideal candidate will have a strong understanding of Segregation of Duties (SoD) principles and SOX compliance requirements, along with expertise in configuring GRC components such as MSMP workflows, BRF+ rules, and LDAP integration. Experience in the manufacturing industry is essential, with a focus on production system integration, audit readiness, and operational risk management

Roles and Responsibilities:

• Experience in requirement gathering, design, development, and maintenance of SAP GRC Components.
• Configure and customize MSMP workflows and BRF+ rules to support business processes.
• Implement and manage Emergency Access Management (EAM) including firefighter ID setup and monitoring.
• Ensure proper logging and review mechanisms for FF IDs.
• Design and implement Compensating and Mitigation Controls to address SoD conflicts.
• Develop and maintain Custom Risk IDs and integrate them into the risk analysis framework.
• Configure Rulesets for access risk analysis, ensuring alignment with SoD and compliance requirements.
• Integrate LDAP with SAP GRC for streamlined user provisioning and authentication.
• Conduct SoD risk analysis, remediation, and preventive control implementation.
• Ensure compliance with SOX (Sarbanes-Oxley Act) by aligning GRC configurations with audit and regulatory standards.
• Collaborate with internal audit, compliance, and business teams to ensure effective risk management and control frameworks.
• Provide support for GRC upgrades, patches, and performance optimization.
• Integrate GRC solutions with production systems to ensure seamless operations and risk management.
• Prepare and maintain documentation for audit readiness and compliance reporting.
• Identify and mitigate operational risks within the manufacturing processes.
• Design, implement, and maintain SAP security roles and authorizations across SAP modules (ECC, S/4HANA, BW, Fiori, etc.). 
• Investigate and resolve SAP security incidents and role conflicts. 
• Provide technical support for security-related issues and implement corrective actions.
• Work closely with functional, technical, and business teams to design and implement secure and scalable SAP solutions. 
• Provide training and support to end-users on security policies and GRC usage. 

Overall Experience:

• Overall, 5-7 years of experience in SAP Administration area along with Minimum 5 years of hands-on experience in SAP Security and GRC administration
• Lead and delivered at least 2 full-cycle SAP GRC Access Control implementations.

Required Skills:

• Minimum 5 years of experience as a GRC Administrator.
• Strong expertise in SAP GRC Access Control 10.x/12.x.
• In-depth knowledge of SoD concepts, risk analysis, and remediation strategies.
• Experience with SOX compliance and audit requirements.
• Proficient in MSMP workflow configuration, BRF+, and EAM setup.
• Hands-on experience with Compensating & Mitigation Controls and Custom Risk ID creation.
• Strong understanding of Ruleset configuration and access provisioning.
• Experience with LDAP integration and user lifecycle management.
• Excellent communication, documentation, and stakeholder management skills.
• SAP Security and Authorization knowledge is a plus.
• Experience with SAP user provisioning and role design
• Expertise in SAP GRC Access Control, including ARA, ARM, EAM, and BRM modules. 
• Knowledge of regulatory compliance frameworks such as SOX, GDPR, etc. 
• Experience with SAP Fiori and S/4HANA security. 
• Experience with SAP security audits and assessments
• Strong understanding of SAP security best practices and standards
• Experience with Identity Management solutions
• Familiarity with other SAP solutions like BTP, Ariba, SuccessFactors, and Concur.

Qualification:

• Bachelors degree required; master’s degree preferred.
• Experience in regulated industries such as Manufacturing, Aerospace, Defense, etc.
• Familiarity with GDPR, ISO 27001, or other compliance frameworks.
• Ability to work independently and manage multiple priorities in a fast-paced environment.
• SAP GRC certification is highly desirable.