Our Client, a global healthcare company, is seeking a Senior SAP GRC/IAG Consultant with strong technical proficiency in designing and deploying access governance frameworks across SAP S/4HANA and a suite of SAP Cloud applications. The candidate must have hands-on experience with SAP GRC Access Control, SAP IAG, SAP Identity Authentication Service (IAS), Identity Provisioning Service (IPS), and integration of GRC with Solution Manager CHARM and Jira. This role is responsible for building scalable, audit-compliant access models in hybrid cloud landscapes spanning SAP BTP, IBP, SAC, ARIBA, Concur, and DSP.
This is a remote contract role, working the client's preferred EST hours.
Job Responsibilities:
GRC Access Control & Compliance Automation:
- Design and implement SAP GRC AC 12.0 modules:
Access Request Management (ARM):
- Configure multi-stage request workflows, mitigation paths, and agent rules.
Access Risk Analysis (ARA):
- Build custom SoD risk rules, simulate risks across systems (via RFC and IAG bridge), and automate preventive risk detection.
Emergency Access Management (EAM):
- Deploy firefighter IDs across landscapes with real-time logging and automated review workflows.
Business Role Management (BRM):
- Define role derivation strategies, composite roles, and role approval hierarchies.
SAP GRC Process Control:
- Design and implement SAP GRC Process Control 12.0 to automate control testing, support regulatory compliance, and enable centralized control governance across enterprise business processes.
Continuous Control Monitoring (CCM):
- Develop technical rules using BRF+ and configure automated control tests from SAP and non-SAP data sources (e.g., BKPF, BSEG, EKKO).
- Schedule real-time or periodic monitoring jobs and link monitoring results to control assessments. Trigger automated issue logs upon control failures with follow-up remediation workflows.
Control Self-Assessment (CSA):
- Design CSA campaigns using predefined questionnaires linked to internal controls.
- Automate evidence collection and control owner attestations. Integrate results with compliance dashboards and audit follow-up cycles.
Control Documentation & Repository:
- Maintain a centralized control repository with versioning, policy linkage, and control classification (automated/manual/key).
- Associate controls with relevant regulations (e.g., SOX 404, GxP, FDA, ITGC).
Workflow & Assessment Automation:
- Configure multi-step assessment workflows involving control performers, testers, reviewers, and compliance leads. Enable role-based task assignments and SLA tracking for assessment completion.
Issue Management:
- Automate issue creation for failed tests, surveys, or control assessments. Configure root cause fields, impact analysis, corrective action plans, and escalation routes.
SAP Risk Management:
- Implement SAP Risk Management 12.0 to enable proactive identification, assessment, monitoring, and mitigation of enterprise risks across business and IT domains.
Risk Identification & Documentation:
- Configure a centralized risk repository with risk categories, descriptions, causes, and impacts. Map risks to business objectives, organizational units, and business processes.
Risk Assessment Framework:
- Define custom risk assessment scales (e.g., likelihood, impact, velocity) and scoring models.
- Enable periodic or real-time assessments using configurable methodologies (qualitative/quantitative). Visualize risk trends using heat-maps, risk matrices, and dashboards.
Mitigation Planning & Risk Response:
- Document mitigation plans and assign risk response strategies (avoid, accept, mitigate, transfer). Link mitigation plans to internal controls in Process Control for automated effectiveness tracking.
Risk Workflow Management:
- Automate risk review, approval, and reassessment workflows based on role hierarchy. Route risk events to appropriate owners, compliance teams, and executive reviewers.
Integration with GRC Access Control & Process Control:
- Link risks to controls in Process Control to monitor control effectiveness.
- Map access-based risks (e.g., SoD violations) from GRC ARA directly to enterprise risk profiles.
SAP IAG (Identity Access Governance):
- Deploy SAP IAG as a central governance layer for SAP Cloud apps.
- Enable risk analysis, access requests, and role lifecycle management for:
- SAP Ariba (Operational Procurement, Sourcing, Supplier Management)
- SAP Concur (Travel & Expense)
- SAP Integrated Business Planning (IBP)
- SAP Analytics Cloud (SAC) – including Workspace and Model-level access
- SAP BTP – including subaccount role collections, entitlements, and destinations
- DSP (Data Services Platform) – for sensitivity
Requirements
- 10 + experience working within SAP GRC frameworks
- Excellent expertise in SAP IAG, SAP GRC AC all modules with very good understanding of SAP functional modules such as Finance, MM, PP, QM, SD, PLM, and APO etc
- Should have expertise of all well known of concepts BTP, IAS, IPS, APIs, cloud connector, cloud application security
