SAP Security/GRC Lead

Strengthen our team as our SAP Security / GRC Lead (Access Control & SoD)

Due to security clearance requirements candidates must be eligible for or currently hold SC and be sole UK nationals.

An exciting opportunity has arisen for an experienced SAP Security & GRC Lead to join our team to define and govern the enterprise security and risk framework across S/4HANA, SAP BTP, cloud applications, and hybrid identity platforms.

The role serves as the strategic link between security architecture, business stakeholders, auditors, and delivery teams. You will modernize SAP security using SAP GRC 2026, establish a secure‑by‑design control model, and introduce AI-driven automation for access governance and continuous monitoring.

Strong SAP GRC expertise and leadership are essential to guide global teams through audits, remediation, and risk reduction.

What You’ll Do:

• Lead the implementation or migration of SAP GRC 2026, consolidating Access Control, Process Control, and Risk Management into one HANA-native platform.
• Architect and maintain a comprehensive S/4HANA and Fiori/UI5 security model, including role design, OData V4 protection, and SAP BTP authorization concepts.
• Deploy SAP Joule and generative AI to automate access requests, SoD analysis, risk detection, and automated control rule generation.
• Manage enterprise access governance through SAP Cloud IAG, integrating hybrid environments with platforms such as Microsoft Entra ID.
• Transition organizations from periodic audits to Continuous Controls Monitoring (CCM) using HANA’s in-memory analytics for real-time risk visibility.
• Drive compliance with global regulatory frameworks: SOX, GDPR, J-SOX, NIS2, and DORA.
• Integrate security workflows with SAP Enterprise Threat Detection (ETD) for real-time security alerts, anomaly detection, and log monitoring.
• Lead global onshore/offshore teams and serve as the senior interface for auditors, risk committees, and C‑suite stakeholders during compliance and remediation cycles.

What We Are Looking For:

• Strong SAP Security & SAP GRC experience, including 2+ full S/4HANA implementations as a Lead.
• Deep functional and technical expertise in GRC Access Control (ARA, ARM, EAM, BRM), Process Control, and Risk Management.
• Hands-on experience with SAP IAG, SAP BTP security concepts, and integration across SaaS systems (SuccessFactors, Ariba, Concur, etc.).
• Strong knowledge of SAP HANA database security, including encryption, passwordless authentication, and HANA-native authorization objects.
• Proven ability to define enterprise security architecture aligned with Clean Core and 2026 SAP security standards.
• Excellent communication, documentation, and stakeholder management skills with experience working directly with auditors and compliance teams.

Desired Skills

• SAP Certified Technology Professional – System Security & GRC.
• CISA (Certified Information Systems Auditor) or CRISC (Risk & Information Systems Control).
• CISSP (Certified Information Systems Security Professional).
• Azure/AWS/GCP identity or security certifications (added advantage).