Job Title: SAP Security & GRC Consultant
Experience: 7–10 Years
Location: India
Duration: Immediate – 31st December 2026
Budget: Up to 25 LPA
Industry Preference: Pharmaceuticals (Preferred)
Job Description
Key Responsibilities
- Design, develop, and maintain SAP roles, profiles, and authorization objects in alignment with business needs and compliance requirements.
- Implement, configure, and support SAP GRC Access Control modules, including:
- Access Request Management (ARM)
- Access Risk Analysis (ARA)
- Emergency Access Management (EAM / Firefighter)
- Business Role Management (BRM)
- Monitor, analyze, and remediate Segregation of Duties (SoD) conflicts; establish preventive controls, mitigation strategies, and reporting dashboards.
- Perform user provisioning, role assignments, and periodic access reviews for SAP S/4HANA, Fiori, and integrated non‑SAP applications, following least‑privilege principles.
- Support audit and compliance activities, ensuring all documentation, evidence, and responses meet SOX, GxP, and internal audit standards.
- Collaborate with Internal Audit, Quality Assurance (QA), and external auditors to manage access reviews, risk assessments, findings, and remediation plans.
- Partner with Information Security and Infrastructure teams to align SAP security controls with enterprise frameworks such as NIST CSF and ISO 27001.
- Ensure compliance with FDA 21 CFR Part 11 and EU Annex 11 requirements for electronic records and electronic signatures.
- Participate in change management, system upgrades, and deployments, ensuring role integrity and access consistency throughout the change lifecycle.
- Develop and maintain security SOPs, access matrices, role design documents, and GRC dashboards to provide leadership visibility.
- Drive continuous improvement initiatives in SAP security by leveraging automation, monitoring tools, and best practices to reduce manual effort and strengthen controls.
Required Skills & Qualifications
- 7–10 years of hands-on experience in SAP Security and SAP GRC Access Control administration.
- Strong expertise in SAP S/4HANA security design, including Fiori authorizations and OData services.
- Proven experience integrating SAP security with non-SAP applications.
- Solid understanding of SoD concepts, risk analysis, and mitigation controls.
- Hands-on involvement in audits, compliance reviews, and regulatory environments.
- Knowledge of NIST, ISO 27001, and enterprise security frameworks.
- Experience supporting regulated environments; Pharma / Life Sciences experience is highly preferred.
- Strong documentation, communication, and stakeholder management skills.
Nice to Have
- Exposure to automation tools, scripting, or workflow enhancements in SAP GRC
- Prior experience in global delivery or multi‑country SAP landscapes
