SoD Ruleset Specialist

Your role and responsibilities (Mandatory)

In this role, you will own the Global SoD ruleset for ECC/FIORI. Review / enhance / issue guidance, support risk analysis (SoD), risk management (elimination or mitigation) guidance, Control Performance guidance, SAP role designing guidance, user access review guidance at a global level. You will also be responsible for process improvements, internal and external audit co-ordination.

The work model for the role is Hybrid #LI-Hybrid

This role is contributing to theIS Services.

You will be mainly accountable for:

• Design, develop, and maintain SoD rulesets for ECC and S/4HANA systems (both T-code & Fiori-based).
• Perform ruleset testing and validation to ensure compliance and accuracy across different system landscapes.
• Collaborate with business stakeholders to align rulesets with critical business processes (R2R, O2C, P2P, H2R, Tax, Treasury, ITGC).
• Support role design and role creation strategies, ensuring alignment with organizational security principles.
• Support in analyzing, troubleshooting, and suggesting remediation for SoD conflicts, proposing sustainable solutions.
• Work closely with change management and audit teams to maintain compliance with ITGC and regulatory requirements.
• Organize and facilitate SoD Reference Group meetings, maintain minutes and track action items.
• Collect stakeholder feedback and present it during SoD Reference Group meetings.
• Track, document, and monitor all changes to the ruleset, maintaining traceability from business requirements to ruleset design and testing results as well as maintaining a documented decision log.
• Communicate ruleset changes to senior management in non-technical language
• Coordinate with internal and external auditors during SoD ruleset reviews / audits.
• Act as the primary point of contact on SoD ruleset matters across the organization, including addressing helpdesk requests related to SoD.
• Respond to stakeholder questions regarding ruleset design, conflicts, and compliance.
• Own, maintain, and version the SoD documentation set.
• Provide guidance and mentorship to team members on SoD methodologies and best practices.
• Bring innovative ideas to strengthen access governance and enhance organizational risk management.
• Suggest and implement new controls related to UAM/SoD globally.
• Coordinate the creation and maintenance of Global Mitigation Control Library in collaboration with respective stakeholders.

• Graduate in any discipline with 8-10 years of relevant experience.
• Strong knowledge of ECC & S/4HANA authorization concepts (T-code & Fiori-based).
• Proven expertise in ruleset development, testing, and maintenance for ECC & S/4HANA.
• Experience with multi-system SAP landscapes including S/4 environments.
• Adequate knowledge of core business processes: R2R, O2C, P2P, H2R, Tax, Treasury, ITGC.
• Adequate knowledge of Identity & Access Management (IAM).
• Familiarity with application change management processes.
• Experience with role design and various schemas of role creation in SAP.
• Hands-on expertise with SAP GRC ARM, ARA & BRM.
• Exposure to new SAP technologies such as PI, SAC, IAG.
• Relevant certifications (e.g., CISA, CISSP, CIAM) are an added advantage.