Job Description
We are seeking a
SAP S/4 Security & Compliance Technical Resource to architect and govern SAP security design, access controls, and compliance frameworks across a highly regulated, multi-entity environment. This role will ensure secure, scalable, and audit-compliant access management aligned with enterprise cybersecurity and regulatory standards.
This is a senior technical governance role combining SAP security architecture expertise with regulatory compliance leadership.
Responsibilities
Key Responsibilities
Security Architecture & Best Practices
- Design and govern SAP S/4 security architecture aligned to clean-core and least-privilege principles.
- Establish global security standards, naming conventions, and role design methodologies.
- Drive standardization of role templates across global deployments.
- Participate in design authority reviews to ensure security-by-design principles.
User Profiles & Role Design
- Design and maintain SAP S/4:
- Role-based access controls (RBAC)
- Composite and single roles
- Derived roles
- Organizational-level restrictions
- Align roles to enterprise structure (company codes, plants, sales orgs).
- Ensure segregation of duties (SoD) compliance.
- Support mass user provisioning and lifecycle management.
Single Sign-On (SSO) & Identity Integration
- Design and support SSO integration using:
- SAML
- Azure AD / enterprise IAM platforms
- SAP Identity Authentication Service (IAS)
- Integrate SAP S/4 with enterprise identity and access management (IAM) tools.
- Enable secure authentication across hybrid and cloud landscapes.
- Support multi-factor authentication (MFA) strategies where applicable.
Access Controls & Compliance
- Implement and govern:
- Segregation of Duties (SoD) frameworks
- GRC Access Control integration
- Firefighter / emergency access procedures
- User access reviews and certification processes
- Ensure compliance with:
- SOX
- ITGC controls
- NIST / CMMC (where applicable)
- Internal cybersecurity standards
- Support audit preparation and remediation activities.
Regulated Industry Alignment
- Ensure SAP S/4 security design supports:
- ITAR / export control considerations (if applicable)
- Data segmentation requirements
- Controlled access to sensitive financial and operational data
- Maintain audit traceability and documentation standards.
- Collaborate with Cybersecurity, Compliance, and Internal Audit teams.
Transport & Governance Oversight
- Ensure secure transport of roles and authorization objects across environments.
- Validate access controls during system refreshes and client copies.
- Participate in release governance and cutover readiness.
- Maintain detailed documentation for audit and compliance traceability.
Qualifications
Basic Qualifications
- Bachelor's Degree in Information Systems, Cybersecurity, Computer Science, or related field.
- 8–12+ years SAP Security experience.
- 2+ full lifecycle SAP implementations (minimum 1 S/4HANA).
- Experience operating in a regulated or SOX-controlled environment.
Required Expertise
- Deep SAP S/4 security configuration experience.
- Strong expertise in:
- Role design & authorization objects
- User profile administration
- Segregation of Duties analysis
- SAP GRC Access Control
- Hands-on SSO configuration and IAM integration experience.
- Strong understanding of access control governance frameworks.
- Experience in audit remediation and compliance reporting.
Preferred Qualifications
- Aerospace & Defense or highly regulated industry experience.
- Experience in global template harmonization or carve-out programs.
- Familiarity with SAP BTP security models.
- Exposure to cloud identity integration strategies.
Leadership Competencies
- Governance-oriented and detail-driven.
- Strong collaboration across Cybersecurity, Compliance, and IT teams.
- Executive-level communication and stakeholder engagement capability.
- Ability to balance security rigor with operational enablement.
