SAP GRC/Security Consultant (US)

Accepting candidates eligible to work in the US.  Any US location considered.

The Role

The candidate will play a key role in handling client engagements, as well as utilizing strong technical experience to find solutions that best fit our clients’ needs. We are looking for a team-player and strong all-rounder with at least 4 years of practical experience in the following areas: 

• Detailed understanding of the SAP authorization concept in one or more of the following areas: ECC, SAP S/4 HANA, HCM, CRM, SRM, BW, BI, BPC, SAP HANA 


• Experience of designing, building and implementing SAP security and authorization solutions 


• Exposure to various system user interfaces (UI), including SAP but also other relevant SaaS products  


• Detailed understanding of SAP GRC suite of applications, with a demonstrable specialism in core modules contained within


• Experience of IDM solutions, either SAP’s IDM solution, or non-SAP, such as Sailpoint or Saviynt would be of advantage. 


• Experience of third-party solutions to secure SAP estates also an advantage 

Our experienced consultants are a key driver of our success as one of the most trusted names in the end to end security arena and we are committed to delivering to a consistently high standard. Key responsibilities of the role are: 

• Task management of large / complex implementations, especially in Application security or enterprise risk/identity projects 


• Implementation of GRC technology and supporting modules 


• Work with clients to understand "why" they're in need of such solutions, define requirements and configure solutions to best fit those needs 


• Perform controls and configuration reviews involving relevant application systems and processes 


• Advise clients on controls in their enterprise systems relating to regulatory or legislative compliance 


• Review and advise on security redesign and remediation projects 


• Provide a broader range of information risk management solutions to clients as required 


• Build relationships with new clients and maintain good relations with our existing client base 


• Integrate solutions into wider cybersecurity controls estates 

We are looking ideally for someone with the following attributes:

• The ability to troubleshoot and diagnose problems / issues and provide prompt, robust resolution 


• An enquiring mind to discover "why" clients need to introduce the controlling measures.


• The ability to manage projects within varied client engagements and lead reviews and implementations 


• Knowledge of corporate business processes and their control points 


• Good understanding of various IT regulations and standards, including: Sarbanes Oxley, COBIT, ISO series & the GDPR 


• Bachelor’s degree 


• Professional certification (e.g. CISA, M.Inst.ISP, CISSP, ISO) 


• SAP certification (Security, GRC) 


• Consulting background 


• Strong written and verbal communication skills 


• Integration experience 


• Ability to act as an SME to install, design, engineer and configure security solutions to meet client needs


• Ability to effectively manage own time and priorities effectively and to work both as part of a team and individually.

Key responsibilities of the role will include:

• Project manage large / complex SAP Security implementations, especially for S/4 HANA projects


• Implementation of GRC Access Controls and supporting modules


• Work with clients to understand requirements and configure solutions to best fit those needs


• Perform controls and configuration reviews involving SAP systems


• Advise clients on controls in SAP relating to regulatory or legislative compliance


• Review and advise on SAP security redesign and remediation projects


• Provide a broader range of information risk management solutions to clients as required


• Build relationships with new clients and maintain good relations with our existing client base


• Integrate solutions into wider cybersecurity controls estates

We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity and/or expression, status as a veteran, and basis of disability or any other federal, state or local protected class. When we collect your personal information as part of a job application or offer of employment, we do so in accordance with industry standards and best practices and in compliance with applicable privacy laws.