SAP Security GRC Specialist

Job Description:

The SAP Security & GRC Specialist is responsible for performing all User Management (UM) functions such as user role creations, changes, assignments, and activities including User Access Review, UM audit requests, and Segregation of Duties (SOD) Risk Assessment.
 

What you will do

• Develop and implement SAP security governance frameworks tailored to the organization’s needs and aligned with global IT and security best practices.
• Ensure compliance with corporate information security policies and local/international regulations (e.g., SOX, GDPR, LGPD) within SAP environments.
• Regularly review and update SAP security policies, procedures, and standards.
• Conduct periodic audits across SAP systems (e.g., ECC, S/4HANA, SAP B1) to ensure adherence to defined security controls, especially Segregation of Duties (SoD).
• Implement corrective actions to address identified vulnerabilities or non-compliance issues.
• Identify and assess SAP-related security risks and collaborate with stakeholders to define mitigation strategies.
• Maintain and periodically review SAP security risk management plans.
• Monitor and analyze SAP security performance indicators to identify improvement opportunities and support continuous improvement initiatives.
• Lead or actively participate in the design, implementation, and maintenance of User Access Management (UAM) processes for SAP systems.
• Design, review, and maintain SAP roles and authorization objects in accordance with SoD principles and Security Management standards.
• Analyze, design, implement, and test SAP GRC (Governance, Risk, and Compliance) components, such as Access Control, ARA (Access Risk Analysis), EAM (Emergency Access Management), BRM (Business Role Management), and ARM (Access Request Management).
• Support automation of user provisioning and access control processes, including integration with Active Directory and Identity & Access Management (IAM) tools.
• Work closely with project teams, internal/external auditors, information security, and compliance departments.
• Ensure that SAP Security activities are aligned with corporate governance policies and SOX audit requirements.
• Stay current with evolving security threats, SAP security patches, and relevant technology developments.

What we are looking for

• Proven experience in SAP Security (ECC, S/4HANA, SAP B1, or SAP GRC).
• Experience Over all 8+  Specific Role 5+
• In-depth understanding of SAP authorization concepts and architecture.
• Hands-on experience with SAP GRC Access Control and SoD analysis.
• Relevant certifications such as SAP Certified Technology Associate – System Security Architect or SAP GRC certifications are a plus.
• Familiarity with IT governance and security frameworks such as COBIT, ISO 27001, NIST, and SOX.
• Strong analytical skills, attention to detail, and a high sense of responsibility regarding security and compliance.

Education Requirements

• Bachelor's degree in Information Technology, Information Systems, Computer Science or related fields.
• Professional certifications such as Certified Information Systems Security Professional (CISSP) may also be desirable for IT Governance candidates.
• English fluency, written and spoken

Technical Requirements

• Solid knowledge of information technology and systems infrastructure.
• Familiarity with information SAP security practices and compliance.
• Experience working in multicultural and multilingual environments.
• Experienced in strategic planning, compliance audits and execution of countermeasures.
• High energy and results focused.

Preferred

• Understanding of manufacturing industry

Mobility & Travel Requirements

• Travel – up to 15%

Competencies & Behaviors Needed

• Exceptional communicator and collaborator at all employee levels including senior executives and frontline associates
• Strong proponent of ESAB’s values and behaviors and EBX principles
• Drives continuous improvement
• Effective at building relationships, trust
• Negotiates with associates with a respectful give-and-take approach, where decisions are shared
• Comfortable working in a global matrix organization
• Results-oriented with the ability to make decisions and to follow through on programs and policies  which have been developed
• Bias for action; a sense of urgency; self-starter; moves with speed
• Manages workload efficiently and effectively
• Prioritizes for maximum impact
• Good at synthesizing data and distilling key points
• Can dive deep into detail to support root cause analysis, yet understands the big picture

Additional Key Attributes

• Integrity, credibility, and character with demonstrated ethical behaviors
• A team player and leader with the self-confidence, humility, and consultative skills to positively influence the business
• A tenacious, operationally minded individual with a strong work ethic