SAP Security & Identity Access Management Analyst III

JOIN THE TEAM THAT’S POWERING PROGRESS

Building cities. Driving commerce. Fueling Progress. For over 100 years, Allison has powered the vehicles and technology that move our world forward.

What powers us? Our employees. From the first person hired by James Allison in 1915 to the thousands across the globe who work for Allison today, we're driving progress everywhere because we employ top talent worldwide. In both the Allison Transmission and Allison Off-Highway Drive and Motion Systems business units, our team strives to Improve the Way the World Works.  

Learn more about this role and how you can begin driving your career forward!

Benefits:

The below list features some of the benefits currently available. Eligibility may be subject to the terms and conditions of governing documents and available benefits may be subject to change at the company’s discretion.

• Choice of medical plans with prescription coverage

• Employer HSA contribution

• Dental & Vision Insurance

• Paid Parental Leave

• Short & Long-Term Disability

• Other voluntary benefits including: Critical Illness, Hospital Indemnity, Identity Theft Protection and Pet Insurance

• 401K with generous Company match & contribution

• Accrued Paid Time Off

• 12 Paid Holidays + 1 Floating Holiday

• Robust employee wellness program

• Tuition assistance program

Job Description:

The Identity Access Management (IAM) Analyst III (SAP Security) is responsible for the design, implementation, governance, and operational support of SAP application security across the enterprise. This role serves as the SAP Security Subject Matter Expert (SME) and ensures SAP access controls are compliant with internal security policies, regulatory requirements, and audit standards.

The analyst leads SAP role design, provisioning, and access governance activities, working closely with business stakeholders, SAP functional teams, auditors, and IAM platform teams. The role emphasizes SAP authorization concepts, Segregation of Duties (SoD), privileged access, and lifecycle provisioning, with integration into corporate IAM tools to facilitate capabilities such as joiner, mover, leaver, and privileged access control.  The role will have responsibilities outside of SAP Security; however, SAP Security will be their primary focus.

This position is operationally focused, balancing user access needs with strict security controls, and plays a key role in monitoring access-related risks, supporting audits, and responding to SAP security incidents.

Key Responsibilities

• Serve as the SAP Security SME, responsible for end-to-end SAP security administration across related SAP platforms.
• Design, create, maintain, and troubleshoot SAP roles, composite roles, authorization objects, and user assignments.
• Assist with the development of role-based access control (RBAC) models aligned with job functions and business processes.
• Ensure compliance with Segregation of Duties (SoD), CMMC, SOX, and internal audit requirements using SAP GRC or equivalent tools.
• Define and enforce SAP security standards, naming conventions, policies, and procedures.

• Support and enhance SAP access provisioning and deprovisioning through IAM provisioning tools, including role modeling and access workflows.
• Partner with IAM teams to automate the SAP joiner/mover/leaver lifecycle.
• Assist with integrating Privileged Access Management (PAM) solutions for SAP privileged and firefighter accounts.
• Support SAP user access reviews, certifications, and attestation campaigns.

• Support internal and external audits by providing SAP security documentation, access evidence, and remediation plans.
• Assist in analyzing security threat notifications related to SAP systems and recommend corrective actions.

• Work closely with SAP functional teams, business process owners, PMO, Enterprise Architecture, HR, Legal, and Audit partners.
• Establish and maintain strong working relationships with SAP end users and IAM customers.
• Providing guidance and education on SAP accesses best practices and security controls.

• Identify and recommend process improvements to enhance SAP security efficiency, automation, and compliance posture.
• Support ongoing SAP security operations and other IAM/security initiatives as required.

Required Experience & Qualifications

Education

• Bachelor’s degree in Information Systems, Cybersecurity, Computer Science, or equivalent practical experience.

Experience

• 6+ years of experience in Identity and Access Management, with a strong concentration in SAP Security.
• Demonstrated hands-on SAP Security administration experience (required), including role design, authorization concepts, and user provisioning.
• Experience in integrating SAP systems with IAM platforms (preferred).
• Experience administering or supporting Privileged Access Management solutions.
• Strong experience securing privileged and elevated SAP accounts, including firefighters and emergency access.
• Experience supporting security for SAP in regulated environments (SOX, CMMC, NIST).
• SAP Security certifications (preferred)

Technical & Compliance Knowledge

• In-depth understanding of:
  • SAP authorization framework
  • Segregation of Duties (SoD)
  • SAP GRC Access Control (or equivalent)
• Knowledge of information security standards and frameworks:
  • NIST 800-53, 800-171, CMMC (preferred)
  • SOX compliance and audit support
• Familiarity with Active Directory, Red Hat Linux, and enterprise IAM ecosystems relate to SAP access.

Skills & Competencies

• Strong analytical and problem-solving skills with high attention to detail.
• Excellent interpersonal and organizational skills; ability to manage deadlines and competing priorities.
• Ability to adapt to evolving SAP technologies and security requirements.
• Proven ability to identify and implement process optimizations and security improvements.
• Commitment to delivering consistent, high-quality customer service while maintaining strong security controls.

Allison Transmission is an equal opportunity employer. We have opportunities for all qualified applicants regardless of age, race, color, sex, religion, creed, national origin, disability, sexual orientation, gender identity/expression or veteran status.

If you are an individual with a disability or a disabled veteran requiring assistance and/or reasonable accommodations reviewing any of the careers information, please contact us at ati+ask4max@service-now.com.

Please note that Allison Transmission will make an offer of employment only to individuals who have applied for a position using our official application. Be on alert for possible fraudulent offers of employment. Allison Transmission will not solicit money or banking information from applicants.