SAP GRC Expert

The SAP GRC Expert is responsible for leading the implementation, operation, and optimization of SAP Governance, Risk, and Compliance (GRC) solutions across enterprise environments. This role includes delivering SAP GRC Access Control modules (ARA, ARM, BRM, EAM), ensuring effective segregation of duties (SoD), role governance, and secure access provisioning across both SAP and non-SAP landscapes. The manager will collaborate closely with audit, compliance, security, and SAP functional teams to define governance models, resolve access violations, and maintain regulatory compliance.

Key Responsibilities:

• Lead SAP GRC Access Control implementation, configuration, and support.
• Define and maintain SoD rules, risk mitigation strategies, and audit workflows.
• Manage GRC modules including Access Risk Analysis, Access Request Management, Business Role Management, and Emergency Access Management.
• Design and optimize user provisioning workflows, approval stages, and escalation paths.
• Collaborate with security and audit teams to align GRC with compliance policies.
• Configure integration with SAP systems (ECC, S/4HANA) and Active Directory or Identity Providers.
• Define technical roles, business roles, and role derivation strategies.
• Support GRC reporting, controls testing, and audit documentation.
• Oversee upgrades, performance tuning, and GRC connector configurations.
• Deliver training to compliance officers, end users, and security administrators.

Required Qualifications & Skills:

• Education & Certifications:

  • Bachelor’s degree in Information Security, Information Systems, or related field.
  • SAP Certified Application Associate – SAP GRC Access Control.
  • Additional certifications in risk management, audit, or cybersecurity (e.g., CISA, CISM) preferred.
  • Project Management certification (PMP or equivalent) is a plus.

• Experience:

  • 5–12 years of SAP Security and GRC experience.
  • At least 2 years in a managerial or GRC leadership role.
  • Proven record in full-cycle SAP GRC Access Control implementations.
  • Experience in managing security for SAP ECC, S/4HANA, and cloud connectors.
  • Involvement in SOX, GDPR, or ISO 27001-related compliance initiatives.

Work Conditions: DXC Technology prioritizes in-person collaboration while offering flexibility to support wellbeing, productivity, individual work styles, and life circumstances. The company is committed to fostering an inclusive environment where everyone can thrive.

Language Requirements: (Include if specified in the job posting; current text does not indicate specific language requirements.)