SAP GRC Expert

The SAP GRC Expert is responsible for leading the implementation, operation, and optimization of SAP Governance, Risk, and Compliance (GRC) solutions across enterprise environments. The role includes the delivery of SAP GRC Access Control (ARA, ARM, BRM, EAM), ensuring effective segregation of duties (SoD), role governance, and secure access provisioning across SAP and non-SAP landscapes.

The manager will work closely with audit, compliance, security, and SAP functional teams to define governance models, resolve access violations, and maintain regulatory compliance. Experience with S/4HANA integration, compliance frameworks (SOX, GDPR), and SAP GRC upgrades is expected.

Key Responsibilities:

• Lead SAP GRC Access Control implementation, configuration, and support
• Define and maintain SoD rules, risk mitigation strategies, and audit workflows
• Manage GRC modules including Access Risk Analysis, Access Request Management, Business Role Management, and Emergency Access Management
• Design and optimize user provisioning workflows, approval stages, and escalation paths
• Collaborate with security and audit teams to align GRC with compliance policies
• Configure integration with SAP systems (ECC, S/4HANA) and Active Directory or Identity Providers
• Define technical roles, business roles, and role derivation strategy
• Support GRC reporting, controls testing, and audit documentation
• Oversee upgrades, performance tuning, and GRC connector configurations
• Deliver training to compliance officers, end users, and security administrators

Required Qualifications & Skills:

• Education & Certifications:

  • Bachelor’s degree in Information Security, Information Systems, or related field
  • SAP Certified Application Associate – SAP GRC Access Control
  • Additional certifications in risk management, audit, or cybersecurity (e.g., CISA, CISM) are preferred
  • Project Management certification (PMP or equivalent) is a plus

• Experience:

  • 5–12 years of SAP Security and GRC experience
  • At least 2 years in a managerial or GRC leadership role
  • Proven record in full-cycle SAP GRC Access Control implementations
  • Experience in managing security for SAP ECC, S/4HANA, and cloud connectors
  • Involvement in SOX, GDPR, or ISO 27001-related compliance initiatives

At DXC Technology, we believe strong connections and community are key to our success. Our work model prioritizes in-person collaboration while offering flexibility to support well-being, productivity, individual work styles, and life circumstances. We’re committed to fostering an inclusive environment where everyone can thrive.