Sr Analyst SAP Security
USEReady · Greensboro, NC · 2 mo ago
Information TechnologyFull-time
Responsibilities
- Design, build, and maintain SAP roles and authorization objects across ECC 6.0 (AFS), HANA, BW, Fiori, and NetWeaver systems in alignment with business requirements and the principle of least privilege.
- Administer user accounts, role assignments, and access provisioning/de-provisioning across all SAP environments (Development, Quality and Production).
- Identify, analyze, and remediate Segregation of Duties (SoD) conflicts using GRC Access Control or equivalent tooling; maintain and enforce SoD ruleset in coordination with finance and IT audit teams.
- Ensure ongoing SOX compliance for SAP access controls; prepare and maintain documentation, evidence packages, and control narratives for internal and external auditors.
- Support internal and external audit activities; gather required evidence, articulate control measures, and remediate findings within agreed timelines.
- Manage periodic user access reviews and recertification processes across all SAP systems; coordinate with business owners to validate continued access appropriateness.
- Collaborate with Basis, functional, and development teams on security-relevant system changes, transports, upgrades, and new implementations to ensure proper authorization coverage.
- Participate in system refresh and transport activities from a security perspective; validate role and profile integrity post-refresh across all environments.
- Monitor and analyze SAP security logs, audit trails, and system access reports; proactively identify and escalate anomalies or policy violations.
- Contribute to continuous improvement of security processes, standards, and documentation; drive efficiency through automation and consistent role design methodology.
- Proactively assess the current SAP role landscape, identify redundancies and gaps, and drive the normalization and rationalization of roles across all systems toward a clean, standardized role design.
- Lead and facilitate discussions with business and IT stakeholders to define role ownership, access governance principles, and the organizational framework for how SAP security is structured and maintained.
Requirements
- 6-10 years of experience in SAP Security administration, with hands-on expertise in role design, authorization management, and user administration.
- Deep expertise in SAP authorization concepts: profile generator (PFCG), authorization objects, S_TCODE, org-level fields and structural authorizations.
- Strong knowledge of SAP GRC Access Control (Access Request Management, Access Risk Analysis, Emergency Access Management, Business Role Management) preferred.
- Experience with SAP ECC 6.0 security including AFS (Apparel and Footwear Solution) module-specific authorizations is strongly preferred.
- Solid understanding of SOX IT general controls (ITGCs) as they relate to SAP access management, change management, and segregation of duties.
- Familiarity with SAP HANA security concepts including database-level privileges, analytic privileges, and HANA user administration.
- Knowledge of SAP Fiori authorization concepts including catalog/group assignments, OData service security, and Launchpad configuration.
- PC servers, workstations, and laptops. Microsoft environment. Proficiency with standard computer applications including word processing and spreadsheets.
Desired Skills
- SAP GRC Access Control
- SAP ECC
- Afs