Job Description
Title :: Senior SAP GRC Consultant Title :: Remote : About the Role We are seeking an experienced Senior SAP GRC Consultant with deep expertise in Access Control (AC), Process Control (PC), and Risk Management (RM) to design, implement, and sustain enterprise-grade governance, risk, and compliance frameworks across complex SAP landscapes. The ideal candidate has led end-to-end SAP GRC deployments, optimized SoD and risk rulesets, executed mass master data uploads using MDUG, automated controls and testing via CCM, scheduled MCP plans, and partnered closely with Security, Internal Audit, Compliance, and Business Process Owners to improve control maturity, reduce risk exposure, and conduct enterprise risk surveys. This role requires strong hands-on experience across backend SPRO configuration and front-end GRC operations. Key Responsibilities SAP GRC Access Control (AC) Lead design, configuration, and rollout via SPRO for: Access Risk Analysis (ARA) Access Request Management (ARM) Business Role Management (BRM) Emergency Access Management (EAM) Define, maintain, and tune SoD rulesets, risk functions, and mitigating controls aligned to business processes: OTC, P2P, RTR, HCM, TM, and others Implement workflow-driven access provisioning and approvals, including: MSMP configuration BRF+ rule design and optimization Perform user-, role-, and authorization object level risk analysis, define remediation strategies, and enforce least-privilege role design Establish and operate Firefighter (FFID) governance: FFID ID setup and assignment Log review workflows Control owner and reviewer maintenance SLA compliance Integrate SAP GRC AC with: HR / IDM / IAM platforms (SAP IDM, Azure AD, SailPoint, Okta) SAP Cloud Identity Ticketing tools (ServiceNow, Jira) Strong end-to-end SAP Fiori authorization configuration knowledge, including catalogs, groups, spaces, and OData services SAP GRC Process Control (PC) Perform mass master data uploads using the MDUG program Design and implement: Control libraries Centralized control documentation Test of Design (ToD) and Test of Effectiveness (ToE) Configure and operate: Automated Business Controls (ABC) Continuous Control Monitoring (CCM) Data sources, business rules, workflows, alerts, and background jobs Schedule and manage MCP plans, certifications, and periodic control assessments Align Process Control framework with: SOX / ITGC ISO 27001 COBIT GDPR Internal audit requirements Build dashboards and reports for: Control Owners Process Owners Internal Audit Senior Management and Executives SAP GRC Risk Management (RM) Lead implementation and configuration of SAP GRC Risk Management module Design and maintain: Enterprise risk frameworks Risk categories, risk attributes, and scoring methodologies Create risks and assign controls, including: Risk-to-control mapping Preventive and detective control alignment Configure and manage: Risk assessments and risk surveys Risk owners and responsible parties Risk response strategies (accept, mitigate, transfer, avoid) Enable risk monitoring, KRIs, and trend analysis Support integration of RM with: Process Control (PC) Internal audit and compliance reporting Prepare executive-level risk dashboards and risk exposure reports Architecture, Integration & Operations Define SAP GRC architecture across: ECC and S/4HANA SAP Cloud solutions (Ariba, SuccessFactors, Concur, Fieldglass) Non-SAP systems where applicable Support internal and external audits: Evidence collection Audit queries Remediation and action plan tracking Drive continuous improvement across: Joiner Mover Leaver (JML) processes Periodic access reviews Control automation and operational efficiency Required Qualifications & Experience 8+ years of hands-on SAP GRC experience across Access Control, Process Control, and Risk Management Minimum 2 3 full lifecycle implementations of SAP GRC modules Deep understanding of SAP authorization concepts: Roles, profiles, authorization objects SU24, PFCG, SUIM Fior