SAP Identity Management (SAP GRC)

Job Title: SAP Identity Management (SAP GRC)

Location: Toronto, ON (Hybrid)

Estimated Duration: 6 Months

SAP GRC Consultant (Identity Management)

Our client has launched a major business transformation of its financial system, driven by the implementation of SAP S4/HANA solution to enable future state financial processes.  The solution went live in November, and is in the hypercare period of the Run Phase.
The SAP Identity Management/Provisioning Specialist (Senior S/4HANA and GRC Security Lead) will work with Security team (systems integrator + sustainment) to manage resolution of security related incidents. In addition, the resource will
support the resolution of security related to items being implemented from the project’s deferred list.
 
The resource will support the development and ongoing maintenance of SAP security roles and the operation of the newly implemented SAP GRC processes for user provisioning and access governance in a live SAP S/4HANA environment. This includes aligning role design to the Client's organizational structure and enforcing Financial Segregation of Duties (SoD) controls through SAP GRC rulesets and SAP S/4HANA role-based access control.
 
The resource will work closely with Business Process Leads (BPLs) and technical teams to resolve access-related issues as they arise within the Client's complex production landscape, which includes SAP S/4HANA, SAP GRC, SAP ECC, SAP BW, SuccessFactors, SAP Datasphere, and SAP BTP.
 
The role requires a strong understanding of end-to-end business processes, accounting principles, system configuration, enhancements, and data dependencies that enable these processes, along with familiarity with project delivery methodologies such as SAP Activate and/or PMBOK (PMP certification is considered an asset).
 
SPECIFIC DUTIES  
The resources will
•            Triage and resolve tickets submitted by end users related to access
•            Recommend/review and implement role update
•            Support user and role provisioning 
o Review and update roles based on new functionality implemented as from the project’s deferred item list
•            Review and update Identity and Governance Controls
•            Update SAP GRC based on new/update segregation of duties requirements• Respond to audit related findings 
•            Support the integration of SAP/Non SAP systems (e.g. SuccessFactors, SAP BTP Integration Suite, SAP GRC)
 
Qualifications
The resource will have the following qualifications.  
•            A minimum of 10+ years hands-on experience in large project/program management with Government jurisdictions and or large private sector organizations
•            Extensive experience (i.e., at least two end to end implementations) in SAP S/4 HANA implementation, and extensive expertise and experience (10+ years) with the at least some of the SAP S/4HANA modules: SAP Finance, Controlling, Asset Accounting, Production Planning, Logistics, Funds Management, Sales and Distribution, Warehouse Management, Project Systems, Materials Management, Budgeting, Business Planning and Consolidation, Grants Management, Public Budget Formulation, Anaplan. 
•            Demonstrated hands-on experience with;
o SAP GRC Access Control 12.0 (ARM, EAM, ARA), including Financial Segregation of Duties (SoD) analysis, rulesets, and access provisioning
o            SAP GRC MSMP workflows and BRF+ decision tables supporting access request, approval, and provisioning processes
o            SAP S/4HANA security and authorization concepts, including role-based access control aligned to organizational structure Role design for SAP S/4HANA (Fiori and backend), including enforcement of Financial SoD controls
o            SAP Identity Management and SAP Cloud Identity Services
(IAS/IPS), including integration with SAP BTP services o SAP BTP Integration Suite and SAP Datasphere security concepts and integrations
o            SAP ECC and SAP BW security
o            Authorization concepts and tools including SU24, PFCG, and authorization objects
o            Single    Sign-On               (SSO)     concepts,            including               SAML-based authentication
o            SAP security reviews and audits (internal and external), including compliance gap remediation and adherence to internal controls
o            SAP security operations, including authorization troubleshooting, UAT/Integration Testing support, and Change Management alignment
•            Possess SAP certification in any of the following; o SAP Certified Technology Associate – SAP System Security o SAP GRC certification
o            SAP Identity Management / Cloud Identity certification o CISSP, CISA (nice to have)
•            Strong knowledge of test methodologies, to support the preparation and execution of testing. 
•            Highly developed interpersonal skills including written and oral with demonstrated ability to interact and communicate effectively with all levels of the organization and provide effective knowledge transfer as required.
•            Ability to work independently under minimum supervision and to plan and execute tasks. 
•            Proficiency and excellent working knowledge of SAP S/4Proficient in the use of Microsoft Office Applications (e.g. Word, Excel, Power Point and MS Project) and other computer-based systems and databases as they relate to financial analysis. 
 
 4.0        Deliverables
The resource will produce the following deliverables.
 
•            Security assessment documentation of the current role design, including review of enabler roles and recommendations for promotion or alignment at the organizational level
•            Updates to role naming standards and conventions
•            Key decision documents capturing security, role design, and GRC-related decisions
•            Updates to SAP Security and SAP GRC documentation, including configuration and operating procedures
•            Updates to Segregation of Duties (SoD) rules within SAP GRC
•            Configuration documentation for SAP GRC, including ARM-related workflows
•            Documentation and configuration artefacts supporting ServiceNow integration with SAP GRC Access Control (ARM) for automated access request and workflow creation, developed in collaboration with integration teams
•            Updates to role catalogues and role-to-business mapping documentation
•            Updates to training materials and user guidance related to SAP security and GRC processes
•            Knowledge transfer (KT) documentation to support transition to sustainment and operational support resources
•            Additional detailed deliverables to be defined, reviewed, and agreed upon during onboarding sessions