SAP GRC Security

Title: SAP GRC Security Business Analyst (Governance & Advisory)

Location: Connecticut Hybrid

Duration: 6+ months of contract

Position Overview

We are seeking an experienced SAP GRC Security Business Analyst to serve as the primary liaison between business stakeholders and SAP Security technical teams during enterprise SAP security and governance initiatives.

This is not a hands-on configuration role. Instead, we are looking for a subject matter expert who can translate business requirements into SAP Security and GRC solutions, provide architectural guidance, oversee technical delivery, and validate that security controls are implemented correctly.

The ideal candidate will possess a strong blend of SAP Security, SAP GRC, governance, risk management, and stakeholder management experience. This individual will work closely with business leaders, internal security teams, auditors, and SAP technical resources to ensure secure, compliant, and scalable access control solutions.

Key Responsibilities

Partner with business stakeholders to understand access, compliance, governance, and risk management requirements.

Translate business requirements into SAP Security and GRC design specifications.

Define and document authorization concepts, role design strategies, and access governance frameworks.

Provide architectural guidance and direction to SAP Security technical teams responsible for configuration and implementation.

Review, validate, and approve security designs, role structures, and access control solutions delivered by technical teams.

Act as the primary bridge between business stakeholders and SAP Security technical resources.

Ensure SAP Security and GRC solutions align with business objectives, compliance requirements, and security best practices.

Lead discussions related to Segregation of Duties (SoD), access risks, mitigation controls, and governance processes.

Review and assess SAP GRC Access Control processes including Access Risk Analysis, Access Request Management, Emergency Access Management, and Business Role Management.

Collaborate with internal audit, compliance, and risk teams to address security and access control requirements.

Facilitate workshops, requirements gathering sessions, and stakeholder meetings.

Document requirements, recommendations, findings, and governance decisions.

Validate delivered solutions and hold technical teams accountable for meeting business and security requirements.

Provide recommendations for process improvements, risk reduction, and access governance maturity.

Required Qualifications

8+ years of meaningful SAP Security and SAP GRC experience.

Strong expertise in SAP GRC Access Control.

Deep understanding of Segregation of Duties (SoD) concepts, risk analysis, and mitigation strategies.

Experience with SAP role design, authorization concepts, and access governance processes.

Knowledge of SAP ECC security and exposure to S/4HANA security concepts.

Ability to review and assess SAP Security designs and identify gaps or risks.

Experience working directly with business stakeholders and translating requirements into technical solutions.

Strong understanding of governance, compliance, audit, and access management principles.

Excellent verbal and written communication skills.

Proven ability to lead meetings, facilitate discussions, and present recommendations to business and executive stakeholders.

Experience documenting requirements, process flows, and security governance decisions.

Preferred Qualifications

Experience supporting SAP S/4HANA transformation or migration programs.

Prior experience serving as an SAP Security SME, Governance Lead, Security Architect, or Business Analyst.

Experience working with internal audit and compliance teams.

Knowledge of SAP Fiori security concepts.

SAP GRC certification preferred.