SAP Security GRC with BTP

Must Haves:

• SAP Security experience
• Hands-on technical experience
• Ability to support day-to-day security operations

Must-Haves

• Someone who knows about some cybersecurity would be nice as well not just configuration of grc.
• Will need to be able to understand vulnerabilities and drive them to resolution encryption, sso, auth types etc
• BTP along with Hana experience as well
• SAP Security experience
• Hands-on technical experience (not just oversight or governance)
• Ability to support day-to-day security operations

Nice-to-Haves

• Experience with GRC (Governance, Risk, and Compliance), including application configuration, process and access control; continuous control monitoring is a plus!
• Experience working alongside:
• Development teams
• BASIS/infrastructure teams
• Broader exposure to enterprise SAP environments

Key Notes

• Less detail provided compared to other roles.
• Same core theme applies:
• Need hands-on doers, not just leadership profiles.

Cross-Role Themes (Applies to ALL 3)

• Must be:
• Hands-on
• Actively doing day-to-day technical work
• Avoid:
• Pure managers / leaders
• Candidates too far removed from execution
• Strong preference for:
• Consulting backgrounds
• Candidates with real project experience

Job Nice to Haves:

• Experience working alongside development teams
• Experience working alongside BASIS/infrastructure teams
• Broader exposure to enterprise SAP environments

About the Position / Current Initiatives: New project on the team. Legacy SAP environment with significant upgrades needed within the next 2 years. His team functions as the Basis team handling systems administration, infrastructure as code, testing & automation, release management, and SAP analytics/reporting.

About the Team Structure + Culture: Team includes 4 resources. Significant overlap with broader BNSF teams. Emphasis on cross-functional overlap (Basis, Security, Reporting, Release Management).

Manager Likes/Dislikes:

• Must be hands-on
• Avoid pure managers/leaders
• Strong preference for consulting backgrounds and candidates with real project experience

Qualifying/Screening Questions:

• Can you describe your hands-on experience with SAP Security?
• How have you supported day-to-day security operations in previous roles?
• Have you worked alongside development and BASIS teams? If so, how?
• What is your experience with enterprise SAP environments?
• How do you ensure compliance with SAP security standards and data protection policies?