[Hiring] SAP Security/GRC Consultant @Infosys Consulting - Europe

Role Description

As a SAP Security/GRC Consultant, you will work closely with diverse clients to assess their SAP security risks, design and implement tailored SAP Security and Governance, Risk & Compliance (GRC) solutions, and drive successful project delivery. You will act as a trusted advisor, helping clients align SAP security frameworks with business objectives and compliance mandates.

• Lead SAP Security and GRC assessment, design, and implementation projects for clients across industries.
• Conduct client workshops and requirements gathering sessions to understand business and security needs.
• Design and configure SAP security roles, authorizations, and GRC Access Control components (Access Risk Analysis, Emergency Access Management, Access Request Management).
• Develop and enforce Segregation of Duties (SoD) policies to mitigate risks and ensure compliance.
• Deliver SAP Security and GRC gap analysis, risk assessments, and remediation plans.
• Support clients during audits by preparing documentation, reports, and facilitating access reviews.
• Provide strategic advice on SAP security best practices, compliance frameworks (SOX, GDPR, HIPAA, etc.), and process improvements.
• Collaborate with cross-functional teams including Basis, functional consultants, and IT auditors to implement secure SAP landscapes.
• Conduct end-user training sessions and knowledge transfer workshops.
• Stay abreast of SAP security trends, new releases, and regulatory changes to provide proactive consulting.

Qualifications

• At least 5 years of consulting experience is necessary.
• 3+ years of SAP Security and GRC consulting experience with multiple end-to-end implementations.
• Hands-on expertise with SAP ECC and/or S/4HANA Security.
• Strong experience configuring SAP GRC Access Control modules (Access Risk Analysis, Emergency Access Management, Access Request Management).
• Excellent client-facing and communication skills with the ability to explain technical concepts to non-technical stakeholders.
• Proven track record of managing multiple client engagements and delivering quality results on time.

Requirements

• Strong knowledge of Sarbanes-Oxley (SOX), Business Process controls, IT General Controls and IT governance.
• Deep understanding and practical experience Analysis and Design/Re-Design of Business process and IT General controls in SAP and Non-SAP landscape.
• Strong analytical skills and a deep understanding of the overall context of underlying business processes and technologies.
• Understanding the purpose, procedures and ways of work of internal/external audits.
• Ability to support audits and to provide the right information & data, and to mitigate and/or solve identified deficiencies and gaps.
• Ability to retrieve and analyze and report/present data from various sources.
• Understanding of data structures, sources, flow and integration across infrastructure platforms, functional domains, and application landscapes/service.
• Up-to-date understanding of Concepts & Integration of Cloud Services, and multi-cloud environments.
• A variety of ERP systems (SAP & Non-SAP), Operating systems, Databases and financial applications.
• Identity and Access Management solutions and monitoring solutions such as Splunk, Qualys, Tripwire, but also in Authorization & SoD.
• Analytics & reporting in area of ITGC/GRC.
• IT Service Management Tools, Market Leader (SNOW, BMC, JIRA, ..).
• Experience with SAP Identity Management (IdM).
• Knowledge of cloud-based SAP security and hybrid environments.
• Experience working in Agile/Scrum environments.
• Experience in global delivery and working with offshore resources.
• Project-related mobility/willingness to travel.

Qualifications and certifications

• Bachelor’s degree in Computer Science, Information Technology, or related field.
• More than 7 years of experience in Financial / IT compliance, risk management, IT audit and/or IT controls; strong experience in an audit firm (e.g. Big Four).
• SAP Security or GRC certifications are a plus (e.g., SAP Certified Technology Associate – SAP Access Control).