SAP Security & GRC Consultant

Job Title: SAP Security & GRC Consultant

Experience: 7–10 Years

Location: India

Duration: Immediate – 31st December 2026

Budget: Up to 25 LPA

Industry Preference: Pharmaceuticals (Preferred)

Key Responsibilities

• Design, develop, and maintain SAP roles, profiles, and authorization objects in alignment with business needs and compliance requirements.
• Implement, configure, and support SAP GRC Access Control modules, including:
• Access Request Management (ARM)
• Access Risk Analysis (ARA)
• Emergency Access Management (EAM / Firefighter)
• Business Role Management (BRM)
• Monitor, analyze, and remediate Segregation of Duties (SoD) conflicts; establish preventive controls, mitigation strategies, and reporting dashboards.
• Perform user provisioning, role assignments, and periodic access reviews for SAP
  
  S/4HANA, Fiori, and integrated non‑SAP applications, following least‑privilege principles.
• Support audit and compliance activities, ensuring all documentation, evidence, and responses meet SOX, GxP, and internal audit standards.
• Collaborate with Internal Audit, Quality Assurance (QA), and external auditors to manage access reviews, risk assessments, findings, and remediation plans.
• Partner with Information Security and Infrastructure teams to align SAP security controls with enterprise frameworks such as NIST CSF and ISO 27001.
• Ensure compliance with FDA 21 CFR Part 11 and EU Annex 11 requirements for electronic records and electronic signatures.
• Participate in change management, system upgrades, and deployments, ensuring role integrity and access consistency throughout the change lifecycle.
• Develop and maintain security SOPs, access matrices, role design documents, and GRC dashboards to provide leadership visibility.
• Drive continuous improvement initiatives in SAP security by leveraging automation, monitoring tools, and best practices to reduce manual effort and strengthen controls.

• 7–10 years of hands-on experience in SAP Security and SAP GRC Access Control administration.
• Strong expertise in SAP S/4HANA security design, including Fiori authorizations and OData services.
• Proven experience integrating SAP security with non-SAP applications.
• Solid understanding of SoD concepts, risk analysis, and mitigation controls.
• Hands-on involvement in audits, compliance reviews, and regulatory environments.
• Knowledge of NIST, ISO 27001, and enterprise security frameworks.
• Experience supporting regulated environments; Pharma / Life Sciences experience is highly preferred.
• Strong documentation, communication, and stakeholder management skills.

Nice to Have

• Exposure to automation tools, scripting, or workflow enhancements in SAP GRC
• Prior experience in global delivery or multi‑country SAP landscapes