SAP Security and GRC

Tasks and responsibilities

Create and maintain user Roles and Authorization profiles (PFCG).
Maintain users and roles in SAP ECC, CRM, Solution Manager, BI, BOBJ, PI, Enterprise.
Design, implement and maintain appropriate security throughout the SAP landscape.
Troubleshoot SAP security errors efficiently and accurately.
Experience in GRC areas –
c Account Request Management (ARM)
Access Risk Analysis (ARA)
Emergency Access Management (EAM)
IT Risk Management, SOX compliance and/or auditing with a strong background in IT controls
Maintain SAP security policies and documentation.
Liaise with network administrators, systems analysts, and software engineers to assist in resolving security problems with software products or company software systems.
Work with User Information System, creating and changing security policies for users and assigning users to roles.
Secure Tables and Programs by creating custom Transaction codes.
Monitoring the critical transaction codes and ensures that they are assigned to the concerned users only.
Managing user login parameters and password parameters.
Troubleshooting skills using trace, other mechanism required
Experience in CRM UI authorization required
Very strong experience in Security. Need to work with senior security resources from client.

Required skills, abilities, and certifications

Minimum of 7 years of experience with SAP Security across various applicaitons including but not limited to S/4 HANA, ECC, CRM, GRC, BW, MDG, Fiori, PI/PO, eWM, Enterprise Portal, HR portal and Solution Manager
Must have experience in Refresh & Upgrades
Understanding of SAP cloud security
Experience with SOD conflict resolution

Understanding of AD-authenticated Single Sign-On preferred.
CUA knowledge preferred.
Audit and compliance experience in Sarbanes-Oxley / publicly-traded commercial environment preferred.
Creating the Developer Keys for the developers and OSS ID’s for SAP Users from SAP Service Place and extending their Validity for OSS notes
Producing SoD Analytical Reports (both Summary and Detail) against Users, User Groups, Roles and Profiles using RAR.
Mitigation and remediation of users and roles for SOX using User/Role Analysis in RAR.

"