SAP Security Engineer

Technology

• Designing access roles for the SAP S4H environments across multiple domain such as finance, supply, procurement, engineering etc.
• Implement best practices in the area of Role build, testing and transport.
• Define Role Transport strategy for a highly complex multi-tier environments with separate Sustain and Project Tier.
• Propose security best practices for Solutions built on SAP BTP.
• Review and share access controls, authentication protocols for 3rd party apps integrations.
• Define SOD Risks and mitigation controls by collaborating with process experts, GRC Teams.
• Provide input to GRC technical teams to update SoD risk matrix with new transaction codes/Fiori apps etc.
• Review custom code, and propose the authorization check to ensure the Organization level controls can be implemented via roles.
• Review and update authorization defaults for transactions, Fiori apps, Web-dynpros etc.
• Experience of defining audit controls, engage with auditors to drive internal and external audit evidence gathering.
• Assist in design, document and continually enhance SAP security administration policies, processes, and procedures for the SAP environment.
• Support the project teams on SAP Transports using during major releases, dual maintenance/retrofit and object conflict issue resolution
• Update and maintain procedure documentation, present to larger team.
• Propose technical governance (standards, best practices, etc.), document and present to Larger team.

Business

• Engage with the Business Process Owners, Product Owners, and internal stakeholders to capture access control requirements.
• Work closely with Business analysts, Org Governance Teams and SMEs
• Liaise with CyberSecurity Teams, Internal/External Audit and Internal Risk & controls teams.
• Work closely with Project managers, define Access controls Design, Build, Test Plans identify risks to the projects.
• Work with internal Training team, deployment teams closely on content development, delivery and communications.

External Presence

• Participate in technical forums and other appropriate events

Essential qualifications

• Bachelor¹s or Master's degree in Information Science, Computer Science or related field
• 10 to 12 years of SAP Security Experience
• Minimum 2 S4H Greenfield, Brownfield implementation Experience
• Experience of working on complex SAP rollout projects
• Excellent communication, verbal, presentation and written skills

Key competencies in SAP Security

• Expertise in application security S4H, Fiori, HANA, SAP BTP with deep understanding of authentication, user provisioning, role design management.
• Experience of Master - derived, Value - Enabler technical roles with inclusion of tcodes, Hana views, Fiori Apps etc.
• Expertise in Fiori role build, especially Pages, Spaces, Catalogue, Groups, apps etc.
• Understanding of OData V2, V4 services, API Security, and troubleshooting complex Fiori and Hana access issues.
• Exposure to BTP role build in Abap Environment, HANA Cloud (XSA apps), IAS, IPS, Audit logging, Credential store services etc.
• Business process understanding on Core Domains like Supply, logistics, procurement, Trade Controls and Master Data Governance.
• Possess experience reviewing custom transactions, updates authorization defaults, with good understanding of authorization objects across domains, including sensitive admin transaction codes.
• Experience of developing attribute-based access provisioning designs, with exposure to provisioning tool IDM, Saviynt.

Other skills and abilities

• Ability to work in global distributed setting without supervision.
• Self-driven, Proactive, Out -Of -Box Thinker
• Flexible and reliable- displaying great ownership in all aspects.
• Open to travel abroad and in India