SAP Security​/GRC Senior Consultant

About the Company and Team

We are a growing, high‑growth organization of 300,000 employees, looking for talent to join our entrepreneurial environment. Our Digital Platforms Practice helps some of the largest global firms and brands deliver value and business transformation enabled by digital ERP solutions and services. We cover strategy, implementation and innovation to help clients achieve their transformation agenda.

As a SAP Security/GRC Consultant, you will work closely with diverse clients to assess their SAP security risks, design and implement tailored SAP Security and Governance, Risk & Compliance (GRC) solutions, and drive successful project delivery. You will act as a trusted advisor, helping clients align SAP security frameworks with business objectives and compliance mandates.

• Lead SAP Security and GRC assessment, design, and implementation projects for clients across industries.
• Conduct client workshops and requirements gathering sessions to understand business and security needs.
• Design and configure SAP security roles, authorizations, and GRC Access Control components (Access Risk Analysis, Emergency Access Management, Access Request Management).
• Develop and enforce Segregation of Duties (SoD) policies to mitigate risks and ensure compliance.
• Deliver SAP Security and GRC gap analysis, risk assessments, and remediation plans.
• Support clients during audits by preparing documentation, reports, and facilitating access reviews.
• Provide strategic advice on SAP security best practices, compliance frameworks (SOX, GDPR, HIPAA, etc.), and process improvements.
• Collaborate with cross‑functional teams including Basis, functional consultants, and IT auditors to implement secure SAP landscapes.
• Conduct end‑user training sessions and knowledge transfer workshops.
• Stay abreast of SAP security trends, new releases, and regulatory changes to provide proactive consulting.

5‑8 years of consulting experience is necessary, with 3+ years of SAP Security and GRC consulting across multiple end‑to‑end implementations. Hands‑on expertise with SAP ECC and/or S/4

HANA Security, and strong experience configuring SAP GRC Access Control modules are required. Excellent client‑facilitating communication skills are essential, as is a proven track record of managing multiple engagements and delivering quality results on time.

• Strong knowledge of Sarbanes‑Oxley (SOX), Business Process controls, IT General Controls and IT governance.
• Deep understanding and practical experience in Analysis and Design/Re‑Design of Business process and IT General controls in SAP and Non‑SAP landscape.
• Strong analytical skills and a deep understanding of the overall context of underlying business processes and technologies.
• Understanding the purpose, procedures and ways of work of internal/external audits.
• Ability to support audits and provide the right information & data, mitigating or solving identified deficiencies and gaps.

• Ability to retrieve, analyze and report/present data from various sources.
• Understanding of data structures, sources, flow and integration across infrastructure platforms, functional domains, and application landscapes/service.
• Up‑to‑date understanding of concepts & integration of cloud services, and multi‑cloud environments.

• Experience with ERP systems (SAP & Non‑SAP), operating systems, databases and financial applications.
• Identity and Access Management solutions such as Splunk, Qualys, Tripwire, and authorization & SoD tools.
• Analytics & reporting in the area of ITGC/GRC.
• IT Service Management Tools (Snow, BMC, JIRA, etc.).
• Experience with SAP Identity Management (IdM).
• Knowledge of cloud‑based SAP security and hybrid environments.
• Experience working in Agile/Scrum environments.
• Experience in global delivery and working with offshore resources.
• Project‑related mobility/willingness to travel.
• Qualifications:
  
  Bachelor’s degree in Computer Science, Information Technology, or related field.
• More than 7 years of experience in Financial / IT compliance, risk management, IT audit and/or IT controls; strong audit firm experience is a plus.
• SAP Security or GRC certifications are a plus (e.g., SAP Certified Technology Associate – SAP Access Control).

We offer industry‑leading compensation and benefits, along with top training and development opportunities to help you grow your career and achieve your personal goals. Infosys Consulting is a globally renowned management consulting firm known for its inclusive, entrepreneurial culture and strong values of Inclusion, Equity, Diversity, Leadership, Integrity, Fairness, and Excellence. Learn more by visiting our careers page.