×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity IT Consultant IT Business Analyst SAP Consultant

SAP GRC analyst and Security Consultant

Job in Calgary, Alberta, D3J, Canada
Listing for: Torrey Holistics
Full Time position
Listed on 2026-06-12
Job specializations:
  • IT/Tech
    Cybersecurity, IT Consultant, IT Business Analyst, SAP Consultant
Job Description & How to Apply Below
We are looking for a seasoned SAP GRC and Security Consultant to take full ownership of access risk, compliance controls, and identity governance across a complex SAP landscape. This is a hands-on contract engagement based in Calgary — you will not be advising from the sidelines. You'll configure, remediate, govern, and deliver, working directly with business process owners, internal audit, and IT security teams to build a compliant, audit-ready SAP environment.

What you'll doOwn the end-to-end design, configuration, and ongoing governance of SAP GRC Access Control (AC) — including ARA, ARM, EAM, and BRM modules.

Define and maintain the enterprise Segregation of Duties (SoD) ruleset; identify, analyze, and remediate SoD conflicts across SAP ECC and/or S/4

HANA landscapes.

Design and implement role-based access control (RBAC) frameworks — building, testing, and documenting SAP roles and authorization objects aligned to least-privilege principles.

Configure and govern Firefighter (Emergency Access Management) workflows — owner assignments, log reviews, and audit trail reporting.

Lead access certification campaigns and periodic user access reviews (UAR) in collaboration with role owners and business process owners.

Support and drive SAP S/4

HANA security migration and role redesign initiatives where applicable.

Partner with internal audit and compliance teams to prepare evidence packages, remediate findings, and maintain SOX, SOC 2, or equivalent compliance posture.

Integrate SAP GRC with Identity Governance and Administration (IGA) tools — SailPoint, Saviynt, or equivalent — where required.

Develop and maintain GRC governance documentation: rulesets, control matrices, risk registers, and process runbooks.

Mentor junior security analysts and serve as the internal SAP GRC subject matter expert for stakeholder escalations.

What you bring8–10 years of hands-on SAP security and GRC experience — not advisory or project management, but direct configuration and governance ownership.

Deep expertise in SAP GRC Access Control — ARA (Access Risk Analysis), ARM (Access Request Management), EAM (Emergency Access Management), and BRM (Business Role Management).Expert-level knowledge of SAP authorization concepts: authorization objects, profiles, roles (single, composite, derived), SU24, PFCG, and SU53 analysis.

Proven experience designing and remediating SoD rulesets in production SAP environments — not just running SoD reports, but owning the ruleset and driving remediation to closure.

Experience with SAP ECC and/or S/4

HANA security — including Fiori app authorization, business roles, and the S/4 authorization concept changes from ECC.Working knowledge of SOX IT General Controls (ITGCs) as they apply to SAP access and change management — and experience preparing audit evidence.

Strong communication skills — able to translate SAP authorization complexity into plain language for business process owners, auditors, and C-level stakeholders.

Nice to have

Experience with SAP GRC Process Control (PC) for automated control monitoring.

SAP S/4

HANA security migration project experience — role redesign, clean-up, and Fiori authorization model.

Integration experience with IGA platforms:
SailPoint Identity

IQ/Identity Now, Saviynt, or Cyber Ark.

Background in energy, oil and gas, utilities, or financial services — sectors with complex Calgary-market SAP footprints.

SAP Certified Technology Associate — SAP GRC Access Control certification.

Familiarity with SAP BTP (Business Technology Platform) security and identity management.

Experience with SAP Audit Management or integration of GRC with external GRC platforms (Archer, Service Now GRC).Tech stack & tools

SAP GRCGRC AC 12.0, ARA, ARM, EAM, BRM, Process Control, Risk Management

SAP Security

PFCG, SU24, SU53, SUIM, S/4

HANA roles, Fiori authorization, derived roles

Compliance

SOX ITGCs, SoD ruleset design, UAR campaigns, audit evidence, control matrices

IGA integration

SailPoint, Saviynt, Cyber Ark, Azure AD / Entra , LDAPReporting & docs

SAP SUIM, GRC dashboards, risk registers, runbooks, Archer, Service Now GRCPlatforms

SAP ECC 6.0, S/4

HANA 2020/2022, SAP BTP, Fiori Launchpad Why Calgary — why now…
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search