×
Register Here to Apply for Jobs or Post Jobs. X

SAP Governance & Risk Engineer

Job in Cary, Wake County, North Carolina, 27511, USA
Listing for: Bright Vision Technologies
Full Time position
Listed on 2026-07-18
Job specializations:
  • IT/Tech
    Cybersecurity, SAP Consultant
Salary/Wage Range or Industry Benchmark: 100000 - 150000 USD Yearly USD 100000.00 150000.00 YEAR
Job Description & How to Apply Below

SAP Governance & Risk Engineer

Job Title:

SAP Governance & Risk Engineer

Location:

100% Remote (Continental United States) Position Type:
In-house Bright Vision Technologies SOW engagement (no third-party client or vendor)

Experience:

5+ years Salary Range: $100k to $150k per annum Sponsorship:
No new H1B sponsorship available. H1B transfers welcomed for qualified candidates.

Employment Type:

Full-time, direct W2 with Bright Vision Technologies (no C2C, no 1099, no third-party) Engagement:
Long-term, multi-year, aligned to the Bright Vision SOW delivery roadmap Compensation:
Competitive base salary commensurate with experience, plus benefits.

Job Summary We are seeking an experienced SAP Governance & Risk Engineer to design, implement, and operate security and access-control frameworks for complex SAP landscapes, including S/4

HANA, ECC, BW/4

HANA, Fiori, BTP, and Success Factors. In this role you will be responsible for SAP role design, user provisioning, segregation-of-duties analysis, audit support, and the technical operation of SAP GRC suites. The ideal candidate will combine deep expertise in SAP authorization concepts with strong hands-on experience operating SAP GRC Access Control and Process Control, and will partner closely with audit, compliance, and business teams to deliver a secure, auditable SAP environment.

Key Responsibilities

  • Design and maintain SAP authorization concepts and role structures aligned with business processes and least-privilege principles.
  • Build and maintain master, derived, composite, and business roles for S/4

    HANA, ECC, and Fiori applications.
  • Configure and operate SAP GRC Access Control (ARA, ARM, BRM, EAM), including ruleset management, mitigating controls, and emergency access management.
  • Perform segregation-of-duties analysis and remediation in collaboration with business process owners and internal audit.
  • Configure user provisioning workflows in SAP GRC ARM, including request types, approval paths, and integration with IDM/IAM platforms.
  • Operate SAP GRC Process Control for continuous controls monitoring and policy management.
  • Implement security for Fiori applications, including catalogs, groups, and front-end authorizations.
  • Configure and operate security for SAP BTP and cloud applications using XSUAA, IAS, and IPS.
  • Support SAP audits (SOX, GxP, PCI) and respond to audit findings with documented remediation plans.
  • Implement transport security, table logging, and audit logging in line with internal security policies.
  • Monitor and remediate SAP Security Notes in coordination with Basis and DBA teams.
  • Maintain comprehensive, current technical documentation — including architecture diagrams, design decisions, configuration references, runbooks, and operational procedures — so that the system remains supportable, auditable, and easy to onboard new engineers onto over time.
  • Mentor junior team members and support knowledge transfer across the security team.

Required Qualifications

  • Bachelor's degree in Computer Science, Engineering, or a related technical discipline.
  • Five or more years of SAP Security / GRC experience in enterprise landscapes.
  • Strong hands-on experience with SAP authorization concepts and role design.
  • Deep experience operating SAP GRC Access Control (ARA, ARM, BRM, EAM).
  • Experience supporting SAP audits and remediation activities.
  • Hands-on experience securing Fiori, BTP, and cloud SAP applications.
  • Familiarity with SAP IDM or third-party IGA tooling.
  • Working knowledge of SAP Process Control.
  • Strong understanding of regulatory frameworks such as SOX, GxP, and PCI.
  • Excellent communication and documentation skills.

Preferred Qualifications

  • SAP-certified Security or GRC credentials.
  • Experience with SAP Cloud Identity services (IAS, IPS) and SCIM-based integrations.
  • Familiarity with HANA security and analytic privileges.
  • Experience with continuous controls monitoring frameworks.
  • Exposure to SAP RISE / Grow security operating models.
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary