SAP S/HANA Security & GRC Analyst
Listed on 2026-07-10
-
IT/Tech
SAP Consultant, Cybersecurity
Job #: 3041107
Hybrid On-Site Dearborn, MI (4 Days On-Site)
12+ Month Contract
Position DescriptionWe are seeking an experienced SAP Security professional to design, develop, implement, and support SAP S/4
HANA Security and SAP GRC environments. This role will be responsible for security administration, role design, governance, risk and compliance functions, production support, and ongoing security enhancements across the SAP landscape.
- Design, develop, and implement SAP S/4
HANA Fiori Security Roles across multiple functional areas, including:- Sales & Distribution (SD)
- Materials Management (MM)
- Finance (FI)
- General Ledger (GL)
- Accounts Receivable (AR)
- Accounts Payable (AP)
- Asset Accounting (AA)
- Support SAP Security role administration, including:
- Configuration of new authorization objects
- Master and Derived Roles
- Single and Composite Roles
- Troubleshoot authorization and security issues using:
- STAUTHTRACE
- STUSERTRACE
- SU53
- ST01
- Implement and support SAP GRC (Governance, Risk & Compliance) Access Control 12.0 modules, including:
- Access Risk Analysis (ARA)
- Access Request Management (ARM)
- Emergency Access Management (EAM)
- Business Role Management (BRM)
- Administer SAP GRC configurations, including:
- Rule sets
- Workflows
- Approver assignments
- User provisioning
- Emergency access
- Access recertification
- Maintain GRC master data and perform:
- Risk analysis
- Audit support activities
- Compliance support activities
- Build and maintain MSMP workflows and configure GRC notifications.
- Develop and maintain rulesets, including:
- Creating custom functions and risks
- Enhancing existing rulesets based on business requirements
- Plan and execute SAP GRC upgrade activities.
- Configure and support synchronization jobs, including:
- Repository Sync
- Authorization Sync
- Firefighter Log Sync
- Action Usage Sync
- Troubleshoot day‑to‑day access request issues through audit log analysis.
- Collaborate closely with the Application Security team to support all SAP security-related initiatives.
- Provide production support, including participation in a periodic 24x7 on‑call support rotation.
- SAP HANA
- Minimum of 7 years of SAP Security experience.
- At least two full lifecycle SAP implementations.
- Experience implementing Fiori Roles for SAP S/4
HANA functional areas including:- SD
- MM
- FI (GL, AP, AR, AA)
- Experience designing, developing, and testing SAP S/4
HANA Security Fiori Roles utilizing Pages & Spaces. - Experience performing security checks across SAP S/4
HANA backend systems and Fiori frontend applications, including:- OData service authorization configuration
- End‑user authorization management
- Experience configuring and supporting SAP GRC modules, including:
- Access Control
- Process Control
- Experience troubleshooting workflow issues related to SAP GRC User Provisioning.
- SAP Business Technology Platform (BTP) Security
- SAP Identity Access Governance (IAG)
- Bachelor's Degree
- Hybrid work environment with 4 days per week onsite.
- Participation in a periodic 24x7 on‑call support rotation is required.
- Must be comfortable supporting production environments and responding to critical security incidents as needed.
Apex Systems is an equal opportunity employer. We do not discriminate or allow discrimination on the basis of race, color, religion, creed, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), age, sexual orientation, gender identity, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, disability, status as a crime victim, protected veteran status, political affiliation, union membership, or any other characteristic protected by law.
Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).