Connecting to LinkedIn...

SAP GRC Security & Controls Specialist

Job Title: SAP GRC Security & Controls Specialist
Location: United Kingdom
REF: 266
Contact Name: Sam Page
Contact Email:
Job Published: about 2 years ago

Job Description

SAP GRC Security & Controls Specialist

Success Profile


Reporting to

Head of Security and Controls Assurance (Corporate Applications)

Division / Function


Base location

Home base with travel into site locations.


£44-66k plus healthcare and a car.


T2 – Leader of Self



Section 1:  Role Context


key purpose

The Security & Controls Specialist will play a critical role in the day-to-day governance of our business systems. He/She will be a focal point in the design, operation and governance of User and Access Management processes, including supporting technologies, and will provide ongoing guidance and monitoring to ensure effective control.

This role will also ensure our policies and processes are world class and embrace the latest technologies and innovations.



reason for role

With a large user base across many businesses and locations, User and Access Management is key to success.  The company has recently invested in strengthening the controls on key business systems like SAP, and this role is needed to ensure that the controls environment is sustained and robust. Addition, organisational transformation now means that most of the SAP team is outsourced and so there are additional assurance requirements to safeguard internal interests.




Section 2:  Organisational Context


Structure and reporting relationship

The Security and Controls Specialist will report to the Head of Security and Controls Assurance (Corporate Applications)








Section 3:  Role Essentials


Based on the specific requirement of the role


Key accountabilities

  • Define, develop and improve security processes and controls to support both internal and external regulations;
  • Design, operate and continuously improve monitoring to ensure compliance with internal security policies and applicable laws and regulations;
  • Maintain the security policies and standards, and ensure adherence to current best practice;
  • Ensuring all SAP and other system changes and developments are compliant with the security policies and take into account potential impact on controls;
  • Identifying and remediating control “gaps” within systems and processes;
  • Regular reporting to senior stakeholders on security, governance and compliance including access risk issues, firefighter usage and mitigating control management
  • Embed a focus on security and controls into “business as usual” processes, as well as implementing and running periodic controls assurance programmes;
  • Monitor compliance with segregation of duty, sensitive access and other security standards in SAP and other critical business systems;
  • Review and approve risk mitigations along with Global Process Owners (GPOs);
  • Work closely with GPOs to ensure integration between business and IT controls;
  • Act as Security & Controls focal point in relevant forums to move forward ongoing controls initiatives within the company, and define/implement new ones;
  • Co-ordinate and liaise with Internal and External Auditors during security audits; and
  • Provide expertise in additional security and controls capability, define requirements for solutions and manage delivery of enhancements.
  • Provide oversight and audit support to ensure that security and controls services performed by outsourced providers are in accordance with internal policies and objectives.
  • Perform forensic investigations as required to support controls environment.

Essential qualifications

  • A degree or equivalent qualification in an IT or engineering field or accounting would be preferable) – relevant experience would also count


Essential technical and professional skills and knowledge

  • A sound knowledge of SAP Security & Control standards and guidelines;
  • Thorough understanding of risk and control concepts, including IT general controls and business controls across key functional areas;
  • Good troubleshooting & analytical skills, with excellent written and oral communication skills at both technical and business levels; and
  • Ability to work with people from different areas of the business and various levels of seniority in order to promote a controls-focused culture throughout the company.

Essential experiences

  • At least 8 years’ experience in ERP Security & Controls, with at least 5 years’ experience in SAP. Experience with other SAP modules will be considered as an advantage;
  • Experience administering and/or using GRC technologies, with specific experience using Security Weaver preferable;
  • Experience conducting audits or assurance programmes around security and controls (preferable)