SAP COE Senior Security -GRC Admin

Fresenius Medical Care

full-time

Required skills

compliance
end-to-end
key performance indicators
Root Cause Analysis
SAP
SOX

About the role

Fresenius Medical Care

Website: freseniusmedicalcare.com
Job details:
The SAP S/4HANA Security & GRC Administrator is responsible for ensuring secure, compliant, and efficient access management across the SAP S/4HANA landscape within a sustain operations environment. The role manages user access, roles, authorizations, and Segregation of Duties (SoD) controls while maintaining compliance with internal policies, audit requirements, and regulatory standards through platforms such as SAP GRC Access Control and SAP Cloud Identity Access Governance. Acting as a subject matter expert for SAP Security and access governance, the position supports steady-state operations, change and release management, and continuous improvement initiatives to ensure business continuity and strong control effectiveness.

Goal of function:

Tasks*

Main tasks:
SAP Security Administration (S/4HANA Sustain)
Manage end-to-end user lifecycle: provisioning, modification, and deprovisioning across S/4HANA and connected systems.
Design, maintain, and optimize SAP roles and authorization concepts aligned with business processes and segregation of duties (SoD) principles.
Perform role remediation and authorization troubleshooting for business users and support teams.
Support transports related to security roles and authorization objects across environments (DEV, QA, PRD).
Ensure security configuration stability and support during patching, upgrades, and release cycles.
SAP GRC & Compliance Management
Administer SAP GRC Access Control (AC), including:
Access Risk Analysis (ARA)
Emergency Access Management (Firefighter)
Access Request Management (ARM)
Monitor and manage SoD conflicts and mitigation controls.
Support internal and external audits by providing access reports, evidence, and remediation plans.
Maintain compliance with SOX, GDPR, and internal IT controls.
SAP IAG (Cloud Identity Access Governance)
Configure and maintain IAG for cloud and hybrid access governance.
Integrate IAG with S/4HANA, Ariba, IBP, SAC, and BTP.
Maintain cloud SoD rulesets and risk libraries.
Automate cloud access provisioning workflows and approvals.
Operational Support & Incident Management
Act as L3/L4 support for SAP Security and GRC-related incidents and problems.
Investigate security-related issues and access failures impacting business processes.
Perform root cause analysis and implement preventive controls.
Participate in on-call or hyper care support as required during critical periods.
Change, Release & Continuous Improvement
Participate in release management cycles to ensure security readiness for new functionality.
Review functional changes for security and SoD impact.
Propose and implement automation and simplification of access processes where possible.
Maintain security documentation, role catalogues, and operating procedures.
Stakeholder & Vendor Collaboration
Work closely with Functional Leads, Basis, Infrastructure, and Compliance teams.
Coordinate with external partners (e.g., Accenture or AMS vendors) for aligned security operations.
Act as trusted advisor on SAP Security and GRC topics for business and IT stakeholders.
Stakeholder Engagement
Work closely with Functional Leads, Basis, Infrastructure, and Compliance teams.
Coordinate with external partners (e.g., Accenture or AMS vendors) for aligned security operations.
Act as trusted advisor on SAP Security and GRC topics for business and IT stakeholders.
Miscellaneous tasks:

As and when needed

Organization*

The function incumbent reports to:

Organizational unit:

GBS-ITS Integration lead

GBS ITS

Important internal interfaces:

Important external interfaces:

Please list cooperation with important departments, sites, subsidiaries etc.SAP COE workstreams

PMO
Global/Regional Business Process Owners
Integration Teams
Release Management teams
Senior Leadership / Executive Steering Committees

Please list cooperation with important external companies, agencies, authorities etc.

External communications agencies
Consulting partners
Technology vendors

Key Performance Indicators

Operational KPIs

% of access requests delivered within SLA.
Number of security-related incidents per month.
Mean Time to Resolve (MTTR) for security issues.
% of successful first-time-right role assignments.

Compliance KPIs

Number of unresolved SoD conflicts.
Audit findings related to access and controls (target: zero critical findings).
Firefighter usage compliance (100% review and approval rate).
% of completed periodic user access reviews on time.

Quality & Improvement KPIs

Reduction in manual access provisioning through automation.
Documentation accuracy and process adherence.
Continuous improvement initiatives delivered per quarter

Click on Apply to know more.

This page is fully interactive when JavaScript is enabled. Please enable JavaScript to apply or browse related roles.