Job Description

Title: SAP Security Engineer (GRC & S/4HANA)

Location:  Detroit, MI - Local - In office (Tue, Wed, Thu)

Assignment: 12 months then eligible for Contract renewal

Note: NERC Background check will be Required

Job Summary:
We are seeking a highly skilled SAP Security Engineer to support and secure SAP environments essential to utility operations. This role will focus on implementing and maintaining security across ERP, CRM, ISU, and Fiori platforms, while ensuring compliance with SOX and utility-specific regulations like NERC/CIP.

The ideal candidate will possess a deep understanding of SAP security leading practices, role administration, authorization concepts, and audit readiness. This individual will also play a key role in system upgrades, user access reviews, remediation activities, and performance monitoring to ensure a secure and compliant landscape.

Key Responsibilities:

• Provide user and role administration across multiple SAP ERP and CRM modules, including IS-U and Fiori.
• Lead SAP GRC Access Control activities including role design, provisioning workflows, Segregation of Duties (SoD) analysis, mitigation controls, and audit support across ECC and S/4HANA environments.
• Design, build, and maintain SAP security roles in S/4HANA using PFCG, SU24, and Fiori catalogs/groups, ensuring compliance with SOX and internal control standards.
• Partner with business and IT stakeholders to translate process requirements into compliant security designs, leveraging SAP GRC rulesets, risk analysis, and control frameworks.
• Support S/4HANA security architecture by ensuring proper authorization concepts, HANA-specific considerations, and secure access for both classic and Fiori-based applications.
• Assist in the building and modification of SAP security roles to support business requirements and ensure clean role design.
• Troubleshoot and fix production security authorization issues, including missing roles, authorization failures, and access conflicts.
• Assess business role requirements and enable authorizations in accordance with business and compliance specifications.
• Assist in the development and execution of security processes and techniques that enforce compliance with organizational policies and industry standards.
• Implement SAP leading practices for system security, including access control, system hardening, audit log monitoring, incident handling, and policy enforcement.
• Create and/or remediate control gaps to support SOX compliance and utility-specific audit requirements.
• Assist with the creation of effective remediation solutions and/or exception documentation when applicable.
• Assist with the successful completion of periodic user access reviews, ensuring all user access is current, justified, and appropriately approved.
• Perform system monitoring activities for security performance, health metrics, and compliance control validations.
• Support SAP upgrade and system refresh activities, ensuring role consistency, regression testing, and minimal disruption during changes.
• Navigate SAP tables (e.g., AGR_1251, USR02, etc.) and pull data for audits, reporting, and review processes.
• Collaborate with internal controls, audit, and compliance teams to ensure security operations align with regulatory requirements.
• Stay abreast of the latest SAP technologies and innovations, especially those related to S/4HANA, Fiori, and Identity Access Governance (IAG).
• Support and maintain Segregation of Duties (SoD) compliance, including conflict detection, remediation, and documentation.Minimum Qualifications:
• Bachelor’s degree in Information Technology, Computer Science, Business, or a related field.
• A minimum of 3 years of experience with SAP ERP and CRM security authorization concepts, including IS-U.
• Strong understanding of SAP role design, authorization concepts, and SoD conflict resolution.
• Experience working in complex SAP environments with multiple clients and landscapes.
• Solid understanding of SoD conflict resolution and compliance with audit frameworks (e.g., SOX, NERC/CIP).
• Proven ability to extract and interpret data from SAP tables for audit, controls, and troubleshooting.
• Hands-on experience with Fiori security design and configuration.
• A proven ability to work effectively under pressure, manage multiple tasks, and meet tight deadlines.

• Experience with SAP GRC Access Control or Identity and Access Governance (IAG).
• Knowledge of SAP ISU/CRM and S/4HANA security models.
• Exposure to SAP HANA database security and user provisioning.
• Familiarity with LDAP, Active Directory, and other authentication mechanisms.
• Project coordination or light project management experience.

• Strong analytical and problem-solving skills.
• Excellent written and verbal communication skills.
• Ability to work both independently and as part of a collaborative team.
• High attention to detail and commitment to quality and compliance.