SAP S/4 HANA Security Expert

PRIMARY JOB PURPOSE 

Responsible for delivering design and system configuration for SAP S/4HANA Security, ensuring the implementation of robust access control and authorization frameworks across business units. The candidate is accountable for translating business and compliance requirements into secure role designs, managing user access, Segregation of Duties (SoD) controls, and supporting data migration, testing, audit readiness, and post-go-live activities, while aligning with SAP security best practices and project timelines.

Key Position Accountabilities for SAP Security – S/4HANA

• Being part of the Global IT team and responsible for SAP S/4HANA Security design, ensuring roles and authorization concepts are designed, built, tested, and deployed in alignment with SAP best practices and compliance standards.
• Facilitate and support workstream managers, Solution Architects, and business leads from requirement gathering through solution design, with a strong focus on access control, Segregation of Duties (SoD), and integration across Finance, PM, BRIM and other functional modules.
• Analyse business and audit requirements related to user access, role design, privileged access (FFID), and compliance mandates, ensuring secure and appropriate system access.
• Design and configure SAP security components such as single roles, master roles, derived roles, organizational level restrictions, and user provisioning processes, while coordinating with technical teams for enhancements and automation.
• Responsible for creating and maintaining role design documentation, security specifications, and supporting GRC-related objects including access risk analysis, mitigation controls, and firefighter IDs (FFID) This will be future role assignments.
• Perform user administration activities including user creation, role assignment, troubleshooting authorization issues, and ensuring compliance with security policies.
• Execute and support security lifecycle activities including role build, testing (unit/SIT/UAT), audit validation, migration, cutover, go-live, and hyper care support.
• Support incident management and change requests related to SAP security, ensuring timely resolution and minimal business disruption.
• Strong experience in SAP Fiori Security, including Fiori Launchpad configuration, Catalogs, Groups, and Spaces & Pages.
  • Hands-on experience in managing OData Services activation (SICF & /IWFND/MAINT_SERVICE) and troubleshooting authorization issues.
  • Knowledge of front-end vs back-end role design for Fiori apps and integration with PFCG roles.
  • Experience with Fiori app types (Transactional, Analytical, Fact Sheets) and required authorization objects.
  • Understanding of SAP Gateway architecture and Fiori role mapping.

SELECTION CRITERIA 

Essential:

• Bachelor’s / Master’s degree in Computer Science, Information Technology, Business, or equivalent discipline with minimum 6 to 7 years of experience in SAP Security & GRC across multiple industries.
• Minimum 2 full lifecycle implementations / rollouts and support experience in SAP S/4HANA or SAP ECC projects with a focus on Security and Authorizations.
• Extensive hands-on experience in SAP Security design and configuration, including roles and authorizations (Single, Master, and Derived roles), organizational level restrictions, and user administration.
• Strong experience in SAP GRC Access Control (ARA, ARM, EAM), including SoD risk analysis, mitigation controls, Firefighter ID (FFID) management, and access request workflows.
• Hands-on experience in end-to-end user and role lifecycle management, including role design, build, testing (Unit/SIT/UAT), and production support.
• In-depth understanding of SAP security best practices, compliance frameworks, audit requirements, and segregation of duties (SoD) concepts.
• Experience in S/4HANA environment, Fiori security (catalogs, groups, spaces/pages), and frontend/backend role design.
• Working knowledge of integration with SAP modules such as (FI, MM, BRIM, PM,S2C,R2R, P2P, Basis, etc.for cross-functional security design.
• Experience in handling audits, user access reviews, and compliance reporting.
• Strong analytical, problem-solving, and troubleshooting skills in resolving authorization issues (SU53, ST01, SUIM, etc.).
• Excellent communication skills in English, with the ability to interact with business stakeholders, auditors, and technical teams.
• Self-driven, proactive, and able to manage multiple priorities within tight project timelines.

Desirable:

• SAP S/4HANA Security Certification (preferably S/4HANA 1909 / 2020 / 2021 and above).
  • Strong knowledge of SAP Security in S/4HANA environment including Fiori Security, OData services, and Catalog/Group management.
  • Experience with SAP GRC (Access Control 10.1 / 12.0) – ARA, ARM, EAM (Firefighter), and BRM modules.
  • Expertise in role design and authorization concepts using PFCG, including single/derived/master  roles.
  • Hands-on experience in SU24, SU25, SUIM, AGR tables, and authorization troubleshooting (ST01, SU53).
  • Knowledge of HANA Database security concepts and S/4HANA authorization model simplification.
  Strong experience in SAP Fiori Security, including Fiori Launchpad configuration, Catalogs, Groups, and Spaces & Pages.
  • Hands-on experience in managing OData Services activation (SICF & /IWFND/MAINT_SERVICE) and troubleshooting authorization issues.
  • Knowledge of front-end vs back-end role design for Fiori apps and integration with PFCG roles.
  • Experience with Fiori app types (Transactional, Analytical, Fact Sheets) and required authorization objects.
  • Understanding of SAP Gateway architecture and Fiori role mapping.

WORK ENVIRONMENT FACTORS       

• Office based/Remote with occasional international travel.
• Health and Safety accountability statements.
• Working times are European time zone, however open to be available in APAC/US time zone as well for the need basis.

We are the ASSA ABLOY Group
Our people have made us the global leader in access solutions. In return, we open doors for them wherever they go. With nearly 63,000 colleagues in more than 70 different countries, we help billions of people experience a more open world. Our innovations make all sorts of spaces – physical and virtual – safer, more secure, and easier to access. 

As an employer, we value results – not titles, or backgrounds. We empower our people to build their career around their aspirations and our ambitions – supporting them with regular feedback, training, and development opportunities. Our colleagues think broadly about where they can make the most impact, and we encourage them to grow their role locally, regionally, or even internationally.

As we welcome new people on board, it’s important to us to have diverse, inclusive teams, and we value different perspectives and experiences.