Roles & GRC Access Control Manager

Role Title: Roles & GRC Access Control ManagerLocation: Remote – travel for workshops in the UK on adhoc basis once a month

Contract duration: 6 months

Deloitte: Working with the Deloitte Associate (Contractor) Programme means we can offer you the opportunity to work on a variation of industry and client related projects. Our aim is to retain the best talent and so when your project end date nears our team of Talent Community Advisors will be working with you to look at alternative projects within the firm that suit your experience should you wish to continue with Deloitte.

About the project: We are seeking an experienced Manager (with UKSecurity Clearance) to join our Controls Advisory team. You will support variety of SAP Security Operations and Governance, Risk and Compliance (GRC) initiates for a Government and public sector client. You will have experience with SAP Security architecture and implementation, SAP GRC solutions (Access Control, Identity Access Governance) and experience of complex SAP implementations and security risk assessments. The programme objective is to create a new shared service operation for HR, finance, and procurement, providing services to 3 public sector departments, operating from a single technology platform. Reporting to the Associate Director of Tech and Transformation, you will design, implement and re-design security roles, manage the Identity and Access Governance for cross-platform ecosystems while maintaining secure and compliant SAP environments. You will demonstrate your capabilities in the following areas:

• Implement the SAP security and GRC strategy, policies, and procedures to protect the integrity and confidentiality of enterprise system.
• Lead and manage the design, build and testing of SAP security and access controls.
• Oversee SAP Security during implementation ensuring compliance embedding audit and regulatory requirements.
• Lead the design, configuration, implementation and testing of SAP GRC modules including Access Control (AC) and Identity Access Governance (IAG).
• Understand and enforce the access policy requirements for user and role/authorisation management ensuring least access principle is applied leveraging the segregation of duties (SoD) principles.
• Lead GRC activities such as user access review and segregation of duties (SoD) analysis.
• Work with internal and client stakeholders including like technical, internal/external auditors and business process teams to ensure secure integrated solution.
• Conduct risk assessments to identify and mitigate potential SAP security risks across all modules, including S/4HANA, and Fiori and other sap applications.
• Strong understanding of IT Controls for S/4 HANA and other relevant SAP application suite
• Understanding of Risk rulesets and compliance aspects such as “segregation of duties”, sensitive access, mitigation controls.

Essential Skills & Experience:

Must be eligible and willing to obtain UK Government Security Clearance.

Extensive experience in SAP implementations, especially security role design, GRC Access Control, Identity Access Governance (IAG), user management and authorization configuration.

Experience in integrating SAP IAG with GRC Access Control including Business Technology Platform (BTP) integration and security design.

Proficiency in SAP Security for applications such as ECC, S/4HANA, Fiori, and SAP cloud applications.

Deep knowledge and hands-on experience of SAP authorisation concepts, user roles, profiles and SAP security best practices.

Understand the segregation of duties requirements and embed in the security role design.

Excellent project management skills and strong organizational skills with the ability to lead the delivery, manage multiple priorities, drive deadlines and lead the team effectively.

Consulting/advisory skills – have excellent communication, collaboration, interpersonal, and presentation skills. Able to present recommendations, ideas or solutions to stakeholders.

Stakeholder Management – Foster positive relationships in collaborating with the client and project team to understand business requirements and translate into technical solutions.

Support and guide the team in delivering high quality documentation.

Strong analytical, problem-solving, and communication skills in explaining technical concepts to non-technical stakeholders.

Desired Skills & Experience

Professional certification such as SAP Certified Technology Professional, SAP Access Control 12.0, CISSP, CISM, or other relevant security certifications.

Understanding of Business Process Controls for S/4 HANA and other SAP applications

Knowledge and application of regulatory requirements such as SoX, GDPR etc.

Deliverables – responsibilities but not limited to;

Workshop planning and execution to capture detailed required for SAP IAG.

Workshop planning and execution to capture detailed requirement for role design for S/4 HANA, BW/4HANA, SAC, BTP, IAG, Employee Central Payroll (ECP)

IAG configuration/build, test and deploy

S/4 HANA, SAC, BW/4HANA, BTP, IAG, ECP Security design, build and implementation

IAG ruleset design and build and deployed

Implementation of Position based access provisioning

Role remediation for SoD/SA risk

Produce SAP IAG configuration document.

Produce detailed role design matrix for S/4 HANA, BW/4HANA, SAC, BTP, IAG, Employee Central Payroll (ECP)

IR35

As a means of managing tax, commercial and reputational risks, Deloitte prohibits the use of Associates through Personal Service Companies (‘PSCs’). All Associates must contract under PAYE arrangements through a Deloitte approved ‘Employment Company’ (aka ‘umbrella company.’)