ERP Security Team Lead

Position Overview:

The ERP Security Team Lead is responsible for managing and overseeing the design, implementation, and governance of security strategies across the organization's enterprise resource planning (ERP) systems. This role ensures that user access, role design, segregation of duties, and compliance requirements are effectively enforced to protect sensitive business data and support regulatory and audit standards. The individual will supervise a team of security analysts and work closely with IT, internal audit, and business process owners to define access controls, maintain system integrity, and manage risk across the ERP landscape.

Key Responsibilities:

• Define and enforce the SAP security architecture and governance model.
• Align security policies with organizational and compliance requirements (e.g. SOX, GDPR, FDA).
• Collaborate with audit and compliance teams to support internal and external audits.
• Oversee design, implementation, and maintenance of role-based access controls (RBAC) using SAP standard and custom roles.
• Ensure proper segregation of duties (SoD) and mitigate SoD risks using tools like SAP GRC Access Control.
• Oversee full lifecycle of SAP GRC Access Control components
• Monitor security parameters in S/4HANA, SAP Gateway, SAP Fiori Front-End Server, and HANA DB.
• Implement and maintain security patches in coordination with BASIS and Infrastructure teams.
• Work closely with SAP functional and technical teams to ensure secure design of roles and access during projects.
• Participate in S/4HANA implementations, migrations, and upgrades as the security lead.
• Use SAP GRC to manage risk analysis, firefighter access, and compliance reporting.
• Ensure compliance with standard global security frameworks.
• Coordinate with cybersecurity and SOC teams to respond to SAP-related threats or vulnerabilities.
• Maintain documentation of security architecture, role design, policies, and procedures.

Skills:

• Deep understanding of role-based access control (RBAC), authorization objects, authorization concepts in S/4HANA, Fiori Launchpad security, CDS views, and HANA DB security.
• Expertise in Access Risk Analysis (ARA), Access Request Management (ARM), Emergency Access Management (EAM), Business Role Management (BRM), and SoD rule configuration.
• Proficiency with SAP Solution Manager, SAP Identity Management (IDM), SAP Access Control, and SAP Fiori security administration.
• Design, implementation, and maintenance of roles, profiles, and authorizations, including SoD conflict analysis and mitigation.
• Experience integrating SAP security with enterprise IAM solutions (e.g., Active Directory, Azure AD, SAML, Single Sign-On).
• Ability to apply SAP Security Notes and patches effectively.
• Knowledge of regulatory frameworks like SOX, GDPR, ISO 27001, and ITGC controls relevant SAP environments.
• Experience securing SAP NetWeaver, Gateway, Fiori Frontend Server, and HANA database.
• Coordinating security tasks in SAP implementation, upgrade, and migration projects, following SAP Activate or other methodologies.
• Managing SAP security