SAP GRC

Job Description

The SAP GRC Expert is responsible for leading the implementation, operation, and optimization of SAP Governance, Risk, and Compliance (GRC) solutions across enterprise environments. The role includes delivery of SAP GRC Access Control (ARA, ARM, BRM, EAM), ensuring effective segregation of duties (SoD), role governance, and secure access provisioning across SAP and non-SAP landscapes.

The manager will work closely with audit, compliance, security, and SAP functional teams to define governance models, resolve access violations, and maintain regulatory compliance. Experience with S/4HANA integration, compliance frameworks (SOX, GDPR), and SAP GRC upgrades is expected.

Key Responsibilities

• Lead SAP GRC Access Control implementation, configuration, and support
• Define and maintain SoD rules, risk mitigation strategies, and audit workflows
• Manage GRC modules including Access Risk Analysis, Access Request Management, Business Role Management, and Emergency Access Management
• Design and optimize user provisioning workflows, approval stages, and escalation paths
• Collaborate with security and audit teams to align GRC with compliance policies
• Configure integration with SAP systems (ECC, S/4HANA) and Active Directory or Identity Providers
• Define technical roles, business roles, and role derivation strategy
• Support GRC reporting, controls testing, and audit documentation
• Oversee upgrades, performance tuning, and GRC connector configurations
• Deliver training to compliance officers, end users, and security administrators
  
  

Required Qualifications & Skills

Education & Certifications:

• Bachelor’s degree in Information Security, Information Systems, or related field
• SAP Certified Application Associate – SAP GRC Access Control
• Additional certifications in risk management, audit, or cybersecurity (e.g., CISA, CISM) are preferred
• Project Management certification (PMP or equivalent) is a plus
  
  

Experience

• 5–12 years of SAP Security and GRC experience
• At least 2 years in a managerial or GRC leadership role
• Proven record in full-cycle SAP GRC Access Control implementations
• Experience in managing security for SAP ECC, S/4HANA, and cloud connectors
• Involvement in SOX, GDPR, or ISO 27001-related compliance initiatives
  
  

At DXC Technology, we believe strong connections and community are key to our success. Our work model prioritizes in-person collaboration while offering flexibility to support wellbeing, productivity, individual work styles, and life circumstances. We’re committed to fostering an inclusive environment where everyone can thrive.

Recruitment fraud is a scheme in which fictitious job opportunities are offered to job seekers typically through online services, such as false websites, or through unsolicited emails claiming to be from the company. These emails may request recipients to provide personal information or to make payments as part of their illegitimate recruiting process. DXC does not make offers of employment via social media networks and DXC never asks for any money or payments from applicants at any point in the recruitment process, nor ask a job seeker to purchase IT or other equipment on our behalf. More information on employment scams is available here.