SAP Security & GRC Analyst

STRATEGIC STAFFING SOLUTIONS HAS AN OPENING!

This is a Contract Opportunity with our company that MUST be worked on a W2 Only. No C2C eligibility for this position. Visa Sponsorship is Available! The details are below.

“Beware of scams. S3 never asks for money during its onboarding process.”

Job Title: SAP Security & GRC Analyst

Contract Length: 6-12 Months

Location: Tampa, FL 33592

Pay: 65-75 an hr on W2

Experience Required: Minimum 5 years of relevant SAP Security & GRC experience

Role Overview

Seeking an SAP Security & GRC Analyst to support its SOX Uplift initiative across the organization’s SAP landscape. This role will focus on implementing a unified GRC ruleset across ERP, IS-U, and BPC systems, addressing EY audit observations, and driving risk remediation, governance alignment, and process standardization.

The analyst will play a key role in enhancing SAP GRC Access Control design, implementing preventive SoD checks, and ensuring full compliance with Emera’s Cybersecurity Framework (CSF) standards and audit requirements.

Key Responsibilities

1. GRC Ruleset Review & Enhancement

• Review and align the SoD ruleset with industry best practices and current audit findings.
• Update permissions for newly introduced T-codes to maintain consistency with the security design.
• Upload and validate the updated ruleset within SAP GRC through comprehensive testing.
• Establish an ongoing governance process for SoD ruleset maintenance and periodic reviews.

1. Risk and Access Remediation

• Conduct a full SoD risk assessment across ERP, IS-U, and BPC systems, prioritizing high-risk areas (e.g., Accounts Payable, Procurement).
• Remediate SoD conflicts at both role and user levels to ensure compliance and minimize inherent risks.
• Validate user access against job responsibilities and remove obsolete or unused T-codes.
• Resolve composite IS-U role conflicts and refine cross-system role designs.

1. Mitigating Controls & Governance

• Define and maintain effective mitigating controls for identified SoD risks.
• Implement structured periodic user-to-role and SoD risk reviews.
• Ensure preventive SoD checks are executed during provisioning and simulate risks before deployment.

1. Continuous Monitoring & Training

• Develop a sustainable SoD monitoring framework with defined review cycles and approval workflows.
• Deliver training sessions for Security, Compliance, and Business teams on the enhanced SoD framework.
• Support audit readiness by maintaining robust documentation and evidence for SOX compliance validation.

Required Skills & Experience

• Strong hands-on experience with SAP GRC Access Control 11.0/12.0 (ARA, ARM, EAM, BRM modules) and GRC Process Control 12.0.
• Deep understanding of SAP Security architecture across ERP, IS-U, and BPC systems.
• Proven expertise in SoD analysis, risk remediation, and mitigating control design.
• Working knowledge of SOX, NIST, and corporate cybersecurity frameworks.
• Strong analytical and troubleshooting abilities (SUIM, SU53, ST01).
• Excellent communication, documentation, and collaboration skills.

Preferred Qualifications

• SAP Certified Associate – GRC Access Control
• Prior experience in regulated utilities or the energy sector