Senior/Lead SAP Security Consultant

We are seeking a skilled and experienced Senior/Lead SAP Security Consultant to join our team.

This role involves spearheading the design, implementation, and management of SAP security solutions while ensuring robust protection and seamless access management for critical business systems.

Feel free to work remotely from anywhere across Latvia or connect with colleagues at our Riga office.

Responsibilities

• Lead the implementation of SAP Security solutions, including GUI authorization, role-based design, and Fiori-first access strategy, while ensuring compliance and adherence to best practices
• Oversee the provisioning/deprovisioning of user access, implement automation for streamlined access management, and manage compliance with Segregation of Duties (SoD) standards, remediation, and risk mitigation
• Manage and optimize SAP GRC modules, including Access Risk Analysis, Emergency Access Management, Access Request Management, and Business Roles Management, to enhance security governance
• Conduct ongoing security health checks for activities like onboarding/offboarding, inactive user audits, and excessive access reviews. Ensure SAP systems align with IT standards (e.g., ITIL, SOX) and provide support for auditing processes
• Serve as the escalation point for resolving complex authorization issues, ensuring system stability and efficient user access provisioning across SAP environments
• Develop and implement effective monitoring practices and controls for SAP systems, including auditing tools and policies to detect and mitigate security risks
• Utilize tools such as ServiceNow (SNOW), Jira, and ChaRM to manage incidents, changes, and requests effectively
• Act as a trusted advisor and mentor within the team, providing guidance on SAP security advancements, emerging best practices, and innovative approaches to security challenges

Requirements

• Hands-on experience with SAP Security, including classic GUI authorizations and role-based design
• SAP roles management, troubleshooting, users’ administration, custom tcodes/apps compliance management
• Fiori authorization conception, app access provisioning, and access issues troubleshooting. Fiori's first approach methodology
• Access provisioning / deprovisioning automation
• Segregation of Duties Methodology. Rule set management. SOD Risks remediation and mitigation
• GRC Access Control – Access Risk Analysis, Emergency Access Management, Business Roles Management, Access Request Management
• Security system ongoing health check controls – onboarding/off-boarding, inactive users, users’ termination, excessive access management, etc.
• SAP Security auditing
• Experience with Application Management Services and tools (SNOW, Jira, Charm, etc.)
• General understanding of security standards (ITIL, SOX, etc.)

Nice to have

• GRC Process Control – data sources management, business control rules configuration, continuous monitoring
• GRC Risk Management
• SAP BW, HR, HANA DB authorizations
• SAP Cloud security & authorization and access provisioning conception
• BTP authentication and authorization concept. IdP providers. Identity Access Service. IAG experience
• Any non-SAP access management tools usage, like Saviynt, SalePoint, Security Bridge, etc.
• Cyber Security hands-on experience. SAP Enterprise Threat Detection. UI Masking / UI Logging
• End-to-end SAP Security system implementation

We offer

• Engineering Heritage: Best-in-class experts sharing a culture of engineering excellence and tackling complex engineering challenges for over 30 years.
• Advanced Tech Stack: Innovative projects where you can apply or enhance your expertise in Cloud, Data, AI, and other emerging technologies.
• World-Class Clients: Work closely with 295+ of the Forbes Global 2000 on creating disruptive solutions that make a global impact.
• Professional Growth: Exceptional support for career development with comprehensive resources for upskilling or reskilling in pioneering practices.
• GenAI Community: Strong AI competencies with 600+ experts across 55+ locations driving GenAI-enabled transformation journeys.
• Entrepreneurial Culture: If you're passionate and dedicated to improving business transformation, we provide the support you need to bring your ideas to life.
• Hybrid Setup: The flexibility to work from any location in Latvia, whether it's your home or our office in Riga.
• Other Benefits: Additional vacation and trust days, private health insurance, Employee Stock Purchase Plan and more.

About EPAM

EPAM is a leading global provider of digital platform engineering and development services. For over 30 years, our team has helped leading brands navigate the waves of digital transformation, building solutions that help them stay competitive through constant market disruption.With offices in 55+ countries, EPAM has grown in Latvia to over 150+ talented innovators in 3 years. We foster creativity and unconventional ways of doing things, welcoming like-minded professionals to join us.

Salary range €3.3K-€5.8K gross, based on your experience and interview results.