SAP Security Engineer
Company: S3
Location: Detroit
Posted on: April 1, 2026
|
|
|
Job Description:
Job Description Title: SAP Security Engineer (GRC & S/4HANA)
Location: Detroit, MI - Local - In office (Tue, Wed, Thu)
Assignment: 12 months then eligible for Contract renewal Note: NERC
Background check will be Required Job Summary: We are seeking a
highly skilled SAP Security Engineer to support and secure SAP
environments essential to utility operations. This role will focus
on implementing and maintaining security across ERP, CRM, ISU, and
Fiori platforms, while ensuring compliance with SOX and
utility-specific regulations like NERC/CIP. The ideal candidate
will possess a deep understanding of SAP security leading
practices, role administration, authorization concepts, and audit
readiness. This individual will also play a key role in system
upgrades, user access reviews, remediation activities, and
performance monitoring to ensure a secure and compliant landscape.
Key Responsibilities: Provide user and role administration across
multiple SAP ERP and CRM modules, including IS-U and Fiori. Lead
SAP GRC Access Control activities including role design,
provisioning workflows, Segregation of Duties (SoD) analysis,
mitigation controls, and audit support across ECC and S/4HANA
environments. Design, build, and maintain SAP security roles in
S/4HANA using PFCG, SU24, and Fiori catalogs/groups, ensuring
compliance with SOX and internal control standards. Partner with
business and IT stakeholders to translate process requirements into
compliant security designs, leveraging SAP GRC rulesets, risk
analysis, and control frameworks. Support S/4HANA security
architecture by ensuring proper authorization concepts,
HANA-specific considerations, and secure access for both classic
and Fiori-based applications. Assist in the building and
modification of SAP security roles to support business requirements
and ensure clean role design. Troubleshoot and fix production
security authorization issues, including missing roles,
authorization failures, and access conflicts. Assess business role
requirements and enable authorizations in accordance with business
and compliance specifications. Assist in the development and
execution of security processes and techniques that enforce
compliance with organizational policies and industry standards.
Implement SAP leading practices for system security, including
access control, system hardening, audit log monitoring, incident
handling, and policy enforcement. Create and/or remediate control
gaps to support SOX compliance and utility-specific audit
requirements. Assist with the creation of effective remediation
solutions and/or exception documentation when applicable. Assist
with the successful completion of periodic user access reviews,
ensuring all user access is current, justified, and appropriately
approved. Perform system monitoring activities for security
performance, health metrics, and compliance control validations.
Support SAP upgrade and system refresh activities, ensuring role
consistency, regression testing, and minimal disruption during
changes. Navigate SAP tables (e.g., AGR_1251, USR02, etc.) and pull
data for audits, reporting, and review processes. Collaborate with
internal controls, audit, and compliance teams to ensure security
operations align with regulatory requirements. Stay abreast of the
latest SAP technologies and innovations, especially those related
to S/4HANA, Fiori, and Identity Access Governance (IAG). Support
and maintain Segregation of Duties (SoD) compliance, including
conflict detection, remediation, and documentation.Minimum
Qualifications: Bachelor’s degree in Information Technology,
Computer Science, Business, or a related field. A minimum of 3
years of experience with SAP ERP and CRM security authorization
concepts, including IS-U. Strong understanding of SAP role design,
authorization concepts, and SoD conflict resolution. Experience
working in complex SAP environments with multiple clients and
landscapes. Solid understanding of SoD conflict resolution and
compliance with audit frameworks (e.g., SOX, NERC/CIP). Proven
ability to extract and interpret data from SAP tables for audit,
controls, and troubleshooting. Hands-on experience with Fiori
security design and configuration. A proven ability to work
effectively under pressure, manage multiple tasks, and meet tight
deadlines. Preferred Skills (Nice to Have): Experience with SAP GRC
Access Control or Identity and Access Governance (IAG). Knowledge
of SAP ISU/CRM and S/4HANA security models. Exposure to SAP HANA
database security and user provisioning. Familiarity with LDAP,
Active Directory, and other authentication mechanisms. Project
coordination or light project management experience. Soft Skills:
Strong analytical and problem-solving skills. Excellent written and
verbal communication skills. Ability to work both independently and
as part of a collaborative team. High attention to detail and
commitment to quality and compliance.
Keywords: S3, Lakewood , SAP Security Engineer, IT / Software / Systems , Detroit, Ohio
