SAP/FOCUS Security Team Lead (Business Analyst IV)

We are seeking an experienced SAP Security and SAP GRC Configurator to join our FOCUS DevOps team. This role is an integral part of a highly skilled Agile/SCRUM team dedicated to developing and enhancing the FOCUS/SAP platform. The individual in this position will be responsible for designing, implementing, and maintaining robust SAP security architectures and GRC processes, ensuring a secure, compliant, and efficient SAP environment.

Key responsibilities include collaborating with cross-functional teams to define role structures, manage access, and implement GRC solutions that mitigate risks and address audit and compliance requirements. Additionally, the SAP Security & GRC Configurator will work closely with the business to align the FOCUS security framework with organizational policies, legal regulations, and industry best practices.

Key Responsibilities

SAP Security:

• Design, configure, and implement SAP security roles and authorizations across various modules, including S/4HANA, ECC, BW, BI, Fiori, SRM, HCM, and others.
• Define and manage role principles, ensuring roles are designed for segregation of duties (SoD) and compliance requirements.
• Perform SAP user access provisioning, role-based user access control, and authorization analysis to prevent security risks.
• Identify, assess, and mitigate vulnerabilities in the SAP environment, including security monitoring and patch management.
• Conduct troubleshooting and support in investigating authorization and security-related incidents.
• Collaborate with functional teams to address and resolve security design and authorization issues for new SAP implementations, enhancements, or upgrades.

• Implement and configure SAP GRC Access Control (AC) modules, including Access Risk Analysis (ARA), Business Role Management (BRM), Access Request Management (ARM), and Emergency Access Management (EAM).
• Conduct SoD risk assessments and develop mitigation strategies to ensure organizations remain compliant with regulations and internal policies.
• Regularly review and optimize GRC rule sets to align with evolving risks or regulatory environments.
• Integrate SAP GRC solutions with other business applications to enhance efficiencies in compliance management.
• Assist with user and role provisioning through SAP GRC solutions while automating workflows and approvals.
• Collaborate with audit and compliance teams to support both internal and external audits and generate reports using GRC tools.

• Ensure compliance with key frameworks, regulations, and standards (e.g., SOX, GDPR, HIPAA, PCI-DSS) as they relate to SAP security and access.
• Lead or support risk assessments, audits, and evaluations of SAP environments to identify vulnerabilities, potential risks, and opportunities for remediation.
• Develop security policies, guidelines, and standards tailored specifically for SAP environments.
• Provide expertise on emerging SAP security risks and recommend solutions to mitigate them proactively.

• Work directly with clients and internal teams to gather requirements, define strategies, and deliver tailored SAP security and GRC solutions.
• Train and guide end-users on SAP security processes, GRC tools, and compliance best practices.
• Provide guidance to non-technical stakeholders on security risks and compliance-related topics.
• Act as a trusted advisor by staying up-to-date on SAP security product enhancements and industry trends, providing recommendations to clients when needed.

MINIMUM QUALIFICATIONS:
Any combination of education, experience, and training equivalent to the following:
(Click on the aforementioned link to learn how Fairfax County interprets equivalencies for "Any combination, experience, and training equivalent to")
Bachelor's degree in computer information systems, business administration, or related field; plus five years of experience in information systems and process redesign, managing and implementing all phases of the systems development life cycle, including at least one year of supervisory experience.

NECESSARY SPECIAL REQUIREMENTS:
The appointee to this position will be required to complete a criminal background and credit check to the satisfaction of the employer.

PREFERRED QUALIFICATIONS:

• Six (6) years of SAP Security and GRC experience, including hands-on implementation and support of SAP security frameworks and GRC solutions programming.
• Six (6) years of expertise in SAP Security management, and user provisioning processes.
• Proficiency in configuring and supporting SAP GRC modules like ARA, BRM, ARM, and EAM.
• Hands-on experience in analyzing and resolving security issues using SAP Access Control and SUIM tools.
• Knowledge of integrating SAP GRC with Identity Access Management (IAM) solutions and SAP Fiori security models.
• Familiarity with SAP HANA security, CDS views, and database roles.
• Solid understanding of IT risk management, compliance requirements, and regulatory frameworks.
• Excellent written and verbal communication skills with the ability to explain complex technical concepts to non-technical staff.
• Experience documenting business and system requirements, processes, workflows, and test plans.
• Considerable knowledge of the capabilities of information technology software, hardware, and network communications.
• Strong problem-solving ability, critical thinking skills, creative/innovative thinking ability, and desire to learn new skills and techniques.
• Demonstrated ability to work in a collaborative and team framework that incorporates outside agency and contract staff.
• Stays abreast of both IT and data analytics trends.
• Knowledge of SAP Cloud Applications Security (e.g., Ariba, SuccessFactors, Concur).