Summary: The role of SAP GRC Consultant/Project Manager involves leading the delivery of Governance, Risk, and Compliance (GRC) workstreams within a Defence environment, specifically for an SAP S/4HANA transformation programme. The candidate must possess extensive SAP GRC expertise and project management skills, ensuring compliance and security processes are effectively integrated. Additionally, the role requires strong stakeholder engagement and the ability to operate as both a subject matter expert and delivery lead. Candidates must hold or have previously held SC Security Clearance.
Key Responsibilities:
- Lead the planning and delivery of SAP GRC workstreams across the programme.
- Manage project plans, milestones, dependencies, RAID logs and reporting activities.
- Coordinate internal teams, system integrators and business stakeholders.
- Ensure GRC deliverables are completed in line with programme timelines and governance requirements.
- Provide regular status updates to programme leadership and steering groups.
- Lead the design and implementation of SAP GRC solutions.
- Define and maintain controls frameworks aligned to security, audit and regulatory requirements.
- Support risk assessment and compliance activities across SAP and integrated systems.
- Establish processes to monitor and manage security and compliance risks.
- Work with internal audit and security teams to support governance requirements.
- Define and manage Segregation of Duties controls and risk rulesets.
- Conduct SoD analysis and remediation activities.
- Support role design, access reviews and control frameworks.
- Work with business stakeholders to resolve access and control issues.
- Ensure compliance with audit and regulatory expectations.
- Support development of role-based access controls.
- Define user provisioning, approval and access governance processes.
- Implement periodic access review and certification processes.
- Support identity and access management activities across SAP environments.
- Ensure access controls align with Defence and security requirements.
- Engage Finance, Procurement, HR, IT and Security stakeholders.
- Facilitate workshops to agree control requirements and remediation actions.
- Support training and adoption of GRC processes and controls.
- Provide guidance to business users, control owners and programme teams.
Key Skills:
- SAP GRC Access Control
- Segregation of Duties (SoD)
- Risk & Compliance Management
- SAP Security & Authorisations
- Identity & Access Management
- Audit & Controls
- Stakeholder Management
- Project Management
- RAID Management
- Governance & Reporting
- Workshop Facilitation
- Change & Adoption Support
Salary (Rate): undetermined
City: undetermined
Country: United Kingdom
Working Arrangements: undetermined
IR35 Status: inside IR35
Seniority Level: undetermined
Industry: IT
SAP GRC Consultant/Project Manager - Inside IR35 - Must hold, or have previously held SC Security Clearance
We are seeking an experienced SAP GRC Consultant/Project Manager to support a major SAP S/4HANA transformation programme within a highly regulated Defence environment.
The successful candidate will combine deep SAP Governance, Risk & Compliance expertise with strong project management and stakeholder engagement capabilities. They will be responsible for driving the delivery of GRC workstreams, ensuring robust security, controls and compliance processes are Embedded across the SAP landscape whilst managing delivery activities, risks, dependencies and business engagement.
This role requires an individual who can operate as both a subject matter expert and delivery lead, working across business, audit, security, architecture and programme teams to ensure GRC capabilities are successfully implemented and adopted.
Candidates must hold, or have previously held, BPSS and SC Security Clearance, or be eligible to obtain and maintain both.
Core Functional Requirements & Experience
SAP GRC Delivery Leadership
- Lead the planning and delivery of SAP GRC workstreams across the programme.
- Manage project plans, milestones, dependencies, RAID logs and reporting activities.
- Coordinate internal teams, system integrators and business stakeholders.
- Ensure GRC deliverables are completed in line with programme timelines and governance requirements.
- Provide regular status updates to programme leadership and steering groups.
Governance, Risk & Compliance
- Lead the design and implementation of SAP GRC solutions.
- Define and maintain controls frameworks aligned to security, audit and regulatory requirements.
- Support risk assessment and compliance activities across SAP and integrated systems.
- Establish processes to monitor and manage security and compliance risks.
- Work with internal audit and security teams to support governance requirements.
Segregation of Duties (SoD)
- Define and manage Segregation of Duties controls and risk rulesets.
- Conduct SoD analysis and remediation activities.
- Support role design, access reviews and control frameworks.
- Work with business stakeholders to resolve access and control issues.
- Ensure compliance with audit and regulatory expectations.
User Access & Security Governance
- Support development of role-based access controls.
- Define user provisioning, approval and access governance processes.
- Implement periodic access review and certification processes.
- Support identity and access management activities across SAP environments.
- Ensure access controls align with Defence and security requirements.
Stakeholder Management & Change
- Engage Finance, Procurement, HR, IT and Security stakeholders.
- Facilitate workshops to agree control requirements and remediation actions.
- Support training and adoption of GRC processes and controls.
- Provide guidance to business users, control owners and programme teams.
Required Experience
Essential
- Minimum 8-10 years SAP experience, including significant SAP GRC delivery experience.
- Proven experience delivering SAP GRC projects within complex SAP landscapes.
- Experience operating as both a GRC Consultant and workstream lead or Project Manager.
- Strong understanding of:
- SAP GRC Access Control
- Segregation of Duties (SoD)
- Risk Management
- Access Governance
- User Provisioning
- Compliance Monitoring
- Experience managing project plans, dependencies, risks and stakeholder engagement.
- Strong workshop facilitation, communication and influencing skills.
- Experience within Defence, Aerospace & Defence, Government or similarly regulated environments is highly desirable.
Preferred Experience
- SAP S/4HANA transformation programmes.
- SAP Fiori security and authorisation concepts.
- SAP Identity Access Governance (IAG).
- SAP Cloud Identity Services.
- Internal and external audit support.
- Cyber security and compliance frameworks.
- Experience working with major System Integrators.
Key Skills
- SAP GRC Access Control
- Segregation of Duties (SoD)
- Risk & Compliance Management
- SAP Security & Authorisations
- Identity & Access Management
- Audit & Controls
- Stakeholder Management
- Project Management
- RAID Management
- Governance & Reporting
- Workshop Facilitation
- Change & Adoption Support
If you are looking for your next opportunity, please contact me on my mobile.