SAP GRC & Security Specialist

Apply


Description

SAP GRC & Security Specialist

At B&A, we foster and embrace a distinct set of values that we live by and instill in all aspects of our organization: dedication, commitment, partnership, trust, and recognition. We have incorporated these values into successful delivery for our customers since 1988. B&A believes in ensuring its employees feel deeply connected to B&A, recognizing successes and hard work, and providing continuous opportunities to learn and grow. Our people are entrepreneurial thinkers that combine mindset, vision, and experience to drive value - not only to us as an organization, but to the clients we support. We promote a collaborative culture with our clients, and with each other, as one team working towards a common vision. We'd love for you to join our team!

Job Summary

B&A is seeking an experienced SAP GRC & Security Specialist to design, implement, and manage governance, risk, and compliance (GRC) and security solutions across SAP environments. This role is responsible for ensuring regulatory compliance, enforcing security controls, and supporting audit readiness while aligning SAP security architecture with enterprise and federal security requirements.

The ideal candidate will possess deep expertise in SAP security design, user access governance, and risk mitigation strategies, along with experience operating in highly secure, regulated environments.

Responsibilities

• Design, implement, and maintain SAP security roles, profiles, and authorizations
• Administer and support SAP GRC Access Control modules , including:
  • Access Risk Analysis (ARA)
  • Access Request Management (ARM)
  • Business Role Management (BRM)
  • Emergency Access Management (EAM)
• Perform Segregation of Duties (SoD) analysis and risk remediation
• Lead user provisioning, de-provisioning, and access reviews
• Support internal and external audit activities , including evidence gathering and remediation tracking
• Develop and maintain security policies, procedures, and control documentation
• Monitor and respond to SAP security incidents and vulnerabilities
• Collaborate with functional and technical teams to ensure secure SAP configurations
• Ensure compliance with federal, regulatory, and organizational security standards
• Provide recommendations for continuous improvement of SAP security posture

Education and Experience

• Bachelor's degree from an accredited college or university in Computer Science, Information Technology, Finance, Supply Chain Management, or a related field
• Minimum of 5-8 years of experience in SAP Security and/or SAP GRC

Required Skills

• Hands-on experience with SAP GRC Access Control (ARA, ARM, BRM, EAM)
• Strong understanding of Segregation of Duties (SoD) concepts and risk analysis
• Experience with SAP environments such as SAP ECC, S/4HANA, BW, and Fiori
• Knowledge of role-based access control (RBAC) and SAP authorization concepts
• Experience supporting audits, compliance reviews, and remediation activities
• SAP Security Administration (user roles, profiles, authorizations)
• SAP GRC Access Control configuration and support
• Segregation of Duties (SoD) analysis and mitigation
• Risk and compliance management
• Audit support and documentation
• Identity and access management (IAM) principles
• Strong understanding of SAP system landscapes and transport management
• Ability to interpret and implement regulatory/security requirements
• Familiarity with federal security frameworks (e.g., NIST, FISMA)
• Strong analytical, problem-solving, and documentation skills

Desired Skills

• Experience with SAP S/4HANA migrations or implementations
• Knowledge of SAP Fiori security and authorization concepts
• Familiarity with Identity Governance tools (e.g., SailPoint, Okta, Azure AD)
• Experience with automated controls and continuous monitoring tools
• Background in DevSecOps or secure SDLC practices
• Experience integrating SAP GRC with non-SAP systems
• SAP certifications (e.g., SAP Security, SAP GRC)
• Experience working in federal or highly regulated environments
• Scripting or automation experience (e.g., Python, PowerShell)

Security Clearance

• Active Top Secret (TS) or DOE Q clearance is required; eligibility for SCI access may be required depending on program assignment

More About B&A:

Notable Clients
B&A has grown to be a company that is trusted by our clients for exceptional service, innovative solutions, and inspired employees. Our service extends through federal, state, and local Government, the private sector, and higher education. Some of our notable clients include Department of Homeland Security, U.S. Customs and Border Protection, U.S. Senate, U.S. Courts, U.S. Census Bureau, U.S. Navy, and more.

Benefits and Programs

B&A is proud to offer three robust individual and family medical plans to full time employees, including a Health Savings Account (HSA) option as well as two tiers of dental coverage, vision, life & AD&D, disability, accident, hospital indemnity, and critical illness insurance. In addition to these benefits, B&A employees enjoy paid time off, B&A sponsored trainings and certifications, pet insurance benefits, commuter transit benefits and a free subscription to a virtual exercise platform (NEOU). B&A's 401(k) plan is available to all employees and includes a company matching contribution.

B&A has launched several programs to focus on employee engagement, wellness, and assistance. These include:

• The B&A Cares program: 30/60/90-day wellness check ins, personal development, financial management, and stress management seminars, and more
• A formal mentorship program
• Job shadowing and cross training opportunities
• Brand Ambassador program
• Employee Assistance Program (EAP) - Access to various support resources to include counseling, legal guidance, financial planning, and more
• Monthly teambuilding events
• B&A Annual Wellness Challenges: #StepWithB&A, #WalkDuringLunchWithB&A, #VolunteeringWithB&A, #ExerciseDuringLunchWithB&A, and more

At B&A, we place significant importance on improving the communities and lives of citizens across the nation through our involvement, technology expertise, and employees. B&A puts an emphasis on charitable efforts in the Northern Virginia area, including Capital Area Food Bank pantry drives, book donations, Hope for Henry Foundation events, and many more. In recognition of all these efforts, B&A has been named a Companies as Responsive Employers (CARE) award recipient by Northern Virginia Family Services and nominated by the Northern Virginia Chamber of Commerce for Outstanding Corporate Citizenship Award.

EEO

B&A provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, amnesty, or status as a covered veteran in accordance with applicable federal, state and local laws. B&A complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities. This policy covers conduct occurring at B&A's offices, and other workplaces (including client sites) and all other locations where B&A is providing services, and to all work-related activities.

EEO is the Law

B&A participates in e-Verify. We provide the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS) with information from each new employee's I-9 Form to confirm work authorization.