SAP GRC & IAG Consultant

• Design and implement SAP GRC AC 12.0 modules:
  

• Configure multi-stage request workflows, mitigation paths, and agent rules.
  

• Build custom SoD risk rules, simulate risks across systems (via RFC and IAG bridge), and automate preventive risk detection.
  

• Deploy firefighter IDs across landscapes with real-time logging and automated review workflows.
  

• Define role derivation strategies, composite roles, and role approval hierarchies.
  

• Design and implement SAP GRC Process Control 12.0 to automate control testing, support regulatory compliance, and enable centralized control governance across enterprise business processes.
  

• Develop technical rules using BRF+ and configure automated control tests from SAP and non-SAP data sources (e.g., BKPF, BSEG, EKKO).
  
• Schedule real-time or periodic monitoring jobs and link monitoring results to control assessments. Trigger automated issue logs upon control failures with follow-up remediation workflows.
  

• Design CSA campaigns using predefined questionnaires linked to internal controls.
  
• Automate evidence collection and control owner attestations. Integrate results with compliance dashboards and audit follow-up cycles.
  

• Maintain a centralized control repository with versioning, policy linkage, and control classification (automated/manual/key).
  
• Associate controls with relevant regulations (e.g., SOX 404, GxP, FDA, ITGC).
  

• Configure multi-step assessment workflows involving control performers, testers, reviewers, and compliance leads. Enable role-based task assignments and SLA tracking for assessment completion.
  

• Automate issue creation for failed tests, surveys, or control assessments. Configure root cause fields, impact analysis, corrective action plans, and escalation routes.
  

• Implement SAP Risk Management 12.0 to enable proactive identification, assessment, monitoring, and mitigation of enterprise risks across business and IT domains.
  

• Configure a centralized risk repository with risk categories, descriptions, causes, and impacts. Map risks to business objectives, organizational units, and business processes.
  

• Define custom risk assessment scales (e.g., likelihood, impact, velocity) and scoring models.
  
• Enable periodic or real-time assessments using configurable methodologies (qualitative/quantitative). Visualize risk trends using heat-maps, risk matrices, and dashboards.
  

• Document mitigation plans and assign risk response strategies (avoid, accept, mitigate, transfer). Link mitigation plans to internal controls in Process Control for automated effectiveness tracking.
  

• Automate risk review, approval, and reassessment workflows based on role hierarchy. Route risk events to appropriate owners, compliance teams, and executive reviewers.
  

• Link risks to controls in Process Control to monitor control effectiveness.
  
• Map access-based risks (e.g., SoD violations) from GRC ARA directly to enterprise risk profiles.
  

• Deploy SAP IAG as a central governance layer for SAP Cloud apps.
  
• Enable risk analysis, access requests, and role lifecycle management for:
  

• SAP Ariba (Operational Procurement, Sourcing, Supplier Management)
  
• SAP Concur (Travel & Expense)
  
• SAP Integrated Business Planning (IBP)
  
• SAP Analytics Cloud (SAC) – including Workspace and Model-level access
  
• SAP BTP – including subaccount role collections, entitlements, and destinations
  
• DSP (Data Services Platform) – for sensitivity 
  

Requirements

• 10 + experience working within SAP GRC frameworks
  
• Excellent expertise in SAP IAG, SAP GRC AC all modules with very good understanding of SAP functional modules such as Finance, MM, PP, QM, SD, PLM, and APO etc
  
• Should have expertise of all well known of concepts BTP, IAS, IPS, APIs, cloud connector, cloud application security