Senior SAP Security Business Process Consultant (R&A SAP) to Build an SAP based Access Control framework & a unified R&A strategy

Our Valued Public sector Client requires a Senior SAP Security Business Process Consultant (R&A SAP) to Build an SAP based Access Control framework & a unified R&A strategy by integrating a Governance Risk and Compliance (GRC) Access Control solution to address access risks in that systems landscape.  

Background:

The client's system has evolved over time, merging two SAP instances, and integrating increasing functionality on an ongoing basis, including the supply system and functionality to manage real property. The R&A for the system was developed and adapted at each of these major changes without an overarching R&A strategy or framework, which led to different and conflicting R&A processes and authorities being implemented within the system. The lack of an overarching strategy and framework has resulted in serious shortfalls/gaps in the management of access, including improper segregation of duties, inappropriate security authorities, ineffective control, unstructured roles and highly tailored R&A profiles that are difficult to manage and change. In the current situation it is impossible to manage R&A efficiently and build/support automated access controls and monitoring services.

The required services of this work will include SAP Finance R&A rationalization, eventually utilizing SAP GRC, and assistance with day to day R&A analysis, and will require the Contractor to perform the following tasks:

Resposibilities:

a. Assist the client with SAP access management and role management (role structure in line with the business processes);
b. Assist the client with the R&A Rationalization Project;
c. Assist in the identification of adequate controls for roles and access in SAP (required in the Roles and Authorization rationalization project);
d. Assist in identifying segregation of duties concerns for users with multiple accounts across different modules;
e. Assist with the creation of Segregation of Duties (SoD) policy and procedures;
f. Assist in designing finance business roles and operational roles free of non-mitigated SoD violations across the systems landscape;
g. Assist with implementing R&A in line with SAP best practices and alignment to S/4 Hana as much as possible;
h. Track “lessons learned”;
i. Provide knowledge transfer to the finance employees on R&A best practices.

Must haves:

• 6 years of R&A experience within SAP systems in the last 10 years
• At least 2 projects for the Canadian government completed in the last 10 years