Enable job alerts via email!
SAP Authorizations Architect
Human Resources Department of Ras Al Khaimah Government
Ras Al Khaimah
On-site
AED 300,000 - 400,000
Full time
Generate a tailored resume in minutes
Land an interview and earn more. Learn more
Job summary
A government agency in Ras al-Khaimah is seeking an experienced SAP Authorizations Architect to design and manage SAP security across its various platforms. The ideal candidate will have 10-15 years of expertise in SAP Security and Authorizations, as well as knowledge of cloud-based Identity and Access Management systems. This role includes ensuring compliance with government security standards and conducting access reviews. Candidates must hold a Bachelor's or Master's degree in Computer Applications.
Qualifications
- 10-15 years of SAP Security & Authorizations expertise required.
- Strong knowledge of cloud-based IAM essential.
- Experience in SAP GRC, particularly Access & Process Control.
Responsibilities
- Design and govern SAP role architecture for various systems.
- Conduct periodic access reviews and ensure compliance.
- Collaborate with teams to secure integrations and APIs.
Skills
Education
Tools
The SAP Authorizations Architect will be responsible for designing, governing, and continuously improving SAP Security, Identity & Access Management (IAM), and Authorizations across the RAK Government SAP Landscape hosted on RISE with SAP (Private Cloud). This includes S/4HANA, BW on HANA, SAP BTP, SAP Fiori, SAP CPI, SAP SAC, SAP GRC, and SAP API Management.
The role ensures end-to-end access governance, role design, SoD compliance, security audits, and enforcement of RAK Government cybersecurity and IT governance policies. The Architect will lead the definition of role concepts (Business, Composite, Technical), design and optimize Fiori & backend authorization models, coordinate identity lifecycle processes, manage OAuth/Trust configurations, review Cloud IAM entitlements, and conduct periodic access reviews.
The position requires 10–15 years of SAP Security & Authorizations expertise, strong knowledge of cloud-based IAM, SAP GRC AC/PC, S/4HANA role design, BTP Security, Identity Providers, Certificates, and adherence to NIST, ISO27001, and UAE Government security standards.
- Design and govern SAP role architecture for S/4HANA, Fiori, BW, BTP, CPI, SAC, and API Management.
- Develop and maintain Business, Composite, and Single roles with strict SoD compliance.
- Perform SU24 maintenance, SU53 analysis, STAUTHTRACE troubleshooting, and end-to-end authorization debugging.
- Implement and optimize Fiori catalogs, groups, spaces, and OData authorization concepts.
- Manage cloud IAM: IAS/IPS, Azure AD integrations, OAuth tokens, Trust configurations, and SSO (SAML2).
- Ensure compliance with RAK Government security standards, NIST, ISO27001, and SAP Security Notes.
- Conduct periodic access reviews, user attestation, and adherence to audit requirements.
- Manage SAP Identity lifecycle processes (joiner, mover, leaver) across On-Prem, Cloud, and BTP.
- Design and enforce least-privilege, zero-trust aligned authorization structures.
- Deep expertise in SAP GRC - Access & Process Control.
- Review and implement SAP Security Notes, patch compliance, and vulnerability remediation.
- Perform risk assessments, mitigations, and audit-ready documentation.
- Collaborate with Basis, Functional, and Development teams to secure integrations, RFCs, and APIs.
- Support SAP BTP subaccount security (roles, entitlements, trust, connectivity).
- Manage Certificate, OAuth client, and SSO configurations.
- Provide expert consulting during releases, upgrades, new modules, and system migrations.
- Review and implement SAP Security Notes, patch compliance, and vulnerability remediation.
- Perform risk assessments, mitigations, and audit-ready documentation.
Bachelors / Master in Computer Applications
10–15 years in SAP Security, Authorizations, GRC & IAM (including minimum 2 years in Cloud / RISE with SAP).
SAP Security/GRC Certification, Cloud IAM (Azure/Okta), Cybersecurity certifications (ISO27001, CISSP, CISM beneficial).
English Language (spoken and written) – Essential
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
