Lead/Principal Specialist - SAP Security and GRC

As of November 1, 2025, Sunoco LP has successfully completed its acquisition of Parkland Corporation. For more information, please visit www.sunocolp.com.

Competitive Benefits. Meaningful Extras. Unmatched Value.

• A place where you can take your career in the direction you want to grow and go

The Lead/Principal Specialist - SAP Security and GRC is responsible for the design, architecture, implementation, and management of robust SAP security and Governance, Risk, and Compliance (GRC) solutions. This role ensures the protection of enterprise data, adherence to regulatory compliance, and support for secure business operations across the SAP landscape including on-premises and cloud environments.

• Security Architecture & Design: Architect, implement, and maintain the comprehensive SAP security framework, including user provisioning, role management, Fiori administration, and authorization concepts across various SAP systems (e.g.: S/4HANA, Fiori, BTP, Build Work Zone, SAC, Datasphere, AI etc.).
• GRC Implementation & Optimization: Lead the Architecture design, deployment, configuration, and optimization of SAP GRC Access Control and Process Control modules to support compliance and risk management initiatives.
• Risk & Compliance Management: Ensure compliance with internal security policies and external regulations (e.g., SOX, GDPR). Support internal and external audits by providing documentation and expertise on SAP security and GRC controls.

• Research production issues and enhancement requests related to all SAP Security aspects of S4HANA, Fiori, UI Data Protection, BPC, BTP IAS/IPS, Build Work Zone, BPA, BIS, SAC, Datasphere, and GRC Access & Process Controls, and make appropriate configuration changes.
• Initiate action and evaluate issues to develop alternative solutions, applying expert knowledge to resolve problems.
• Conduct day-to-day troubleshooting and break-fix activities for SAP security and cloud services such as BTP IPS, IAS, Work Zone, BPA, Cloud ALM, Datasphere, SAC and third-party reporting tools.
• Provide 24x7 support for SAP production systems, including telephone support.

• Manage user provisioning, role design, UI Data protection masking, SSO across SAP systems and cloud platforms (S4HANA, GRC, Fiori, BPC, BTP IAS/IPS, Work Zone, BPA, BIS, SAC, Datasphere, AI Joule).
• Maintain and monitor GRC Access Control workflows, business roles, risk analysis, and emergency access management.
• Support GRC Process Controls for compliance with and audit requirements by managing CCM, MCP and Policy management.
• Identify and implement efficiency improvements in SAP security processes, GRC solutions and cloud integration.
• Recommend and implement approved process enhancements or new functionality.

• Collaborate with business stakeholders to analyze requirements and translate them into SAP security and governance solutions.
• Provide guidance on best practices for access management and compliance.

• Configure SAP security roles and perform unit testing in accordance with specifications.
• Document business procedures, configuration changes, test scenarios, and training materials.

• Plan, direct, and coordinate SAP security-related projects to ensure timely delivery within defined constraints.
• Identify and schedule project deliverables, milestones, and tasks.

• Develop and conduct training sessions for business users and IT resources on SAP security and GRC processes.
• Mentor team members to enhance their understanding of SAP security and compliance.

• Ensure all changes and enhancements follow SOX control processes.
• Recommend and implement improvements to change control processes as needed.
• Technical Leadership: Provide expert guidance and technical leadership on all SAP security matters to project teams, business process owners, and IT teams.
• Documentation & Standards: Develop and maintain comprehensive security documentation, including architecture diagrams, technical specifications, and operational procedures.
• Emerging Technologies: Evaluate new SAP technologies (e.g., SAP HANA DB security, Fiori, BTP, IAG, IPS, Datasphere, Databricks, SAC, Redwood, AI Joule) and security trends to recommend and implement innovative solutions.

• Bachelor’s or master's degree in computer science, Information Technology, or a related field.
• CISSP certification is preferred.

• Minimum of 8-10 years of hands‑on experience in SAP and GRC security architecture and implementation, with a significant focus on complex enterprise environments and at least two full SAP project lifecycle implementations.
• Extensive knowledge of SAP security across various modules and applications (e.g., SAP S4 HANA DB security, Fiori spaces, pages, catalog maintenance, BTP, Work Zone, IAG, IPS, Datasphere, Databricks, SAC, UI Data Protection Masking).
• Extensive implementation experience in SAP GRC Access Control components, including Access Risk Analysis (ARA), MSMP workflow configurations, BRF+, Business Role Management (BRM), Access Request Management (ARM), and Emergency Access Management (EAM). GRC Process Control configuration experience in CCM, MCP and Policy Management.
• Expert knowledge of SAP authorization concepts, role design, and user access.
• Extensive experience with SAP cloud applications security not limited to BTP, SAC, Datasphere.
• understanding of compliance requirements such as SOX, NIST, and their impact on SAP IT General Computer Controls.
• Excellent analytical and problem‑solving skills, with the ability to analyze complex technical issues.
• Effective communication, presentation, and stakeholder management skills, capable of interacting with senior management, auditors, and technical teams.

Humble. Hungry. Smart. Does this sound like you?

Do others describe you as being a down‑to‑earth achiever? Someone who thinks outside the box and always strives to do more than what is required? Someone who sees the bigger picture? You sound brilliant to work with!

We Want You To Shine:

We are committed to providing equal opportunities to all applicants. If you require accommodation due to a disability, you will have an opportunity to notify us when scheduling your interview.

Belonging Matters. Because You Do:

We are an equal opportunity employer and encourage applications from all qualified individuals. Our ability to work as one team across Canada, the United States, and the Caribbean is foundational to our success. We show up as our authentic selves each day and create space for one another’s unique contributions.

We respect the diverse cultures, traditions, and perspectives of Indigenous Peoples and seek to achieve equitable partnerships and opportunities with Indigenous communities.

The Fine Print:

Candidates must be legally eligible to work in the country in which they applied. Regrettably, we are unable to sponsor employment visas at this time.

Final candidates will be required to undergo a confidential pre‑employment background check, including but not limited to educational, criminal, credit, drug and alcohol, and/or fitness for duty testing.