Grc Security & Risk Lead

Department: IT | Location: Bangalore

Reports to: Global VP IT Delivery & Project Portfolio Management

Direct Reports: 0

The SAP GRC Security & Risk Lead will play a pivotal role in elevating Pentland's SAP access governance by enabling transparency, risk accountability, and secure access management across all global SAP environments.

This role will own the configuration, monitoring, and continuous improvement of the our SAP GRC platform (v12.0), working in close partnership with business leads to embed access governance and risk ownership into daily operations. By combining deep technical knowledge with strong business engagement, this role ensures SAP access risks are visible, mitigated, and aligned to audit and compliance expectations.

Through cross‑functional collaboration, the GRC Security & Risk Lead will drive adoption of standardised, business‑led access control practices across all brands and regions, supporting the enterprise ambition to modernise systems, improve performance, and reduce risk.

• Administer SAP GRC Access Control (ARM, ARA, BRM, EAM) in alignment with the global access governance framework.
• Maintain and monitor risk rule sets, mitigation controls, role design and firefighter configuration in SAP GRC.
• Oversee SAP user access provisioning and approval workflows, supporting ECC environments.
• Support global adoption of the GRC platform through performance tuning, process optimisation, and issue resolution.
• Ensure the system operates in line with audit expectations and compliance standards.

• Act as the key liaison between IT and business stakeholders across Finance, HR, Supply Chain, and Commercial functions.
• Lead regular business review sessions to surface unresolved violations, review mitigation controls, and drive access accountability.
• Educate business users on GRC usage, risk ownership and compliance responsibilities.
• Champion transparency and standardisation in access governance processes across all regions and brands.

• Manage the joiner‑mover‑leaver (JML) process for SAP users, ensuring timely and compliant access changes.
• Collaborate with Internal Audit to align controls, reporting and documentation to regulatory expectations.
• Review and reengineer SAP roles in partnership with role owners to ensure they reflect business operating models and reduce SoD risk.
• Document key access control processes and maintain audit‑ready evidence and reporting.

• Strong communication and facilitation skills; able to run effective business review sessions with senior non‑technical stakeholders.
• Proven ability to work cross‑functionally with business teams and influence risk ownership without direct authority.
• A proactive mindset, driving issues to resolution and continuously seeking improvement opportunities.

• 3+ years of hands‑on experience with SAP GRC Access Control (preferably version 10.x or 12.0).
• Knowledge of SAP user provisioning, role design and SoD risk management in ECC.
• Experience in configuring and managing mitigation controls, risk analysis and Firefighter ID processes.
• Familiarity with audit, compliance and access governance best practices.

• A structured, process‑oriented individual with attention to detail and a pragmatic mindset.
• Comfortable working in a matrixed, global environment with varied stakeholder expectations.
• Demonstrates ownership, energy and resilience in a dynamic change environment.

• GRC system adoption and performance
• Risk visibility and mitigation adherence
• Access control compliance (audit findings, SoD violations)
• Stakeholder satisfaction with GRC processes
• Business review completion rates and follow‑through
• Efficiency of user provisioning and access governance processes