SAP Access Management Lead

Position Title: SAP Access Management Lead

Location: Leeds, UK (Hybrid)

The SAP Access Management Lead is accountable for designing, governing, and operating SAP security and access management across Wella’s global SAP ecosystem, including ECC, S/4HANA, and connected platforms. The role ensures that the right people have the right access at the right time, safeguarding company data, IP, and operations while complying with regulatory frameworks such as SOX, GDPR, and ISO 27001.

• Establish and own the SAP access management target operating model (business & IT)
• Define and operate global SoD ruleset in partnership with access & risk owners to mitigate risks
• Own all SAP access management controls, including SOX compliance
• Develop SAP security and access management strategies, roadmaps, and transformation initiatives
• Drive continuous service improvements in line with best practice and regulatory changes

• Own and enforce SAP access management policies, standards, and procedures
• Ensure quarterly access recertifications and joiner/mover/leaver processes are executed
• Monitor SAP license consumption and drive corrective actions
• Ensure security controls are embedded in new and upgraded SAP applications
• Act as point of contact for audits and own remediation of findings

• Oversee end-to-end provisioning, de‑provisioning, and access lifecycle processes
• Ensure automation efficiency and transparency in access workflows
• Manage BAU vendor services for SAP access management, ensuring SLAs and performance targets are met
• Oversee access‑related incidents and breaches to ensure swift resolution

• Lead SAP security transformation initiatives in collaboration with Audit and Cybersecurity
• Build repeatable processes, methods, and tools for access management across Wella
• Ensure complete and current documentation for all SAP security processes and controls

• Provide strategic leadership, mentoring, and guidance to SAP access/security teams
• Collaborate with Cybersecurity, Basis, Enterprise Architecture, and business stakeholders
• Communicate complex technical concepts to non‑technical stakeholders
• Drive change and ensure alignment across diverse global teams

• Deep understanding of SAP roles, authorizations, and access concepts
• Expertise in SoD frameworks, access certification, and GRC tools (SAP GRC, SailPoint, ARM)
• Strong grasp of identity governance principles and regulatory requirements (SOX, GDPR, ISO)
• Hands‑on knowledge of ECC and S/4HANA core SAP security
• Strong leadership, vendor management, and change delivery skills
• Excellent problem‑solving, stakeholder engagement, and communication abilities

• Bachelor’s degree in Computer Science, Information Systems, or a related discipline
• SAP Security or GRC certification preferred

• 10+ years of professional experience in SAP security and access management
• Proven track record delivering SAP security in large‑scale global organizations
• Experience implementing access control policies and processes in regulated industries
• Technical knowledge of SAP GRC, SailPoint ARM, and SAP core security (ECC/S/4HANA)
• Strong vendor management and audit engagement experience
• Exposure to infrastructure security and modern identity governance tools

• Access Risk KPIs: % of users with SoD violations, % mitigated risks, role recertification completion rate
• Operational KPIs: Access provisioning SLA adherence, turnaround time for access requests, incident closure time
• Audit & Compliance KPIs: Audit readiness score, % of roles reviewed quarterly, policy violation trends
• Efficiency KPIs: % of access provisioning automation, reduction in access issues escalated, reduction in dormant users

The Wella Company is committed to equality as set out in its Equality Policy and the Equality Act 2010. We do not discriminate on any protected characteristic and actively promote diversity and inclusion within our workforce.

Full Time

1 position available