SAP GRC

Job Description:

Overview The SAP GRC (Governance, Risk, and Compliance) Consultant is responsible for implementing, configuring, and maintaining SAP GRC solutions to manage and automate access controls, process controls, and risk management within the organization. This role focuses on ensuring compliance with internal policies, external regulations (e.g., SOX, GDPR), and mitigating security risks associated with sensitive data and business processes. Responsibilities A SAP GRC Consultant's responsibilities typically include:

• Implementing and Configuring SAP GRC Modules: Designing and implementing SAP GRC Access Control (AC), Process Control (PC), and Risk Management (RM) solutions to address specific business and compliance requirements.
• Access Control Management: Managing user provisioning and de-provisioning, designing and maintaining SAP security roles, and implementing Segregation of Duties (SoD) controls.
• Risk Analysis and Mitigation: Identifying and assessing risks, defining SoD rule sets, analyzing SoD conflicts, and developing mitigation strategies.
• Process Control Management: Configuring and monitoring internal controls, including developing automated control tests and defining issue remediation workflows.
• Compliance and Audit Support: Ensuring compliance with regulatory requirements and internal policies, conducting periodic compliance audits, and supporting internal and external audit processes.
• Reporting and Analytics: Generating reports and dashboards to provide insights into risk and compliance status, aiding decision-making.
• Collaboration and Stakeholder Management: Collaborating with business stakeholders, IT teams, and auditors to define requirements, implement solutions, and provide support.
• System Administration and Support: Managing SAP GRC system administration, troubleshooting issues, and ensuring system performance.

Qualifications

• A Bachelor's degree in Computer Science, Information Technology, Finance, or a related field is preferred.
• Proven experience (typically 3-5+ years) in SAP GRC, with hands-on experience in implementing and managing SAP GRC modules like Access Control, Process Control, and Risk Management.
• Strong understanding of SAP security concepts, including user roles, authorizations, authorization objects, and security profiles.
• Familiarity with regulatory compliance standards like SOX, GDPR, and ITGC, according to PwC Acceleration Centres.
• Experience with risk analysis tools, SoD frameworks, and mitigation strategies.
• Excellent analytical, problem-solving, and communication skills.
• Ability to work effectively in a team environment and collaborate with various stakeholders.
• Relevant SAP certifications in GRC or related areas are a plus.

Key skills

• SAP GRC Modules: Access Control (ARM, ARA, EAM, BRM, UAR), Process Control, Risk Management.
• SAP Security: Roles, authorizations, user management, SoD analysis and remediation.
• Compliance: Regulatory knowledge (e.g., SOX, GDPR), internal control design and testing.
• Risk Management: Risk assessment, mitigation planning, risk response strategies.
• Technical Skills: GRC configuration, workflow setup, reporting, troubleshooting.
• Soft Skills: Analytical, problem-solving, communication, collaboration, stakeholder management.

At DXC Technology, we believe strong connections and community are key to our success. Our work model prioritizes in-person collaboration while offering flexibility to support wellbeing, productivity, individual work styles, and life circumstances. We’re committed to fostering an inclusive environment where everyone can thrive.

Recruitment fraud is a scheme in which fictitious job opportunities are offered to job seekers typically through online services, such as false websites, or through unsolicited emails claiming to be from the company. These emails may request recipients to provide personal information or to make payments as part of their illegitimate recruiting process. DXC does not make offers of employment via social media networks and DXC never asks for any money or payments from applicants at any point in the recruitment process, nor ask a job seeker to purchase IT or other equipment on our behalf.More information on employment scams is availablehere .