Application Security - Manager (SAP)

At Deloitte, our Purpose is to make an impact that matters for our clients, our people, and society. This is the lens for which our global strategy is set. It unites Deloitte professionals across geographies, businesses, and skills. It makes us better at what we do and how we do it. It enables us to deliver on our promises to stakeholders, while creating the lasting impact we seek.

Harnessing the talent of 450,000+ people located across more than 150 countries and territories, our size and scale puts us in a unique position to help change the world for the better—by bringing together the services we provide, the societal investments we make, and the collaborations we advance through our ecosystems.

Deloitte offers career opportunities across Audit & Assurance (A&A), Tax & Legal (T&L) and our Consulting services business, which is made up of Strategy, Risk & Transactions Advisory (SR&T) and Technology & Transformation (T&T).

Are you ready to apply your knowledge and background to exciting new challenges? From learning to leadership, this is your chance to take your career to the next level.

Want to help us create a secure cyber environment?

Cyber is home to our team of Cybersecurity specialists, an innovation‑culture environment that includes more than 1,700 professionals who help organisations to make intelligent decisions and prevent and manage business and operational risks, along with those existing in technological, financial, and non‑financial processes.

7+ years of progressive experience with roles in a professional or consulting services environment (including boutique security firms), public and/or private sector organisations is required. Experience within the Application Security Offering or professional services environment, including delivery of Application Security engagements across key industries is essential.

• Experience in areas of SAP Process Control, SAP Risk Management, SAP Audit Management and SAP Fraud Management.
• Experience in Ruleset Customization, Remediation and Mitigation of Risks.
• Understanding of different authorization tables, troubleshooting authorization issues, and user access management.
• Minimum 3–4 end‑to‑end implementations or upgrades of SAP GRC.
• Experience gathering business requirements, performing risk analysis and implementing SAP Security Design.
• Excellent written and verbal communication skills.
• Experience with SAP S/4 HANA on‑premise and S/4 HANA Cloud implementation.

Specialised Technical Capabilities:

• Develop and execute strategies, architectures, and roadmaps to provide client with value‑adding and cost‑effective Application Security solutions.
• Analyse the client’s Application Security landscape to enable targeted and data‑driven enhancements.
• Design and implement SAP security solutions based on client Application Security requirements.
• Design and implement non‑SAP security (Oracle, ServiceNow) solutions based on client Application Security requirements.
• Gather SAP client requirements and convert them into value‑adding Application Security solutions.
• Design and implement SAP Authorisations and SAP GRC solutions for on‑premise and cloud platforms.
• Apply multiple security testing methodologies and techniques to assess client’s Application Security landscape and identify vulnerabilities.
• Assess Application Security policies and procedures for compliance with regulatory requirements and operational efficiency, providing mitigating solutions.
• Proficient with multiple domain‑specific Application Security technology solutions and integrate them effectively.
• Enable sustainability and continuous improvement of Application Security solutions by assessing and enhancing client’s Cyber Security governance infrastructures.
• Understands and applies cyber threat intelligence and profiling to design and assess client application systems.
• Test the effectiveness of client’s Application Security controls to identify vulnerabilities and articulate opportunities for improvement.
• Conduct complex business process assessments to help clients identify, analyse, and prioritise gaps and risks; apply findings to recommend upgrades aligned to overall strategy.
• Develop effective and sustainable technology and Cyber risk management strategies by tailoring leading Cyber frameworks to key clients’ business and technology needs.
• Understand the interaction of business and technology processes/risk and explain it in business terms to both technical and non‑technical audiences.

Technical Competencies:

• Bring technical and industry experience in Cyber Application Security to engage with clients and key stakeholders pragmatically.
• Understand technical complexity at Network, Application, Database, Infrastructure and Cloud levels.
• Knowledge of wider Cyber Security issues and opportunities beyond the specific domain specialisation.
• Able to scope Cyber engagements effectively and assign and manage an appropriate team to deliver against the engagement requirements.
• Experience in Risk Management, Audit Management and Fraud Management.
• Experience in SAP GRC Process Control and SAP GRC Access Control.
• Ruleset Customisation, Remediation and Mitigation of Risks.
• Understanding of authorization tables, troubleshooting authorization issues, user access management.
• Minimum two to three end‑to‑end implementations/upgrades of SAP GRC.
• Business process understanding in SAP business process areas.
• Gathering business requirements, risk analysis and implementation of SAP Security Design.
• Strong User role and authorisations design.
• Strong S4/HANA authorisations implementation capability.
• Good understanding of SAP S4/HANA Implementation Cycle to embed GRC scope/solutions.
• Viewpoints on Sizing/Cloud Hosting/Integration with other applications.
• On‑premise and cloud deployment experience.
• Ownership of deliverables driving team quality and risk management.

Minimum qualifications:

• Relevant degree (Honours or postgraduate diploma), professional qualifications such as B.Sc, BCom, B.Ing/Eng or M.Sc; or one or more major industry/cyber certifications, diplomas, professional certifications (SAP).

Desired qualifications:

• Bachelor’s or postgraduate degree in Engineering/Computer Science/IT with relevant Cyber‑specific certifications (e.g., SAP Security Industry Certification, SAP GRC Business Objects Certification, CISM, ITIL Foundation).

Note: The list of tasks/duties and responsibilities contained in this document is not necessarily exhaustive. Deloitte may ask the employee to carry out additional duties or responsibilities, which may fall reasonably within the ambit of the role profile, depending on operational requirements.

At Deloitte, we want everyone to feel they can be themselves and thrive at work—everywhere, everyday. Our recruitment processes are aligned with our Employment Equity Plan and the principles of the Employment Equity Act. We actively support the inclusion of people with disabilities and embrace neurodiversity in the workplace, and we are committed to creating an environment where everyone can thrive.

If you require reasonable accommodations in relation to your disability or neurodiverse needs during the recruitment process, please let us know. We are happy to make adjustments to suit your individual needs.