METRO AG - Solution Expert - SAP GRC

Job Description :

How you will make an impact :

In this role, you act as the central technical authority for SAP authorization management and SAP GRC across METROs extensive SAP landscape of more than 300 systems spanning Finance, Logistics, HR, and Governance/Risk/Compliance.

As a core expert within the SAP GRC Squad, you ensure that authorization processes are secure, compliant, and operationally efficient.

The squad owns and maintains SAP GRC Access Controlincluding workflows, SoD risk catalogs, firefighter concepts, and compliant provisioningand governs the end-to-end authorization lifecycle across ECC, S/4HANA, BW/BI, HR, Fiori, and SAP SaaS applications.

You play a critical role in shaping robust authorization concepts, integrating SAP identities with non-SAP systems (e.g., Active Directory, SSO, IDM), and ensuring adherence to audit requirements such as SOX and GDPR.

By steering external providers, optimizing license-relevant authorizations, and ensuring riskminimized, audit-ready role designs, you directly strengthen METROs security posture and operational resilience.

Your Responsibilities :

- Ensure a secure, audit-proof, and risk-free authorization setup across all SAP systems.

- Operate, enhance, and maintain SAP GRC Access Control, including compliant provisioning, risk analysis, SoD controls, and firefighter processes.

- Design and maintain SAP roles and authorization concepts across ECC, S/4HANA, Fiori, and SAP SaaS solutions.

- Execute PFCG role maintenance, SU01 user provisioning, and SUIM-based audit/reporting.

- Minimize license costs by optimizing authorization designs in line with SAP RISE and new licensing concepts.

- Integrate SAP authorization concepts with Fiori apps, cloud systems, SSO, IDM, and Active Directory.

- Collaborate with business stakeholders to understand end-to-end processes and translate them into secure authorization models.

- Challenge and guide external providers to ensure high-quality, compliant service delivery.

- Prepare for and support internal/external audits, provide evidence, and implement remediation.

- Contribute to continuous improvement of SAP security policies, standards, and procedures.

Qualifications :

Required key competencies and qualifications :

- Overall, 10 years of experience.

- Minimum 5 years of SAP authorization management experience (ECC and S/4HANA).

- Deep understanding of SAP security and authorization concepts, roles, profiles, and authorization

objects.

- Expertise in PFCG role maintenance, SU01 user administration, and SUIM reporting.

- Experience with SAP GRC Access Control and modern authorization lifecycle processes.

- Ability to analyze and optimize authorizations for license efficiency (SAP RISE, new licensing models).

- Knowledge of Fiori, SAP SaaS applications, and integration of authorizations with cloud services.

- Experience with complex SAP landscapes (ECC, S/4HANA, BW/BI, HR, Solution Manager).

- Familiarity with SoD management, IT general controls, and regulatory requirements such as SOX and GDPR.

- Understanding of SSO, IDM, and interfaces with non-SAP systems (e.g., Active Directory).

- Strong interest in end-to-end business processes behind authorizations.

- Ability to effectively steer and challenge external providers.