[Remote] SAP Security Engineer (GRC – Technical)

Note: The job is a remote job and is open to candidates in USA. Bright Vision Technologies is a forward-thinking software development company dedicated to building innovative solutions that help businesses automate and optimize their operations. They are seeking an experienced SAP Security Engineer (GRC – Technical) to design, implement, and operate security and access-control frameworks for complex SAP landscapes. The role involves managing SAP role design, user provisioning, segregation-of-duties analysis, and supporting audits to ensure a secure SAP environment.

Responsibilities

• Design and maintain SAP authorization concepts and role structures aligned with business processes and least-privilege principles
• Build and maintain master, derived, composite, and business roles for S/4HANA, ECC, and Fiori applications
• Configure and operate SAP GRC Access Control (ARA, ARM, BRM, EAM), including ruleset management, mitigating controls, and emergency access management
• Perform segregation-of-duties analysis and remediation in collaboration with business process owners and internal audit
• Configure user provisioning workflows in SAP GRC ARM, including request types, approval paths, and integration with IDM/IAM platforms
• Operate SAP GRC Process Control for continuous controls monitoring and policy management
• Implement security for Fiori applications, including catalogs, groups, and front-end authorizations
• Configure and operate security for SAP BTP and cloud applications using XSUAA, IAS, and IPS
• Support SAP audits (SOX, GxP, PCI) and respond to audit findings with documented remediation plans
• Implement transport security, table logging, and audit logging in line with internal security policies
• Monitor and remediate SAP Security Notes in coordination with Basis and DBA teams
• Maintain comprehensive, current technical documentation — including architecture diagrams, design decisions, configuration references, runbooks, and operational procedures — so that the system remains supportable, auditable, and easy to onboard new engineers onto over time
• Mentor junior team members and support knowledge transfer across the security team

Skills

• Bachelor's degree in Computer Science, Engineering, or a related technical discipline
• Five or more years of SAP Security / GRC experience in enterprise landscapes
• Strong hands-on experience with SAP authorization concepts and role design
• Deep experience operating SAP GRC Access Control (ARA, ARM, BRM, EAM)
• Experience supporting SAP audits and remediation activities
• Hands-on experience securing Fiori, BTP, and cloud SAP applications
• Familiarity with SAP IDM or third-party IGA tooling
• Working knowledge of SAP Process Control
• Strong understanding of regulatory frameworks such as SOX, GxP, and PCI
• Excellent communication and documentation skills
• SAP-certified Security or GRC credentials
• Experience with SAP Cloud Identity services (IAS, IPS) and SCIM-based integrations
• Familiarity with HANA security and analytic privileges
• Experience with continuous controls monitoring frameworks
• Exposure to SAP RISE / Grow security operating models

Benefits

• Competitive base salary commensurate with experience, plus benefits.
• Full-time, direct W2 with Bright Vision Technologies (no C2C, no 1099, no third-party)
• No new H1B sponsorship available. H1B transfers welcomed for qualified candidates.
• We will support H1B transfers for qualified candidates.

Company Overview