SAP Security IAM Consultant
About the job
About the SAP Security IAM Consultant role
The SAP Security IAM Consultant is responsible for designing, implementing, and optimising SAP authorisation and identity access management frameworks to ensure secure and compliant system access. This role analyses existing roles and user access, identifies risks such as segregation of duties conflicts, and defines role-based access aligned with business processes and security policies. Working closely with stakeholders, the consultant conducts workshops, standardises role structures, and delivers end-to-end role design—from blueprinting to deployment—ensuring efficient, least-privilege access across complex SAP environments.
Responsibilities:
- Analyse existing roles and authorisation profiles (PFCG). Identify redundancies, conflicts, and obsolete roles
- Review SUIM reports and user-role assignments
- Conduct workshops with business process owners. Define job-based access requirements
- Document functional and compliance needs. Align with internal security policies and audit requirements
- Design role concept (single roles, composite roles, derived roles). Apply least-privilege principle
- Eliminate redundant or conflicting authorisations. Standardise naming conventions and role structure
- Assess Segregation of Duties (SoD) risks
- Design, implement, and maintain SAP authorisation concepts and roles based on business requirements and security standards (SoDs)
- Collaborate with stakeholders to analyse and understand authorisation needs for various business processes and modules
Requirements
- Bachelor’s degree in computer science, Information Systems, or a related field
- 7–10+ years of hands-on experience in SAP Security and Authorisation design and support
- Proven experience in end-to-end role design, including blueprinting, build, testing, and deployment
- Strong experience in complex SAP landscapes (ECC)
