Senior SAP GRC Consultant

Role - Senior SAP GRC ConsultantLocation - Rosemead, CA- RemoteExp need - 10+ yearsRole Descriptions:About the RoleWe are seeking an experienced Senior SAP GRC Consultant with deep expertise in Access Control (AC), Process Control (PC), and Risk Management (RM) to design, implement, and sustain enterprise-grade governance, risk, and compliance frameworks across complex SAP landscapes.The ideal candidate has led end-to-end SAP GRC deployments, optimized SoD and risk rulesets, executed mass master data uploads using MDUG, automated controls and testing via CCM, scheduled MCP plans, and partnered closely with Security, Internal Audit, Compliance, and Business Process Owners to improve control maturity, reduce risk exposure, and conduct enterprise risk surveys.This role requires strong hands-on experience across backend SPRO configuration and front-end GRC operations.Key ResponsibilitiesSAP GRC Access Control (AC)• Lead design, configuration, and rollout via SPRO for: Access Risk Analysis (ARA)Access Request Management (ARM)Business Role Management (BRM)Emergency Access Management (EAM)Define, maintain, and tune SoD rulesets, risk functions, and mitigating controls aligned to business processes: OTC, P2P, RTR, HCM, TM, and othersImplement workflow-driven access provisioning and approvals, including: MSMP configurationBRF+ rule design and optimizationPerform user-, role-, and authorization object-level risk analysis, define remediation strategies, and enforce least-privilege role designEstablish and operate Firefighter (FFID) governance: FFID ID setup and assignmentLog review workflowsControl owner and reviewer maintenanceSLA compliance• Integrate SAP GRC AC with: HR / IDM / IAM platforms (SAP IDM, Azure AD, SailPoint, Okta)SAP Cloud IdentityTicketing tools (ServiceNow, Jira)• Strong end-to-end SAP Fiori authorization configuration knowledge, including catalogs, groups, spaces, and OData servicesSAP GRC Process Control (PC)Perform mass master data uploads using the MDUG programDesign and implement: Control librariesCentralized control documentationTest of Design (ToD) and Test of Effectiveness (ToE)• Configure and operate: Automated Business Controls (ABC)Continuous Control Monitoring (CCM)Data sources, business rules, workflows, alerts, and background jobsSchedule and manage MCP plans, certifications, and periodic control assessmentsAlign Process Control framework with: SOX / ITGCISO 27001COBITGDPRInternal audit requirements• Build dashboards and reports for: Control OwnersProcess OwnersInternal AuditSenior Management and ExecutivesSAP GRC Risk Management (RM)Lead implementation and configuration of SAP GRC Risk Management moduleDesign and maintain: Enterprise risk frameworksRisk categories, risk attributes, and scoring methodologies• Create risks and assign controls, including: Risk-to-control mappingPreventive and detective control alignment• Configure and manage: Risk assessments and risk surveysRisk owners and responsible partiesRisk response strategies (accept, mitigate, transfer, avoid)Enable risk monitoring, KRIs, and trend analysisSupport integration of RM with: Process Control (PC)Internal audit and compliance reporting• Prepare executive-level risk dashboards and risk exposure reportsArchitecture, Integration & Operations• Define SAP GRC architecture across: ECC and S/4HANASAP Cloud solutions (Ariba, SuccessFactors, Concur, Fieldglass)Non-SAP systems where applicable• Support internal and external audits: Evidence collectionAudit queriesRemediation and action plan tracking• Drive continuous improvement across: Joiner-Mover-Leaver (JML) processesPeriodic access reviewsControl automation and operational efficiencyRequired Qualifications & Experience8+ years of hands-on SAP GRC experience across Access Control, Process Control, and Risk ManagementMinimum 2-3 full lifecycle implementations of SAP GRC modulesDeep understanding of SAP authorization concepts: Roles, profiles, authorization objectsSU24, PFCG, SUIMFiori catalogs, groups, spacesOData services• Proven experience with: SoD rulesets (SAP standard and custom)BRF+ rule maintenanceMitigating control design• Strong experience with: EAM / Firefighter configuration and operationsFirefighter log reviews and compliance workflowsPC frameworks, CCM automation, issue and deficiency managementMCP plan schedulingStrong knowledge of SOX, ITGC, COBIT, NIST, ISO 27001, GDPRExcellent stakeholder management across IT Security, Audit, Compliance, and BusinessReporting and analytics experience:GRC standard reportsSAP BW/BISAP Analytics Cloud (preferred)Strong documentation and communication skillsNice-to-HaveS/4HANA greenfield or brownfield migration experienceIntegration experience with: Azure AD, SailPoint, OktaServiceNowSuccessFactors, Ariba, Concur, FieldglassExposure to: Cybersecurity programsSIEM / SOAR integrationsIdentity Governance & Administration (IGA) Knowledge of SAP IAG / SAP Cloud Identity Access GovernanceCertifications: SAP Certified Associate - SAP Access ControlCISA / CISM / CRISCCISSPISO 27001 Lead Implementer/AuditorITILCore Competencies Risk & Control Design: Mapping business processes to risks, controls, and monitoring logicTechnical Depth: SAP security design, authorization object analysis, trace/log review, connector troubleshootingAdvisory Mindset: Workshops, CRP/FIT-GAP analysis, roadmap developmentOperational Excellence: SLA-based delivery, change and incident managementCommunication & Influence: Executive-ready reporting and audit committee interactionDiverse Lynx LLC is an Equal Employment Opportunity employer. All qualified applicants will receive due consideration for employment without any discrimination. All applicants will be evaluated solely on the basis of their ability, competence and their proven capability to perform the functions outlined in the corresponding role. We promote and support a diverse workforce across all levels in the company.