Lead Business Analyst, ERP Basis & Authorization (SAP Sr – Project Manager -)

Role Objective

A Lead Business Analyst – ERP Basis & Authorization is responsible for implementing and overseeing the architecture, operations, and authorization frameworks across the SAP ecosystem, including S/4HANA, BW/4HANA, Integration Suite, Datasphere, Mobility solutions, SAC, SAP Joule, CALM, Signavio, and LeanIX. The role leads the design of role concepts, position based access, SoD/compliance controls, and high quality Solution Design Documents, while ensuring reliable system performance, lifecycle management, and secure integrations across platforms and BTP-based extensions. This position collaborates with Infrastructure, Security, Enterprise Architecture, and business teams to support the transition to RISE and maintain a scalable and secure SAP environment.

Key Responsibilities

▪Own end‑to‑end SAP architecture governance across S/4HANA, BW/4HANA, Integration Suite, Datasphere, Mobility, SAC, Joule, CALM, Signavio, and LeanIX - defining standards, patterns, and non‑functional requirements (performance, resilience, security).

▪Lead authorization strategy and role design (including position‑based access), enforcing SoD controls, regulatory/compliance alignment, and audit readiness across all platforms and environments.

▪Oversee operations and lifecycle management for the SAP landscape - environment strategy, patching/upgrade waves, transport governance, performance tuning, monitoring, and incident/problem management with SAP RISE, Basis & Security.

▪Drive Solution Design Documents (SDDs) and related technical documentation, ensuring traceability from business requirements to architecture, integration design, and authorization controls.

▪Orchestrate integrations and extensions on SAP BTP, establishing secure connectivity, identity federation, API governance, eventing, and reusability standards across apps and services.

Steer the transition to RISE with SAP, coordinating landing zone design, tenant strategy, readiness assessments, cutover planning, and operational handover with managed services.

▪Implement enterprise architecture alignment using Signavio (process models/fit‑to‑standard) and LeanIX (application portfolio/tech risk), maintaining a consistent source of truth for capabilities and integrations.

▪Lead risk, compliance, and security posture management, including SoD simulations, periodic access reviews, threat and vulnerability assessments, DR/BCP validation, and remediation plans.

▪Partner with business and IT leadership to prioritize the roadmap, manage trade‑offs, and deliver measurable outcomes (stability, security, time‑to‑value), while enabling change management, training, and adoption.

Educational Qualification

•Bachelor’s degree in engineering / computer science or equivalent.

•SAP Certified in at least one of the areas below:

oSAP Certified Associate - SAP S/4HANA System Administration

oSAP Certified Associate - Security Administrator

oSAP Certified - Solution Architect - SAP BTP

oSAP Certified - SAP BTP Administrator

Professional Experience

•9+ years in SAP technical roles, including 6+ years leading Basis and Security/Authorization across large S/4HANA or SAP ERP programs.

•Demonstrated leadership in cloud transformation initiatives, ideally including SAP RISE and hyperscaler deployment models

•Strong experience leading cross‑functional teams (Basis, Security, Functional, Enterprise Architecture, vendors) and coordinating with business and IT stakeholders to drive design, issue resolution, and project deliverables.

•Experience with SAP BTP (integration, extensions, security, identity federation, API management, event mesh, and platform services).

•Good understanding of SAP security and GRC, including SoD frameworks, audit remediation, compliance alignment, and enterprise‑grade position‑based access control methodologies

•Track record of producing and governing technical documentation, including Solution Design Documents, architecture diagrams, interface catalogues, and authorization blueprints.

Familiarity with enterprise architecture and process management tools, with exposure to using platforms such as Signavio for process modelling and LeanIX for application and integration documentation.

•Proven ability to manage large‑scale SAP programs, including environment strategy, cutover planning, operational readiness, performance optimization, and post‑go‑live stabilization.

•Must be fluent in written and spoken English.

Technical Skills

•Extensive experience overseeing SAP S/4HANA technical architecture and operations, including landscape design, performance optimization, and system lifecycle management across multi‑tier environments.

•Knowledge in designing and governing SAP authorization frameworks, including role concepts, position‑based access models, SoD controls, and audit‑aligned security structures for S/4HANA and connected systems.

•knowledge of SAP BTP integration and extension services, including basic connectivity, identity handling, API usage, and general familiarity with platform operation

•Experience managing and monitoring SAP Integration Suite, including secure interface design, Cloud Connector and end‑to‑end integration oversight.

•Understanding of BW/4HANA and SAP Datasphere architectures, including analytical privileges, data access control, performance tuning, and data lineage governance.

Experience with SAC security setup, including familiarity with role‑based access, managing data connections, and understanding how SAC aligns with backend authorization models

•Familiarity with using Signavio and LeanIX to support process documentation, application mapping, and general visibility into integration and lifecycle information within the SAP landscape

•Knowledge of SAP Cloud ALM operations, including change management, test orchestration, deployment governance, monitoring, and operational readiness across cloud and hybrid environments.

•Basic understanding of identity and access management concepts, including familiarity with SSO methods (such as SAML or OAuth), user provisioning approaches, and general exposure to Azure AD/Entra ID integration and cross‑platform access handling

•Familiar with concepts of high availability, disaster recovery, and system lifecycle practices, ensuring resilient operations and optimized performance.

Soft Skills

•Analytical thinking to assess vulnerabilities and solve complex technical issues.

•Strong interpersonal skills, with proven experience working in a multinational or culturally diverse team environment

•Attention to detail during patching, documentation, and security reviews.

•Strong teamwork when coordinating with security, infrastructure, and application teams.

•Effective planning & organization for patch cycles and maintenance windows.

•Calm under pressure during incidents, outages, or urgent security fixes.

•Proactive mindset to identify risks and improvement opportunities.

•Accountability for delivering secure, stable, and compliant SAP System landscapes.

Job Types: Full-time, Contract

Application Question(s):

• Please indicate your expected salary and notice period
• Do you have experience with SAP BTP (integration, extensions, security, identity federation, API management, event mesh, and platform services)?
• DO you have good understanding of SAP security and GRC, including SoD frameworks, audit remediation, compliance alignment, and enterprise‑grade position‑based access control methodologies?
• Do you have extensive experience overseeing SAP S/4HANA technical architecture?
• Are you SAP Certified in at least one of the areas below and mention which certification:

oSAP Certified Associate - SAP S/4HANA System Administration
oSAP Certified Associate - Security Administrator
oSAP Certified - Solution Architect - SAP BTP
oSAP Certified - SAP BTP Administrator

• Do you have 6+ years leading Basis and Security/Authorization across large S/4HANA or SAP ERP programs?

Experience:

• SAP technical roles: 9 years (Preferred)