SAP GRC / Audit / Risk Management

Job Description:

At DXC Technology, we believe strong connections and community are key to our success. Our work model prioritizes in-person collaboration while offering flexibility to support wellbeing, productivity, individual work styles, and life circumstances. We’re committed to fostering an inclusive environment where everyone can thrive.

The SAP GRC Consultant is responsible for designing, implementing, and supporting SAP Governance, Risk, and Compliance (GRC) solutions to strengthen internal controls, risk management, user access governance, and compliance reporting. The consultant will work closely with security, audit, and business stakeholders to ensure regulatory adherence (SOX, IFRS, ISO, local compliance) and alignment with enterprise risk management frameworks.

Key Process & Technical Knowledge

The consultant should have strong expertise in:

SAP GRC Access Control (AC):

• User Access Management (UAR).
• Emergency Access Management (EAM / Firefighter).
• Access Risk Analysis (ARA).
• Business Role Management (BRM).

SAP GRC Process Control (PC):

• Control design, documentation, monitoring, and testing.
• Continuous Control Monitoring (CCM).
• Policy management & workflow.

SAP GRC Risk Management (RM):

• Enterprise Risk Management framework configuration.
• Risk assessment methodologies.
• Key Risk Indicators (KRIs).

SAP Audit Management (AM):

• Planning and execution of audit engagements.
• Integration with risk and process control.
• Audit reporting and follow-up tracking.

Integration Skills:

• SAP GRC with SAP S/4HANA security concepts.
• Interfaces with Identity Management (IDM) and LDAP/AD.
• Understanding of SoD (Segregation of Duties) frameworks.

Key Responsibilities

• Conduct requirement gathering workshops with Audit, Risk, Compliance, and IT Security teams.
• Configure and support GRC Access Control, Process Control, Risk Management, and Audit Management modules.
• Perform SoD analysis, remediation, and mitigating control design.
• Implement workflow automation for user provisioning and access approvals.
• Support business role design and access governance.
• Enable continuous monitoring of controls and risks in SAP and non-SAP environments.
• Provide expertise during internal and external audits.
• Deliver end-user and key-user training on SAP GRC functionalities.
• Work closely with Basis and Security teams to ensure compliance with corporate IT policies.
• Support cutover, hypercare, and ongoing compliance operations.

Required Qualifications & Skills

Education & Certifications

• Bachelor’s degree in Information Systems, Computer Science, Finance, or related field.
• SAP GRC Certification (preferred).
• CISA, CISM, CRISC, or similar audit/security certifications (advantage).

Experience

• 5–8 years in SAP Security & Compliance, with minimum 3 years in SAP GRC.
• Hands-on implementation/support in Access Control + at least one of PC/RM/AM.
• Experience with SoD rule set customization and remediation.
• Exposure to compliance frameworks like SOX, GDPR, ISO 27001, NCA/NCA ECC.

Technical Skills

• Strong knowledge of SAP authorization concepts (roles, profiles, SUIM, SU24, PFCG).
• Expertise in GRC workflow, BRF+, MSMP configuration.
• Understanding of connector setup between GRC and SAP systems.
• Familiarity with audit and risk management best practices.

Soft Skills

• Strong analytical and problem-solving skills.
• Excellent communication for engaging business, audit, and IT teams.
• Ability to work under compliance pressure and deadlines.

At DXC Technology, we believe strong connections and community are key to our success. Our work model prioritizes in-person collaboration while offering flexibility to support wellbeing, productivity, individual work styles, and life circumstances. We’re committed to fostering an inclusive environment where everyone can thrive.

Recruitment fraud is a scheme in which fictitious job opportunities are offered to job seekers typically through online services, such as false websites, or through unsolicited emails claiming to be from the company. These emails may request recipients to provide personal information or to make payments as part of their illegitimate recruiting process. DXC does not make offers of employment via social media networks and DXC never asks for any money or payments from applicants at any point in the recruitment process, nor ask a job seeker to purchase IT or other equipment on our behalf. More information on employment scams is available here.