Collinwood is assisting our Client, a large and respected Manufacturing Company in seeking an SAP IAM Engineer. This is a Fulltime opportunity that requires 25% travel.
The SAP Identity and Access Management Engineer will be responsible for the compliant design implementation and administration of our SAP Ecosystem. Creating and maintaining roles within both SAP On-premise systems and SAP Cloud environments, administering users in both SAP and non-SAP Systems. Designing and improving security and business processes to be compliant and efficient.
What you will be doing:
- Support the existing SAP on premise systems including ECC, HCM, SCM, BW and CRM, the existing SAP Cloud systems including Identity Access Governance, Identity Services (IAS and IPS), Concur, Ariba, Commerce Cloud, C4C and BTP and the non-SAP systems that are part of the client Employee Identity lifecycle such as Microsoft Active Directory and Azure Entra ID.
- Design and implement secure SAP authorization roles based on the principle of least privilege.
- Maintain role documentation to ensure users, approvers and reviewers understand the access available.
- Regularly review and update roles to reflect changes in business processes and system functionality.
- Investigate and resolve user access issues related to authorizations and permissions.
- Work with application, process and functional owners and users to understand and address access request needs.
- Maintain clear documentation of user access issues and resolutions within our ticketing tools.
- Configure and manage SAP's integration with SSO solutions (Azure, SAP Secure Login Service, SAP Identity Authentication Service).
- Collaborate with Infrastructure teams and application owners to ensure seamless and secure SSO experience.
What we need from you:
- Bachelor's degree in Information Technology, Business Administration, Information Systems or a related field.
- Ability to communicate and articulate effectively, both orally and in writing, to present complex concepts and ideas to IT development teams and business counterparts.
- Strong analytical and problem-solving skills to effectively identify and resolves issues.
- Ability to manage multiple conflicting priorities in a professional manner, good planning and organizing skills
- Ability to interact with business users, technical teas and third parties.
- Working in distributed team environments, initiative-taking, and self-directed
- Deep knowledge of SAP Role Design principles including Master-Derived roles, Composite roles,, Business Role Concept, authorization objects and system traces.
- Experience in supporting designing new roles based on business requires or redesigning existing roles based on update requirements.
- Experience in remediating segregation of duties conflicts via role design changes
- Experience in leading and coordinating projects with various stakeholders and interest in order to design, build and deploy security solutions to the enterprise
- Demonstrated experience with large Enterprise ERP implementations in the areas of technical design specification, development, testing, deployment and support.
- Experience using Microsoft Office products, including Outlook, Excel, PowerPoint, Visio.
- Travel, domestic and international, up to 25%
Nice to Have:
- Speaking / Writing in Spanish and French are desirable.
- Hands on experience with SAP Identity Access Governance or Cloud Identity Services
- Knowledge of SAP Datawarehouse tools BW, DataSphere, SAP Analytic Cloud (SAC) is a plus.
- Familiarity with S4/HANA architecture, features, and migration strategies.
- Working knowledge of Single Sign on authentication methods such as SAML2.0 and OAuth
