SAP Roles and Authorisations Workstream Lead

Eurobase People
Nottingham, United Kingdom
2 days ago

Role details

Contract type
Temporary contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior

Job location

Nottingham, United Kingdom

Tech stack

SAP Cloud
Microsoft Active Directory
Computer Security
RAID
Identity and Access Management
Network Security
SuccessFactors
SAP Applications
SAP HANA
Software Vulnerability Management
Test Scripts

Job description

We are seeking an experienced SAP Roles & Authorisations Workstream Lead to own and lead the delivery of who can do what/who can see what across SAP S/4HANA Public Cloud, SuccessFactors EC/EC-P, SAP Analytics Cloud, and SAP Datasphere. The role is responsible for analysing the client's current role model, defining a target access design, mapping roles to the new landscape, and supporting implementation and validation. This is a client-facing, delivery-focused role requiring strong workstream planning, clear communication, and the ability to guide offshore teams with minimal oversight. Scope note: This role is focused on roles/authorisations and access governance. It does not cover broader cyber security domains (network security, vulnerability management, SOC operations).

Key Responsibilities

  1. Workstream Leadership & Offshore Delivery Accountability

. Lead the Roles & Authorisations workstream across the programme. . Provide clear direction and day-to-day leadership to an offshore delivery team responsible for role build, documentation, and test evidence. . Define and enforce: . Own the workstream delivery plan, milestones, and dependencies aligned to programme governance. . Act as the single point of accountability for roles and access delivery outcomes.

  1. As-Is Assessment & Role Mapping

. Analyse existing roles, permission sets, and access usage patterns. . Identify: . Produce a role mapping from current state to target state, including rationalisation and standardisation recommendations.

  1. Target Access Design (To-Be) Across Platforms Define and govern the target role/access model across:

. S/4HANA Public Cloud . SuccessFactors EC/EC-P . SAP Analytics Cloud (SAC) . SAP Datasphere

Ensure the access model:

. Is persona-based and least-privilege by design . Supports auditability and controlled approvals . Is consistent across domains and environments

  1. Implementation Support & Access Validation

. Drive the role build backlog and prioritisation. . Ensure offshore delivery produces: . Define and govern access validation: . Support SIT/UAT readiness by ensuring test users/roles are correctly provisioned and verified.

  1. Client-Facing Engagement & Governance

. Lead workshops with stakeholders to define: . Provide clear updates on: . Present role design decisions and exceptions in governance forums as needed.

  1. Identity Access Management/Active Directory Collaboration

. Collaborate with the client IAM team using working knowledge of IAM/AD concepts (joiner/mover/leaver, groups, SSO concepts). . Provide required SAP inputs (role catalogue, group mapping approach) and support access testing.

Deliverables

. Workstream delivery plan (activities, milestones, dependencies, RAID) . As-Is access assessment and key risk findings . Target role/access design standards and naming conventions . Role mapping Matrix (current ? target) . Role catalogues for: . Access validation approach and persona-based test scripts . Evidence packs for sign-off and audit readiness . Structured handover to BAU/security operations

Requirements

Proven experience leading SAP Roles & Authorisations on complex programmes . Strong experience designing access models for: . Experience leading offshore delivery teams and assuring quality of outputs . Strong stakeholder management and workshop facilitation skills . Strong governance mindset: least-privilege, documentation discipline, audit readiness . Working knowledge of corporate IAM/AD concepts sufficient to collaborate effectively

Desirable

. Experience in regulated environments/public sector . Experience with SoD processes or tooling (delivered in collaboration with compliance/GRC functions) . Experience using SAP Cloud ALM for traceability (beneficial)

Personal Attributes

. Delivery-led, proactive, and able to operate with minimal oversight . Comfortable challenging over-provisioned access requests constructively . Strong attention to detail and documentation quality . Confident guiding offshore teams and maintaining consistent standards . Clear communicator with both technical and non-technical stakeholders

Apply for this position