SAP Security & Authorization Engineer

MassMutual is seeking a senior, hands-on SAP Security & Authorization Engineer to directly design, build, test, and support SAP security across a large, complex SAP landscape. This role is execution-focused and requires deep, day-to-day work in SAP systems while also serving as the primary technical authority and advisor for SAP security within Finance Technology.

The successful candidate will spend the majority of their time working directly in SAP, resolving complex authorization issues, supporting audits, and partnering closely with project and business teams during SAP S/4 HANA and APEX-related modernization initiatives, while also mentoring others through hands-on collaboration.

The Team

S/4HANA & Enterprise Program Support

• Serve as the hands-on SAP Security lead for S/4HANA programs, including:

• Role design, build, test and maintain business Fiori roles.
• Removal of deprecated tiles and update authorizations during upgrades
• Updates to company-code-driven and derived roles

• Actively support unit testing, SIT, UAT, performance, reporting, and training cycles, often involving large user populations.
• Resolve defects raised in various testing cycles by updating the roles.
• Work directly with developers and functional teams to:

• Assess security impacts
• Perform pre-business testing
• Validate fixes prior to business testing

The Impact

Hands-On SAP Security Delivery (Primary Focus)

• Personally design, build, test, and maintain SAP security roles and authorizations across SAP systems (S/4HANA, Fiori, HANA DB, SAC, DATASPHERE, PAPM, ECC, BI, XI)
• Perform hands-on troubleshooting and remediation of complex authorization issues impacting Finance, HR, Procurement, BW, and reporting users.
• Provide direct production support, including urgent access issues, role corrections, and user remediation.
• Perform feasibility assessments for new technologies by doing Proof of Concepts/Technology
• Secure custom programs/tables working with the ABAP development teams.
• Execute monthly SAP Security Note reviews, support pack validation, and hands-on regression testing.
• Actively support Sandbox, Development, QA, Pre-Production, and Production environments.

Identity, Access & GRC Integration

• Act as the hands-on SAP security SME for:

• IAMSTRONG integrations
• Manager access reviews and transfer reviews.
• Segregation of Duties (SoD) and orphaned access remediation

• Personally support and troubleshoot ILM tooling related to onboarding, offboarding, audit controls, and access cleanup.
• Partner directly with IAM, ServiceNow, and security teams to modernize and stabilize access request and fulfillment processes.

Audit, Risk & Compliance

• Personally support SAP audits, including access reviews, evidence collection, and remediation.
• Execute required security corrections directly in SAP to address audit findings.
• Serve as the primary technical contact for Audit, Business, Risk, and Compliance partners on SAP security matters.

Technical Leadership & Knowledge Sharing

• Serve as the go-to SAP security authority for Finance Technology.
• Mentor and support team members through direct collaboration and hands-on problem solving.
• Create and maintain practical documentation and FAQs to improve self-service and reduce repeat issues.
• Help prioritize work while remaining directly accountable for complex or high-risk security changes., * SAP security remains stable, compliant, and business-enabling throughout ongoing S/4HANA and APEX initiatives
• Audit requests are handled efficiently with strong ownership and clear documentation
• Business partners experience responsive, well-explained, hands-on support.
• IAM and access management processes continue to improve through practical execution and collaboration
• The SAP Security team benefits from knowledge transfer, consistency, and technical mentorship

• Bachelor's degree in IT or related field of study
• 8+ years of hands-on SAP Security & Authorization experience.
• 8+ years demonstrated experience personally building, testing, and troubleshooting SAP roles in ECC
• 2+ years hands on experience S/4HANA, HANA DB, SAC (Security Analytical Cloud), Datasphere, PAPM, ECC, BI, PI systems
• 8+ years proven experience supporting production SAP systems in a large, multi-instance landscape
• 2+ years experience supporting audit activities and remediation directly within SAP, * Ability to balance BAU production support with major transformation initiatives.
• Strong communication skills with the ability to clearly explain security impacts to both technical and non-technical partners
• Experience supporting SAP S/4HANA transformations or large ERP modernization programs
• Experience with building SAP S/4 Fiori roles from catalogs/groups and spaces/pages
• Experience with design and building of HANA database security roles with System, Object and Analytical privileges
• Experience working with Datasphere roles/scoped roles, SAC teams/Roles, role collections in BTP applications like PaPM, Cloud Identity Services.
• Familiarity with IAM, GRC, ILM, and automated access provisioning frameworks.
• Experience supporting analytics and reporting platforms integrated with SAP (BW, SAC, AO, etc.)
• Prior experience in financial services or other regulated industries.

$128,000-$168,000

At MassMutual, we focus on ensuring fair equitable pay, by providing competitive salaries, along with incentive and bonus opportunities for all employees. Your total compensation package includes either a bonus target or in a sales-focused role a Variable Incentive Compensation component., At MassMutual, we focus on ensuring fair, equitable pay by providing competitive salaries, along with incentive and bonus opportunities for all employees. Your total compensation package includes either a bonus target or in a sales-focused role a Variable Incentive Compensation component. For more information about our extensive benefits offerings please check out our Total Rewards at a Glance.

MassMutual offers the opportunity to do meaningful work within a purpose-driven organization that values long-term impact over short-term outcomes. In this role, you can expect: * Clear areas of ownership and accountability, with work that connects directly to company and customer outcomes * A collaborative environment where perspectives are welcomed * Access to learning, development, and internal networks that support continuous growth and skill-building over time * Employee-led communities and forums that foster connection, learning, and inclusion across the organization * A culture grounded in integrity, responsibility, and stewardship-supported by a company with a strong legacy and a future-focused mindset, We've been around since 1851. During our history, we've learned a few things about making sure our customers are our top priority. In order to meet and exceed their expectations, we must have the best people providing the best thinking, products and services. To accomplish this, we celebrate an inclusive, vibrant and diverse culture that encourages growth, openness and opportunities for everyone. A career with MassMutual means you will be part of a strong, stable and ethical business with industry leading pay and benefits. And your voice will always be heard. We help people secure their future and protect the ones they love. As a company owned by our policyowners, we are defined by mutuality and our vision to put customers first. It's more than our company structure - it's our way of life. We are a company of people protecting people. Our company exists because people are willing to share risk and resources, and rely on each other when it counts. At MassMutual, we Live Mutual.