Spclst, Enterprise Bus Sys

Job Description – SAP Authorization Consultant

Job Title: SAP Authorization Consultant

Department: Digital Technology / ERP CoE /

Reports to: SAP Security / Authorization Lead (according to local organizational structure)

Location: Prague / Hybrid (according to local conditions)

Role Purpose

SAP Authorization Consultant is responsible for the design, maintenance, and governance of SAP authorization concepts across SAP systems, ensuring secure, compliant, and audit-ready access management in line with SOX, Segregation of Duties (SoD), and internal SAP Competence Center policies.

The role acts as a bridge between business process owners, IT, and compliance, ensuring that users have appropriate access aligned with business roles, without compromising system security.

Key Responsibilities

Authorization Concept & Role Design

• Design, implement, and maintain business-role-based authorization concepts in SAP.

• Define and enforce role naming conventions.

• Ensure separation of business and technical roles.

• Maintain environment separation (Production / QA / Development).

• Ensure alignment with global SAP Competence Center standards.

User & Role Lifecycle Management

Govern end-to-end lifecycle of SAP users, business roles, and composite roles.

• Manage role changes and role copies.

• Review and approve access requests in cooperation with business managers and internal control

• / audit teams.

• Manage and monitor emergency / firefighter users.

Segregation of Duties (SoD) & SOX Compliance

• Ensure compliance with SoD and SOX requirements.

• Identify and analyze authorization conflicts.

• Support internal and external audits.

• Perform periodic access reviews and support SOX evidence preparation and remediation.

• Security Governance & Controls

• Monitor and restrict critical authorizations (e.g. SAP_ALL, SAP_NEW).

• Control access to sensitive transactions, debugging, table maintenance, and background job

• administration.

• Ensure full audit trail and traceability of authorization changes.

Project & Change Support

Assess authorization impacts of new SAP processes (PTP, OTC, R2R).

Support S/4HANA upgrades and new Fiori applications.

Support new document types and workflows.

Cooperate with SAP Functional Consultants, SAP BASIS, and SAP Development teams.

Support cutover, testing, and go-live activities.

Required Skills & Experience

Technical Skills

• Strong experience with SAP Authorizations (roles, profiles, authorization objects).

• Hands-on knowledge of PFCG, SU01, SUIM.

• Understanding of SAP S/4HANA authorization concepts.

• Knowledge of Fiori authorization model is an advantage.

Process & Compliance Knowledge

• Solid understanding of Segregation of Duties (SoD).

• Knowledge of SOX and internal control frameworks.

• Knowledge of SAP business processes: PTP (mandatory or strong advantage), OTC / R2R

• (advantage).

Soft Skills

• Strong analytical and problem-solving skills.

• Ability to communicate with both business and technical stakeholders.

• High attention to detail and strong governance mindset.

• Ability to work in a regulated, audit-driven environment.

Education

Bachelor’s degree in IT, Computer Science, Information Systems, or equivalent experience.

Nice to Have

• Experience with SAP GRC Access Control.

• Experience with SAP security in large, global landscapes.

• Experience with SAP upgrade or transformation projects (e.g. S/4HANA).

• Experience working in SAP Competence Center or Shared Service model.

Carrier is An Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age or any other federally protected class.

Job Applicant's Privacy Notice:

Click on this link to read the Job Applicant's Privacy Notice