Freelance SAP GRC Access Control Consultant

Company Description

ThreatXIntel is a cybersecurity startup specializing in delivering customized, cost-effective solutions to protect businesses and organizations from cyber threats. Our team of experienced professionals offers services such as cloud security, web and mobile security testing, DevSecOps, and vulnerability assessments. We are committed to providing high-quality security services tailored to the needs of startups and small businesses, ensuring digital protection and peace of mind for our clients. At ThreatXIntel, we adopt a proactive approach by continuously monitoring and testing digital environments to safeguard against potential vulnerabilities.

Role Description

We are seeking an experienced Enterprise Applications Security Technical Specialist to lead security architecture, access governance, and compliance across our enterprise applications landscape. The consultant will be responsible for designing and enforcing security controls across large-scale platforms including Workday, SAP ECC, SAP EWM, SAP Concur , and additional enterprise systems. This role requires deep expertise in identity governance, access management, and application-level security.

Responsibilities

Design, implement, and maintain security architectures and frameworks for enterprise applications, aligned with internal control requirements and regulatory standards.

Oversee access provisioning and de-provisioning through enterprise identity tools such as SAP Identity Access Governance (IAG), SAP Identity Authentication (IAS), and SAP Identity Provisioning (IPS) .

Build and maintain role-based access control (RBAC) models, ensuring compliance with Segregation of Duties (SoD) principles.

Conduct periodic security audits, SoD reviews, vulnerability assessments, and risk evaluations for platforms including Workday, SAP ECC, SAP EWM, SAP Concur, and other enterprise systems.

Investigate and respond to application security incidents , unauthorized access activity, and data integrity issues.

Integrate enterprise applications with identity providers (Azure AD, Okta) and manage configurations for Single Sign-On (SAML, OAuth, OIDC) .

Monitor evolving threats, security technologies, and compliance mandates including GDPR, SOX, data privacy controls , and internal audit requirements.

Maintain detailed documentation for security configurations, access controls, policies, and audit deliverables .

Collaborate with application owners and cross-functional teams to ensure consistent enforcement of application security standards.

Required Technical Skills

Strong knowledge of SAP Security , including SAP ECC, SAP EWM, SAP Fiori security, and SAP Concur security administration.

Hands-on experience with SAP IAG, SAP IAS, SAP IPS, and SAP GRC Access Control .

Experience building RBAC , SoD rulesets, and access design for enterprise applications.

Expertise integrating applications with Azure Active Directory, Okta, and identity federation protocols (SAML 2.0, OAuth 2.0, OIDC).

Experience with Workday security administration , domain security policies, and business process security.

Understanding of audit, compliance, and regulatory frameworks (SOX, GDPR, ISO 27001).

Familiarity with logging and monitoring tools for application security.

Strong experience performing security reviews, risk assessments, and remediation planning .

Ability to script or automate operational tasks (Python, PowerShell, or Bash is a plus).