SAP GRC & Security Specialist
At B&A, we foster and embrace a distinct set of values that we live by and instill in all aspects of our organization: dedication, commitment, partnership, trust, and recognition. Our people are entrepreneurial thinkers that combine mindset, vision, and experience to drive value – not only to us as an organization, but to the clients we support. We promote a collaborative culture with our clients, and with each other, as one team working towards a common vision. We’d love for you to join our team!
Job Summary
B&A is seeking an experienced SAP GRC & Security Specialist to design, implement, and manage governance, risk, and compliance (GRC) and security solutions across SAP environments. This role is responsible for ensuring regulatory compliance, enforcing security controls, and supporting audit readiness while aligning SAP security architecture with enterprise and federal security requirements. The ideal candidate will possess deep expertise in SAP security design, user access governance, and risk mitigation strategies, along with experience operating in highly secure, regulated environments.
Responsibilities
Design, implement, and maintain SAP security roles, profiles, and authorizations
Administer and support SAP GRC Access Control modules, including:
Access Risk Analysis (ARA)
Access Request Management (ARM)
Business Role Management (BRM)
Emergency Access Management (EAM)
Perform Segregation of Duties (SoD) analysis and risk remediation
Lead user provisioning, de‑provisioning, and access reviews
Support internal and external audit activities, including evidence gathering and remediation tracking
Develop and maintain security policies, procedures, and control documentation
Monitor and respond to SAP security incidents and vulnerabilities
Collaborate with functional and technical teams to ensure secure SAP configurations
Ensure compliance with federal, regulatory, and organizational security standards
Provide recommendations for continuous improvement of SAP security posture
Education and Experience
Bachelor’s degree from an accredited college or university in Computer Science, Information Technology, Finance, Supply Chain Management, or a related field
Minimum of 5–8 years of experience in SAP Security and/or SAP GRC
Required Skills
Hands‑on experience with SAP GRC Access Control (ARA, ARM, BRM, EAM)
Strong understanding of Segregation of Duties (SoD) concepts and risk analysis
Experience with SAP environments such as SAP ECC, S/4HANA, BW, and Fiori
Knowledge of role‑based access control (RBAC) and SAP authorization concepts
Experience supporting audits, compliance reviews, and remediation activities
SAP Security Administration (user roles, profiles, authorizations)
SAP GRC Access Control configuration and support
Segregation of Duties (SoD) analysis and mitigation
Risk and compliance management
Audit support and documentation
Identity and access management (IAM) principles
Strong understanding of SAP system landscapes and transport management
Ability to interpret and implement regulatory/security requirements
Familiarity with federal security frameworks (e.g., NIST, FISMA)
Strong analytical, problem‑solving, and documentation skills
Desired Skills
Experience with SAP S/4HANA migrations or implementations
Knowledge of SAP Fiori security and authorization concepts
Familiarity with Identity Governance tools (e.g., SailPoint, Okta, Azure AD)
Experience with automated controls and continuous monitoring tools
Background in DevSecOps or secure SDLC practices
Experience integrating SAP GRC with non‑SAP systems
SAP certifications (e.g., SAP Security, SAP GRC)
Experience working in federal or highly regulated environments
Scripting or automation experience (e.g., Python, PowerShell)
Security Clearance
Active Top Secret (TS) or DOE Q clearance is required; eligibility for SCI access may be required depending on program assignment
More About B&A
B&A has grown to be a company that is trusted by our clients for exceptional service, innovative solutions, and inspired employees. Our service extends through federal, state, and local Government, the private sector, and higher education. Some of our notable clients include Department of Homeland Security, U.S. Customs and Border Protection, U.S. Senate, U.S. Courts, U.S. Census Bureau, U.S. Navy, and more.
Benefits and Programs
B&A is proud to offer three robust individual and family medical plans to full‑time employees, including a Health Savings Account (HSA) option as well as two tiers of dental coverage, vision, life & AD&D, disability, accident, hospital indemnity, and critical illness insurance. In addition to these benefits, B&A employees enjoy paid time off, B&A sponsored trainings and certifications, pet insurance benefits, commuter transit benefits and a free subscription to a virtual exercise platform (NEOU). B&A’s 401(k) plan is available to all employees and includes a company matching contribution.
The B&A Cares program: 30/60/90‑day wellness check‑ins, personal development, financial management, and stress management seminars, and more
A formal mentorship program
Job shadowing and cross‑training opportunities
Brand Ambassador program
Employee Assistance Program (EAP) – Access to various support resources to include counseling, legal guidance, financial planning, and more
Monthly teambuilding events
B&A Annual Wellness Challenges: StepWithB&A, WalkDuringLunchWithB&A, VolunteeringWithB&A, ExerciseDuringLunchWithB&A, and more
At B&A, we place significant importance on improving the communities and lives of citizens across the nation through our involvement, technology expertise, and employees. B&A puts an emphasis on charitable efforts in the Northern Virginia area, including Capital Area Food Bank pantry drives, book donations, Hope for Henry Foundation events, and many more. In recognition of all these efforts, B&A has been named a Companies as Responsive Employers (CARE) award recipient by Northern Virginia Family Services and nominated by the Northern Virginia Chamber of Commerce for Outstanding Corporate Citizenship Award.
EEO
B&A provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, amnesty, or status as a covered veteran in accordance with applicable federal, state and local laws. B&A complies with applicable state and local laws governing non‑discrimination in employment in every location in which the company has facilities. This policy covers conduct occurring at B&A’s offices, and other workplaces (including client sites) and all other locations where B&A is providing services, and to all work‑related activities.
EEO is the Law
B&A participates in e‑Verify. We provide the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS) with information from each new employee’s I-9 Form to confirm work authorization.
#J-18808-Ljbffr