senior sap security expert (grc/s4hana expert).

We are looking for professionals to join an international team where both the professional team and the technology are marketable.

As a Senior SAP BTP Security and Identity Management Specialist, you will be a pivotal member of our Client's PS&L SAP Platform services PDO. You will be instrumental in designing, implementing, and maintaining secure access and identity solutions across our SAP cloud landscape, particularly within SAP BTP. This role requires deep hands-on expertise in configuring and managing SAP IAS for central authentication and federation, implementing SAP IAG for unified access governance, and securing BTP services and applications. You will ensure that our cloud security architecture aligns with our Client's compliance standards and best practices, enabling agile development and secure operations in the cloud.

Key Responsibilities

• Design, implement, and maintain security solutions within SAP Business Technology Platform (BTP), including subaccount security, instance-based authorizations, and principal propagation.
• Configure and manage SAP Identity Authentication Service (IAS) for central user authentication, single sign-on (SSO), multi-factor authentication (MFA), and identity federation for BTP applications and other cloud services.
• Implement and administer SAP Identity Access Governance (IAG) for streamlined identity lifecycle management, access request workflows, access risk analysis, and role management across hybrid SAP landscapes (on-premise and cloud).
• Integrate BTP applications and services with IAS and IAG for comprehensive identity and access management.
• Define and manage BTP role collections, authorizations, and trust configurations to secure access to BTP applications and services.
• Collaborate with BTP application development teams to embed security best practices early in the development lifecycle and ensure secure deployment.
• Troubleshoot complex identity and access issues across IAS, IAG, BTP, and integrated systems.
• Provide expertise in BTP authorization concepts, including role-based access control (RBAC) and attribute-based access control (ABAC) where applicable.
• Stay current with SAP BTP security innovations, best practices, and evolving cloud security standards.
• Contribute to the development and enforcement of security policies and procedures for cloud environments.
• Integration of authorization concepts between S4 HANA and BTP.

• A degree in Computer Science, Information Security, or a closely related discipline.
• Minimum of 8 years of SAP Security experience, with at least 2 years focused on SAP cloud security solutions.
• Extensive hands-on experience with SAP Business Technology Platform (BTP) security setup, administration, and best practices.
• Proven expertise in implementing, configuring, and managing SAP Identity Authentication Service (IAS).
• Demonstrated experience with the implementation and ongoing management of SAP
• Identity Access Governance (IAG).
• Strong understanding of cloud security principles and architecture.
• Experience with identity federation protocols such as SAML 2.0, OAuth 2.0, and OpenID Connect.
• Familiarity with SAP S/4HANA security concepts and integration points with cloud identity solutions.
• Ability to design and implement robust authorization models for cloud applications.
• Proficient in troubleshooting complex identity and access management issues in cloud environments.

Preferred Qualifications

• At least a bachelor’s degree in a relevant field.
• Experience with other enterprise identity providers (e.g., Azure AD, Okta) and their integration with SAP solutions.
• Knowledge of API security and microservices security within a cloud-native context.
• Familiarity with DevOps security practices and security automation.
• Strong understanding of audit and compliance requirements for cloud security.
• Excellent analytical, problem-solving, and debugging skills.
• Ability to work collaboratively across various teams and stakeholders.
• Exceptional communication and interpersonal skills, capable of explaining complex security concepts to technical and non-technical audiences.
• Fluent in spoken and written English.Experience with other security domains (e.g., identity and access management, data privacy, cyber security frameworks).
• Relevant SAP Security certifications (e.g., CCSK, CCSP) or SAP BTP/IAM (e.g., SAP Certified Technology Associate - SAP Cloud Platform) – Nice to have.

We are looking for professionals to join an international team where both the professional team and the technology are marketable.

Ildikó Mező-Mészáros - ildiko.mezo-meszaros@randstad.hu

Szilvia Gál - szilvia.gal@randstad.hu