SAP Security/Authorisations Lead
SAP IAM/SAP Security/SAP Authorisations Lead £600-675pd Inside IR35 - Hybrid working of 2 days per week in Nottigham ( rest remote)
Overview
This is a role focused on leading and delivering the Roles & Authorisations workstream within a complex SAP cloud programme. The role has a strong emphasis on offshore-heavy delivery leadership, design governance, quality assurance, and audit-ready documentation.
It is not a BAU security operations role and includes a clear handover at contract end.
Role Summary
Looking for an experienced SAP Roles & Authorisations Workstream Lead to own and lead the delivery of "who can do what/who can see what" across SAP S/4HANA Public Cloud, SuccessFactors EC/EC-P, SAP Analytics Cloud, and SAP Datasphere.
The role is responsible for analysing the client's current role model, defining a target access design, mapping roles to the new landscape, and supporting implementation and validation. This is a client-facing, delivery-focused role requiring strong workstream planning, clear communication, and the ability to guide offshore teams with minimal oversight.
Scope note: This role is focused on roles/authorisations and access governance. It does not cover broader cyber security domains (network security, vulnerability management, SOC operations).
Key Responsibilities
1) Workstream Leadership & Offshore Delivery Accountability
. Lead the Roles & Authorisations workstream across the programme.
. Provide clear direction and day-to-day leadership to an offshore delivery team responsible for role build, documentation, and test evidence.
. Define and enforce:
. Own the workstream delivery plan, milestones, and dependencies aligned to programme governance.
. Act as the single point of accountability for roles and access delivery outcomes.
2) As-Is Assessment & Role Mapping
. Analyse existing roles, permission sets, and access usage patterns.
. Identify:
. Produce a role mapping from current state to target state, including rationalisation and standardisation recommendations.
3) Target Access Design (To-Be) Across Platforms
Define and govern the target role/access model across:
. S/4HANA Public Cloud
. SuccessFactors EC/EC-P
. SAP Analytics Cloud (SAC)
. SAP Datasphere
Ensure the access model:
. Is persona-based and least-privilege by design
. Supports auditability and controlled approvals
. Is consistent across domains and environments
4) Implementation Support & Access Validation
. Drive the role build backlog and prioritisation.
. Ensure offshore delivery produces:
. Define and govern access validation:
. Support SIT/UAT readiness by ensuring test users/roles are correctly provisioned and verified.
5) Client-Facing Engagement & Governance
. Lead workshops with stakeholders to define:
. Provide clear updates on:
. Present role design decisions and exceptions in governance forums as needed.
6) Identity Access Management/Active Directory Collaboration
. Collaborate with the client IAM team using working knowledge of IAM/AD concepts (joiner/mover/leaver, groups, SSO concepts).
. Provide required SAP inputs (role catalogue, group mapping approach) and support access testing.
Deliverables
. Workstream delivery plan (activities, milestones, dependencies, RAID)
. As-Is access assessment and key risk findings
. Target role/access design standards and naming conventions
. Role mapping Matrix (current target)
. Role catalogues for:
. Access validation approach and persona-based test scripts
. Evidence packs for sign-off and audit readiness
. Structured handover to BAU/security operations
Required Skills & Experience
Essential
. Proven experience leading SAP Roles & Authorisations on complex programmes
. Strong experience designing access models for:
. Experience leading offshore delivery teams and assuring quality of outputs
. Strong stakeholder management and workshop facilitation skills
. Strong governance mindset: least-privilege, documentation discipline, audit readiness
. Working knowledge of corporate IAM/AD concepts sufficient to collaborate effectively
Desirable
. Experience in regulated environments/public sector
. Experience with SoD processes or tooling (delivered in collaboration with compliance/GRC functions)
. Experience using SAP Cloud ALM for traceability (beneficial)
Personal Attributes
. Delivery-led, proactive, and able to operate with minimal oversight
. Comfortable challenging over-provisioned access requests constructively
. Strong attention to detail and documentation quality
. Confident guiding offshore teams and maintaining consistent standards
. Clear communicator with both technical and non-technical stakeholders
Skills:
- Client Management
- Leadership
- Solution Design
- SAP Authorization
This role is inside IR35 and will require working under the direction of the client delivery manager as part of a multi-disciplinary team. The successful candidate will follow established delivery processes and working practices
Damia Group Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept our Data Protection Policy which can be found on our website.
Please note that no terminology in this advert is intended to discriminate on the grounds of a person's gender, marital status, race, religion, colour, age, disability or sexual orientation. Every candidate will be assessed only in accordance with their merits, qualifications and ability to perform the duties of the job.
Should the role require the successful candidate to undergo and be eligible for UK Security Vetting. Clearance sponsorship will be provided where required. Due to the nature of the work, candidates should meet the relevant residency requirements. If applicable, Reserved Post nationality restrictions will be confirmed by the client. Damia is committed to inclusive recruitment and welcomes applicants from all backgrounds.
Damia Group is acting as an Employment Business in relation to this vacancy and in accordance to Conduct Regulations 2003.