Solution Expert - SAP GRC

About us:  

Metro Global Solution Center (MGSC) is internal solution partner for METRO, a €29.8 Billion international wholesaler with operations in 32 countries through 625 stores & a team of 91,000 people globally. Metro operates in a further 10 countries with its Food Service Distribution (FSD) business and it is thus active in a total of 34 countries.

MGSC, location wise is present in Pune (India), Düsseldorf (Germany) and Szczecin (Poland). We provide HR, Finance, IT & Business operations support to 31 countries, speak 24+ languages and process over 18,000 transactions a day. We are setting tomorrow’s standards for customer focus, digital solutions, and sustainable business models. For over 10 years, we have been providing services and solutions from our two locations in Pune and Szczecin. This has allowed us to gain extensive experience in how we can best serve our internal customers with high quality and passion. We believe that we can add value, drive efficiency, and satisfy our customers.

Website: https://www.metro-gsc.in
Company Size: 600-650
Headquarters: Pune, Maharashtra, India
Type: Privately Held
Inception:  2011

How you will make an impact:
In this role, you act as the central technical authority for SAP authorization management and SAP GRC across METRO’s extensive SAP landscape of more than 300 systems spanning Finance, Logistics, HR, and Governance/Risk/Compliance. As a core expert within the SAP GRC Squad, you ensure that authorization processes are secure, compliant, and operationally efficient. The squad owns and maintains SAP GRC Access Control—including workflows, SoD risk catalogs, firefighter concepts, and compliant provisioning—and governs the end-to-end authorization lifecycle across ECC, S/4HANA, BW/BI, HR, Fiori, and SAP SaaS applications.
You play a critical role in shaping robust authorization concepts, integrating SAP identities with non-SAP systems (e.g., Active Directory, SSO, IDM), and ensuring adherence to audit requirements such as SOX and GDPR. By steering external providers, optimizing license-relevant authorizations, and ensuring risk- minimized, audit-ready role designs, you directly strengthen METRO’s security posture and operational resilience.
 

Your Responsibilities:

• Serve as the technical SAP authorization and SAP GRC expert for internal teams, external partners, auditors, and end users.
• Ensure a secure, audit-proof, and risk-free authorization setup across all SAP systems.
• Operate, enhance, and maintain SAP GRC Access Control, including compliant provisioning, risk analysis, SoD controls, and firefighter processes.
• Design and maintain SAP roles and authorization concepts across ECC, S/4HANA, Fiori, and SAP
• SaaS solutions.
• Execute PFCG role maintenance, SU01 user provisioning, and SUIM-based audit/reporting.
• Minimize license costs by optimizing authorization designs in line with SAP RISE and new licensing concepts.
• Integrate SAP authorization concepts with Fiori apps, cloud systems, SSO, IDM, and Active Directory.
• Collaborate with business stakeholders to understand end-to-end processes and translate them into secure authorization models.
• Challenge and guide external providers to ensure high-quality, compliant service delivery
• Prepare for and support internal/external audits, provide evidence, and implement remediation.
• Contribute to continuous improvement of SAP security policies, standards, and procedures.

Required key competencies and qualifications:

• Fluent English and strong communication skills adapted to diverse stakeholder groups (internal,external, auditors, end users).
• Overall, 10 years of experience.
• Minimum 5 years of SAP authorization management experience (ECC and S/4HANA).
• Deep understanding of SAP security and authorization concepts, roles, profiles, and authorization objects.
• Expertise in PFCG role maintenance, SU01 user administration, and SUIM reporting.
• Experience with SAP GRC Access Control and modern authorization lifecycle processes.
• Ability to analyze and optimize authorizations for license efficiency (SAP RISE, new licensing models).
• Knowledge of Fiori, SAP SaaS applications, and integration of authorizations with cloud services.
• Experience with complex SAP landscapes (ECC, S/4HANA, BW/BI, HR, Solution Manager).
• Familiarity with SoD management, IT general controls, and regulatory requirements such as SOX and GDPR.
• Understanding of SSO, IDM, and interfaces with non-SAP systems (e.g., Active Directory).
• Strong interest in end-to-end business processes behind authorizations.
• Ability to effectively steer and challenge external providers.