SAP (IAM) Engineer

You will manage identity and access management across the SAP ecosystem and integrated non-SAP systems.

Responsibilities

• Manage SAP on-premise systems including ECC, HCM, SCM, BW, and CRM alongside SAP Cloud systems like IAG, IAS/IPS, Concur, Ariba, Commerce Cloud, C4C, and BTP.
• Design and implement secure SAP authorization roles using the principle of least privilege and maintain detailed role documentation.
• Administer non-SAP systems within the identity lifecycle, specifically Microsoft Active Directory and Azure Entra ID.
• Configure and manage SSO integrations with Azure, SAP Secure Login Service, and SAP Identity Authentication Service.
• Resolve user access issues and collaborate with functional owners to remediate segregation of duties conflicts.

Required Skills

• 5+ years of experience in SAP Role Design, including Master-Derived roles, Composite roles, and Business Role Concepts.
• Deep understanding of SAP authorization objects and system traces.
• Proven experience in large enterprise ERP implementations covering technical design, testing, and deployment.
• Experience with segregation of duties conflict remediation and access requirement addressing.
• Ability to manage identity lifecycles within Microsoft Active Directory and Azure Entra ID.
• Proficiency with Microsoft Office tools including Excel, PowerPoint, and Visio.
• Bachelor’s degree in Information Technology, Business Administration, Information Systems, or a related field.
• Willingness to travel domestically and internationally up to 25%.

Preferred Skills

• Hands-on experience with SAP Identity Access Governance or Cloud Identity Services.
• Knowledge of SAP Datawarehouse tools such as BW, DataSphere, and SAP Analytics Cloud (SAC).
• Familiarity with S/4HANA architecture, migration strategies, and SSO methods like SAML2.0 and OAuth.
• Proficiency in Spanish and/or French.