NEWPosted 5 hours ago

Job ID: JOB_ID_7195

Role: SAP GRC Security Engineer

We are seeking an experienced SAP GRC Security Engineer with a strong background in cybersecurity assessments, vulnerability management, and security architecture. The ideal candidate will have a minimum of 10 years of hands-on experience in SAP Security administration and role design, with at least 5 years focused on cybersecurity.

Qualifications & Requirements

  • Education: Bachelors degree in Computer Science, Information Systems, Cybersecurity, or a related technical field required. Advanced degree or professional certifications (CISSP, CISM, CEH, SAP Security certification) strongly preferred.
  • Experience: Minimum 10 years of hands-on experience in SAP Security administration and role design. Minimum 5 years of experience in Cybersecurity assessments, vulnerability management, or security architecture. Demonstrated experience with cloud-hosted SAP applications; familiarity with IBP, SAC, Ariba, BTP, or Signavio is highly desirable. Prior experience contributing to GxP or regulated-environment security documentation (Security Plans, SOPs, Risk Assessments) in a pharmaceutical or life sciences setting is strongly preferred. Experience with code review or application security assessments (SAST/DAST tools, OWASP standards) is required.

Technical Skills

  • SAP Security: Deep knowledge of SAP role design, authorization objects, and profile management across S/4HANA, BTP, and cloud applications. Proficiency in SAP GRC (Governance, Risk & Compliance), access control, and SOD conflict analysis. Experience with CyberArk or equivalent Privileged Access Management (PAM) solutions in an SAP context. Familiarity with SAP Identity Authentication Service (IAS) and Identity Provisioning Service (IPS).
  • SAP BASIS: Working knowledge of SAP BASIS operations, system landscape configuration, and transport management. Understanding of SAP system hardening, parameter settings, and patch/upgrade processes for cloud-hosted platforms. Ability to read and interpret BASIS-level configuration outputs relevant to security documentation.
  • Cybersecurity: Strong understanding of encryption standards (AES, TLS 1.2/1.3), PKI, and key management frameworks. Familiarity with vulnerability management tools (Qualys, Tenable, Wiz, or similar) and CVSS scoring. Knowledge of cloud security frameworks: CSA CCM, CIS Benchmarks, NIST SP 800-53, ISO 27001. Experience assessing SaaS/PaaS security controls, data residency requirements, and multi-tenant isolation architectures.
  • Application Development / Code Review: Proficiency in conducting security-focused code reviews in ABAP, JavaScript, Python, or Java. Familiarity with OWASP Top 10, secure coding principles, and static/dynamic analysis (SAST/DAST) tooling. Understanding of CI/CD pipeline security, DevSecOps practices, and software composition analysis (SCA). Ability to identify and document security vulnerabilities in custom SAP extensions or BTP-hosted applications.

Regulatory & Compliance Knowledge

  • Understanding of GMP and GxP requirements as they relate to computer system validation (CSV) and security documentation.
  • Familiarity with Client’s Quality Practices especially Computer Systems and Platform Security or equivalent pharmaceutical industry security standards.
  • Knowledge of FDA 21 CFR Part 11, EU Annex 11, and relevant ICH guidelines as applicable to cloud-hosted systems.
  • Experience with Confidential Information (CI) and Personal Information (PI) classification and handling requirements, including GDPR considerations for cloud systems.

Tools & Systems

  • EDMS: Veeva QualityDocs (required) or equivalent EDMS.
  • SAP Tools: GRC, Solution Manager, RSECNOTE, STAUTHTRACE, and relevant cloud admin consoles.
  • Security Tools: SIEM platforms, vulnerability scanners, PAM tools, and cloud security posture management (CSPM) solutions.
  • Productivity: Microsoft Office Suite and collaboration tools; experience with AI documentation tools (Client CSA Launchpad or similar) preferred.

Soft Skills & Work Style

  • Ability to translate complex technical security configurations into clear, structured documentation that meets regulatory and quality standards.
  • Strong collaboration skills; comfortable working in a cross-functional team alongside Technical Writers and BASIS professionals.
  • Meticulous attention to detail; capable of maintaining accuracy and consistency across multiple security plan documents.
  • Proactive communicator who can engage with Client staff, QA, BISO, CSQA, and System Owners throughout the review and approval lifecycle.
  • Ability to work on-site at Client Corporate Center, Indianapolis, as required by project milestones.

Special Requirements

Visa: GC/USC ONLY. Onsite work required at Client Corporate Center, Indianapolis. Experience with GxP or regulated environments, pharmaceutical or life sciences settings strongly preferred. Experience with code review or application security assessments (SAST/DAST tools, OWASP standards) is required.

Compensation & Location

Salary: $70 – $70 per year

Location: Indianapolis, IN

Recruiter / Company – Contact Information

Recruiter / Employer: Infosys

Email: a@jupitertechnologies.net

Interested in this position?
Apply via Email

Recruiter Notice:
To remove this job posting, please send an email from
a@jupitertechnologies.net with the subject:

DELETE_JOB_ID_7195

to delete@join-this.com.