Risk Consulting - Risk Tech - SAP GRC & Security - Senior Consultant

The opportunity

With rapid growth across SAP and Governance, Risk, and Compliance (GRC), EY is seeking SAP Security and GRC professionals who understand risk management challenges and can support improved business performance through SAP Application Security and GRC solutions. As a Senior Consultant in Risk Technology, you will support client engagements by contributing to the design, configuration, and implementation of SAP Security and GRC capabilities across transformation initiatives.

You will work alongside experienced managers and partners, gaining exposure to complex SAP environments while building deep technical expertise and client-facing skills within a collaborative, people-oriented culture.

What we look for

We are looking for SAP Application Security and GRC professionals with a strong technical foundation and hands-on implementation experience who are eager to deepen their skills within EY’s standard tools, methodologies, and delivery approaches. This role is well-suited for individuals who enjoy solving complex problems, collaborating within project teams, and supporting clients in strengthening their SAP security and compliance environments.

Your key responsibilities

As a Senior Consultant, you will support delivery teams across SAP Security and GRC engagements by:

• Supporting the design, configuration, and implementation of SAP Application Security and SAP GRC Access Control solutions across SAP environments
• Assisting with SAP transformation initiatives, including S/4HANA and cloud-based SAP solutions, under the guidance of managers and senior leaders
• Performing security role design, user provisioning, access reviews, and Segregation of Duties (SoD) analysis in alignment with defined risk frameworks
• Supporting SAP audit activities (internal and external), including evidence collection, issue remediation, and control documentation
• Collaborating with functional and technical stakeholders to gather requirements and document security-related processes
• Contributing to the development of deliverables, workpapers, and client-facing documentation
• Working effectively within onshore and offshore delivery models as part of a broader project team
• Staying current on SAP Security, GRC tools, and industry developments through training and on-the-job learning

Skills and attributes for success

• Hands-on experience supporting SAP Security and SAP GRC Access Control implementations
• Understanding of SAP Application Security concepts across on‑premise, cloud, and SaaS SAP applications
• Ability to execute defined tasks independently while escalating risks and issues appropriately
• Strong analytical, problem-solving, and documentation skills
• Effective written and verbal communication skills, with the ability to work collaboratively across teams
• Comfort working in fast-paced environments with shifting priorities

To qualify for the role, you must have

• 3–5+ years of experience supporting SAP Security and/or SAP GRC engagements
• A bachelor’s degree in computer science, information systems, information security, or a related field (preferred)
• Hands-on experience with Design, Build, Test, and Deploy activities for SAP Application Security across systems such as SAP ECC, S/4HANA, FIORI, ARIBA, HCM, or SuccessFactors
• Experience supporting SAP GRC Access Control (e.g., version 12.0 or similar technologies), including exposure to IAM integrations (e.g., Saviynt, SailPoint, SAP IAG)
• Experience supporting SoD and Critical Action rule sets, access provisioning, and emergency access processes
• Ability to manage multiple workstreams with guidance and supervision
• Willingness to travel based on client needs (estimated up to 80%); valid U.S. driver’s license and passport required

Ideally, you’ll also have

• Progress toward or interest in obtaining relevant certifications (e.g., CISA, SAP Security, SAP GRC)
• Exposure to SAP audit processes and regulatory or compliance frameworks (e.g., SOX, GDPR)
• Familiarity with tools such as ServiceNow or HP ALM
• Awareness of emerging SAP technologies such as BTP, SAC, AI, or RPA