Norfolk Southern
SAP Security Lead (S/4HANA, GRC, IDM)
Norfolk Southern, Atlanta, Georgia, United States, 30383
Requisition 38026: B4 SAP Security Lead (S/4HANA, GRC, IDM)
A resume helps you stand out to hiring managers and recruiters; your resume communicates your experience and your brand. While it is not required, we encourage you to include an up-to-date resume along with a completed job application to give you the best opportunity to be considered. A complete resume helps us to better understand your unique background, relevant experiences, and passions. We look forward to learning about you.
Norfolk Southern offers a unique opportunity to be part of our proud legacy that spans nearly 200 years. We are a customer-centric, operations-driven team dedicated to advancing safety, serving communities, and driving innovation for tomorrow's rail. As part of Norfolk Southern, you'll join a collaborative team where there are opportunities for growth across the organization. We are building a culture where everyone can thrive by owning and driving exceptional results, being humble and leading with trust, serving our customers with excellence, and collaborating and coaching to win.
Job Description
The SAP Security Lead is responsible for managing and enhancing the security framework across SAP environments, including SAP S/4HANA, GRC (Governance, Risk & Compliance), IDM (Identity Management), SAP BTP IAS and IPS, and other related systems. This role involves leveraging SAP best security practices, using SAP-provided roles as a foundation, and developing customized roles to meet business needs. The SAP Security Lead will create strategic roadmaps for security improvements, optimization of processes, providing automation for role management and firefighting access, and staying current with SAP security technologies. This position requires a proactive leader who can collaborate with cross-functional teams to drive continuous improvements in security and compliance.
Responsibilities
Lead the design, implementation, and management of SAP S/4HANA security, focusing on role-based access controls (RBAC) and segregation of duties (SoD) using GRC.Use SAP-delivered roles as a baseline and develop new roles to meet specific business requirements, ensuring minimal conflicts and optimal efficiency.Develop and implement a long-term security roadmap that aligns with business goals, IT strategy, and regulatory requirements.Identify opportunities for optimization, risk reduction, and improved efficiency in the SAP security landscape by implementing process improvements, new innovation and maximizing NS current tools.Oversee the configuration and management of SAP GRC modules (Access Control, Process Control, Risk Management) and ensure compliance with internal and external audit requirements.Implement and manage SoD rulesets and workflows, ensuring secure and compliant user access provisioning, emergency access (firefighter) management, and role audits.Manage SAP IDM processes, ensuring efficient and compliant user provisioning, de-provisioning, and role management.Automate user lifecycle management, integrating SAP IDM with GRC and other systems to streamline security operations.Administer and monitor firefighter (emergency access) usage, ensuring proper controls, logging, and audit trails are in place.Implement solutions to automate firefighter access management and reporting to minimize manual efforts and improve oversight.Design and implement efficient processes for role development, optimization, and automation, reducing complexity while maintaining compliance.Lead efforts to standardize and simplify role management across multiple SAP systems, ensuring scalability and security.Evaluate current SAP security processes and identify areas for improvement, automation, and streamlining.Introduce best practices for periodic access reviews, security patch management, and user access risk mitigation.Monitor security logs, events, and user activities to detect anomalies, unauthorized access, and potential security incidents.Perform regular security assessments, audits, and risk evaluations to ensure compliance with industry standards such as SOX, GDPR, and internal policies.Act as the primary point of contact for all SAP security-related issues, guiding and training teams on security best practices.Work closely with stakeholders, including IT, business, and compliance teams, to gather requirements, design security solutions, and implement policies.Education
Bachelor's degree in computer science, computer information systems, or related technology field is required.Skills Required
7-10 years of experience in SAP Security, with strong expertise in SAP S/4HANA, GRC, and IDM.SAP GRC Access Control, Process Control, Risk Management, and automation of access provisioning processes.SAP Identity Management, automation tools, and optimizing role management processes.Strategic planning, roadmap development, and execution of security improvement projects and initiatives.Skills Preferred
Experience managing firefighter access and implementing automation solutions for role management.Experience with SAP Fiori, IAG, and SAP Business Technology Platform security.Familiarity with broader cybersecurity frameworks and their application to SAP systems.Project management experience in SAP security implementations and role optimization.SAP Certified Technology Associate: SAP S/4 HANA, cybersecurity, access control, data security or application security. (ADM 100-900 /SA 201.01 Series)
Work ConditionsEnvironment: Hybrid 3 -days on-site and 2-days remote work per weekShift Work: NoOn-Call: YesWeekend Work: No
Company Overview
Since 1827, Norfolk Southern Corporation (NYSE: NSC) and its predecessor companies have safely moved the goods and materials that drive the U.S. economy. Today, it operates a customer-centric and operations-driven freight transportation network. Committed to furthering sustainability, Norfolk Southern helps its customers avoid 15 million tons of yearly carbon emissions by shipping via rail. Its dedicated team members deliver more than 7 million carloads annually, from agriculture to consumer goods, and is the largest rail shipper of auto products and metals in North America. Norfolk Southern also has the most extensive intermodal network in the eastern U.S., serving a majority of the country's population and manufacturing base, with connections to every major container port on the Atlantic coast as well as the Gulf of Mexico and Great Lakes. Learn more by visiting www.NorfolkSouthern.com.
At Norfolk Southern, we believe in celebrating our individuality. By leveraging the unique backgrounds and viewpoints of our employees, we can create a culture of innovation, respect, and inclusion. We know that employees thrive in a workplace where differing viewpoints, ideas, and experiences are freely shared and valued. As such, we encourage all employees to contribute their distinctive skills and capabilities to our organization.
Equal employment opportunities are available to all applicants regardless of race, color, religion, age, sex, national origin, disability status, genetic information, veteran status, sexual orientation, and gender identity. Together, we power progress.
A resume helps you stand out to hiring managers and recruiters; your resume communicates your experience and your brand. While it is not required, we encourage you to include an up-to-date resume along with a completed job application to give you the best opportunity to be considered. A complete resume helps us to better understand your unique background, relevant experiences, and passions. We look forward to learning about you.
Norfolk Southern offers a unique opportunity to be part of our proud legacy that spans nearly 200 years. We are a customer-centric, operations-driven team dedicated to advancing safety, serving communities, and driving innovation for tomorrow's rail. As part of Norfolk Southern, you'll join a collaborative team where there are opportunities for growth across the organization. We are building a culture where everyone can thrive by owning and driving exceptional results, being humble and leading with trust, serving our customers with excellence, and collaborating and coaching to win.
Job Description
The SAP Security Lead is responsible for managing and enhancing the security framework across SAP environments, including SAP S/4HANA, GRC (Governance, Risk & Compliance), IDM (Identity Management), SAP BTP IAS and IPS, and other related systems. This role involves leveraging SAP best security practices, using SAP-provided roles as a foundation, and developing customized roles to meet business needs. The SAP Security Lead will create strategic roadmaps for security improvements, optimization of processes, providing automation for role management and firefighting access, and staying current with SAP security technologies. This position requires a proactive leader who can collaborate with cross-functional teams to drive continuous improvements in security and compliance.
Responsibilities
Lead the design, implementation, and management of SAP S/4HANA security, focusing on role-based access controls (RBAC) and segregation of duties (SoD) using GRC.Use SAP-delivered roles as a baseline and develop new roles to meet specific business requirements, ensuring minimal conflicts and optimal efficiency.Develop and implement a long-term security roadmap that aligns with business goals, IT strategy, and regulatory requirements.Identify opportunities for optimization, risk reduction, and improved efficiency in the SAP security landscape by implementing process improvements, new innovation and maximizing NS current tools.Oversee the configuration and management of SAP GRC modules (Access Control, Process Control, Risk Management) and ensure compliance with internal and external audit requirements.Implement and manage SoD rulesets and workflows, ensuring secure and compliant user access provisioning, emergency access (firefighter) management, and role audits.Manage SAP IDM processes, ensuring efficient and compliant user provisioning, de-provisioning, and role management.Automate user lifecycle management, integrating SAP IDM with GRC and other systems to streamline security operations.Administer and monitor firefighter (emergency access) usage, ensuring proper controls, logging, and audit trails are in place.Implement solutions to automate firefighter access management and reporting to minimize manual efforts and improve oversight.Design and implement efficient processes for role development, optimization, and automation, reducing complexity while maintaining compliance.Lead efforts to standardize and simplify role management across multiple SAP systems, ensuring scalability and security.Evaluate current SAP security processes and identify areas for improvement, automation, and streamlining.Introduce best practices for periodic access reviews, security patch management, and user access risk mitigation.Monitor security logs, events, and user activities to detect anomalies, unauthorized access, and potential security incidents.Perform regular security assessments, audits, and risk evaluations to ensure compliance with industry standards such as SOX, GDPR, and internal policies.Act as the primary point of contact for all SAP security-related issues, guiding and training teams on security best practices.Work closely with stakeholders, including IT, business, and compliance teams, to gather requirements, design security solutions, and implement policies.Education
Bachelor's degree in computer science, computer information systems, or related technology field is required.Skills Required
7-10 years of experience in SAP Security, with strong expertise in SAP S/4HANA, GRC, and IDM.SAP GRC Access Control, Process Control, Risk Management, and automation of access provisioning processes.SAP Identity Management, automation tools, and optimizing role management processes.Strategic planning, roadmap development, and execution of security improvement projects and initiatives.Skills Preferred
Experience managing firefighter access and implementing automation solutions for role management.Experience with SAP Fiori, IAG, and SAP Business Technology Platform security.Familiarity with broader cybersecurity frameworks and their application to SAP systems.Project management experience in SAP security implementations and role optimization.SAP Certified Technology Associate: SAP S/4 HANA, cybersecurity, access control, data security or application security. (ADM 100-900 /SA 201.01 Series)
Work ConditionsEnvironment: Hybrid 3 -days on-site and 2-days remote work per weekShift Work: NoOn-Call: YesWeekend Work: No
Company Overview
Since 1827, Norfolk Southern Corporation (NYSE: NSC) and its predecessor companies have safely moved the goods and materials that drive the U.S. economy. Today, it operates a customer-centric and operations-driven freight transportation network. Committed to furthering sustainability, Norfolk Southern helps its customers avoid 15 million tons of yearly carbon emissions by shipping via rail. Its dedicated team members deliver more than 7 million carloads annually, from agriculture to consumer goods, and is the largest rail shipper of auto products and metals in North America. Norfolk Southern also has the most extensive intermodal network in the eastern U.S., serving a majority of the country's population and manufacturing base, with connections to every major container port on the Atlantic coast as well as the Gulf of Mexico and Great Lakes. Learn more by visiting www.NorfolkSouthern.com.
At Norfolk Southern, we believe in celebrating our individuality. By leveraging the unique backgrounds and viewpoints of our employees, we can create a culture of innovation, respect, and inclusion. We know that employees thrive in a workplace where differing viewpoints, ideas, and experiences are freely shared and valued. As such, we encourage all employees to contribute their distinctive skills and capabilities to our organization.
Equal employment opportunities are available to all applicants regardless of race, color, religion, age, sex, national origin, disability status, genetic information, veteran status, sexual orientation, and gender identity. Together, we power progress.