SAP Security & GRC Lead Job Details

Job Description

Requisition ID: 6698

Job Title: SAP Security & GRC Lead

Job Country: United States (US)

Here at Avanos Medical, we passionately believe in three things:

Making a difference in our products, services and offers, never ceasing to fight for groundbreaking solutions in everything we do;
Making a difference in how we work and collaborate, constantly nurturing our nimble culture of innovation;
Having an impact on the healthcare challenges we all face, and the lives of people and communities around the world.

At Avanos you will find an environment that strives to be independent and different, one that supports and inspires you to excel and to help change what medical devices can deliver, now and in the future.

Avanos is a medical device company focused on delivering clinically superior breakthrough solutions that will help patients get back to the things that matter. We are committed to creating the next generation of innovative healthcare solutions which will address our most important healthcare needs, such as reducing the use of opioids while helping patients move from surgery to recovery. Headquartered in Alpharetta, Georgia, we develop, manufacture and market recognized brands in more than 90 countries. Avanos Medical is traded on the New York Stock Exchange under the ticker symbol AVNS. For more information, visit www.avanos.com.

Essential Duties and Responsibilities:

The SAP Application Security & GRC Lead oversees the security and compliance framework of the organization's SAP landscape, ensuring the integrity, confidentiality, and availability of critical systems. This role involves implementing robust security measures, governance policies, and risk mitigation strategies to align with industry regulations. The lead collaborates with internal teams, business users, auditors, and external partners to uphold a secure and compliant SAP environment. Additionally, this position includes managing a team of offshore security support personnel to maintain optimal system

security and compliance standards.

Key Responsibilities:

SAP Application Security

Oversee and maintain SAP security configurations, roles, authorizations, profiles, and access controls across various SAP modules (e.g., SAP S/4HANA, SAP Solution Manager, SAP BW, SAP Fiori, SAP ECC).
Lead the design and advisory of security roles for new or evolving functionalities, as well as addressing and remediating existing issues.
Design, implement, and continuously enhance SAP security protocols and best practices.
Conduct SAP security audits, vulnerability assessments, and penetration tests, addressing identified risks and compliance gaps.
Ensure effective Segregation of Duties (SoD) controls and manage Role-Based Access Control (RBAC) within the SAP environment.

SAP Governance, Risk, and Compliance (GRC)

Administer, support, and upgrade SAP GRC solutions, including SAP GRC Access Control, Risk Management, and Process Control.
Develop and enforce security policies, procedures, and controls to ensure compliance with frameworks such as SOX, GDPR, HIPAA, and other regulatory standards.
Perform risk assessments, identify vulnerabilities, and implement mitigation strategies in SAP environments.
Continuously monitor SAP systems for compliance with internal and external standards, regulations, and audit requirements.

Leadership & Collaboration

Lead offshore team of up to 4 security analysts.
Collaborate with SAP functional teams, business stakeholders, and IT operations to align security protocols with business needs.
Lead incident response efforts for SAP security-related events, analyzing and providing resolutions and recommendations.
Provide training and awareness programs for end-users and IT staff on SAP security and compliance best practices.
Serve as a Subject Matter Expert (SME) on SAP security and GRC, offering guidance on complex security challenges.
Lead SAP security and GRC projects, including system upgrades, new implementations, and process improvements.
Develop and implement a strategic roadmap for enhancing SAP security and GRC capabilities, aligned with overall IT and business strategies.
Manage quarterly IT violation reviews and User Access Reviews (UARs) for SOX audits.

Technical Expertise:

Extensive knowledge of SAP security architecture, including SAP NetWeaver, SAP S/4HANA, SAP Fiori, and SAP Business Suite.
Proficiency in SAP GRC solutions (e.g., SAP GRC Access Control, SAP GRC Risk Management).
Strong understanding of SAP Access Control modules, including ARA, EAM, BRM, ARM, and UAR.
Expertise in Fiori and GUI-based role designs using standard/custom catalogs, pages, groups, and OData services.
Experience with SAP Single Sign-On (SSO) administration.
Familiarity with SharePoint, Active Directory, and SAP Cloud Platform integrations.

Risk & Compliance Knowledge

In-depth understanding of regulatory frameworks like SOX, GDPR, HIPAA, and PCI-DSS as they apply to SAP systems.
Knowledge of IT governance, risk management, and security control best practices.
Experience in conducting risk assessments, vulnerability management, and implementing security incident response protocols.
Ability to assess and manage security risks in complex SAP landscapes.

Leadership & Communication Skills

Strong leadership skills with experience managing cross-functional teams and offshore support personnel.
Excellent written and verbal communication skills, with the ability to articulate complex security concepts to both technical and non-technical stakeholders.
Proven track record of leading SAP security initiatives in large, complex environments.

Certifications (desirable but not mandatory):

SAP Security-related certifications (e.g., SAP Certified Technology Associate).
Professional level certification in SAP GRC across all Access Controls modules

Your qualifications

Required:

10+ years of hands-on experience in SAP security and GRC, with a strong focus on end-to-end implementations.
Experience leading security and compliance initiatives within SAP environments.
Experience managing offshore support teams.
Global Pharmaceutical, Medical Device, Health Care Technology experience strongly desired.

The statements above are intended to describe the general nature and level of work performed by employees assigned to this classification. Statements are not intended to be construed as an exhaustive list of all duties, responsibilities and skills required for this position.

Salary Range:

The anticipated average base pay range for this position is $107,681.00 - $179,432.00. In addition, this role is eligible for an attractive incentive compensation program and benefits. In specific locations, the pay range may vary from the base posted.

Avanos Medical is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, sexual orientation, gender identity or any other characteristic protected by law. If you are a current employee of Avanos, please apply here

Join us at Avanos
Join us and you can make a difference in our products, solutions and our culture. Most of all, you can make a difference in the lives, people, and communities around the world.

Make your career count
Our commitment to improving the health and wellbeing of others begins with our employees – through a comprehensive and competitive range of benefits. We provide more than just a salary – our Total Rewards package encompasses everything you receive as an employee; your pay, health care benefits, retirement plans and work/life benefits.

Avanos offers a generous 401(k) employer match of 100% of each pretax dollar you contribute on the first 4% and 50% of the next 2% of pay contributed with immediate vesting.

Avanos also offers the following:

benefits on day 1

free onsite gym

onsite cafeteria

HQ region voted 'best place to live' by USA Today

uncapped sales commissions