Description
:
About the Role
We are looking for a GRC Senior Specialist with strong expertise in Segregation of Duties (SoD), SAP authorization models and GRC controls across SAP ECC/R3 and S/4HANA environments. The role ensures robust access governance, regulatory and SOX compliance, and effective risk management in a highly regulated and complex environment. You will lead the SoD program, design and maintain SAP roles and permissions, support audits, and enhance security using AI-driven techniques for role mining, SoD automation and anomaly detection. English fluency (C1+) is required.
Key Responsibilities
1. Lead GRC and SoD initiatives aligned with business and compliance requirements.
2. Define and implement the SAP Access Model and maintain a least-privilege authorization framework.
3. Own the SoD ruleset: analyze conflicts, simulate changes and drive remediation and mitigating controls.
4. Strengthen GRC controls including access governance, workflows and emergency access management.
5. Ensure SOX compliance, maintain documentation, support audit processes and ensure complete audit trails.
6. Use AI tools (role mining, clustering, anomaly detection) to optimize role design, SoD testing and provisioning automation.
7. Govern the user access lifecycle, perform periodic access reviews and collaborate with SAP Basis, functional teams and business role owners.
8. Investigate access-related incidents, including firefighter usage and suspicious access patterns.
9. Maintain policies, procedures, naming standards and SoD exception handling guidelines.
10. Develop dashboards and KPIs on risk posture, SoD trends and provisioning performance.
11. Collaborate with Finance, Internal Audit and External Audit.
12. Support integrations, APIs, data migrations and deployments, including SAP–SailPoint integration.
Qualifications
13. Degree in Computer Science, Engineering, IT or related fields.
14. Highly valued certifications: CISA, CISM, CISSP, CPP, PMP.
15. 10+ years of experience in complex cybersecurity environments within large international organizations.
16. Strong hands-on expertise in SAP authorization models, SoD management and GRC controls.
17. Experience designing and improving security strategies, governance and risk management frameworks.
18. Knowledge of SOX, GDPR, ISO 27001 and NIST frameworks.
19. Experience identifying and managing risks derived from compliance, technology and regulatory requirements.
20. Background in security incident management, business continuity, cyber intelligence, audits and security reviews.
21. Experience with AWS, Azure or Google Cloud security implications.
22. Strong communication, stakeholder management and negotiation skills; English C1+.
23. Ability to innovate, multitask and solve problems in fast-paced environments.
Seize the challenge. Move the world together! Innovative, creative, respectful, and diverse are some of the ways we describe ourselves. We are motivated by challenges, and we collaborate across our business units to move the world together. Your journey to a fulfilling career starts here!
Ferrovial is an equal opportunity employer. We treat all jobs applications equally, regardless of gender, color, race, ethnicity, religion, national origin, age, disability, pregnancy, sexual orientation, gender identity and expression, covered veteran status or protected genetic information (each, a “Protected Class”), or any other protected class in accordance with applicable laws.
#WeAreFerrovial