SAP Authorizations & Compliance Expert - Data Platforms

Roche is a global healthcare company focused on preventing, stopping, and curing diseases. The role is part of a global team working on SAP ERP platform systems and data products, ensuring compliance and security across on-premise and cloud SAP Data platform ecosystems.

• Bachelor’s Degree in Computer Science, IT, or Engineering.
• Minimum 5 years’ experience in SAP Security and Compliance.
• Proven track record as Subject Matter Expert (SME) for ICFR, GxP, and GRC environments.
• Working knowledge of SAP BW, HANA Studio, SAP BI, and SAP Datasphere.
• Familiarity with SAP Analytics and AI trends.
• Strong understanding of SoDs, Critical access, Access Controls, and Pharmaceutical industry best practices including SAP audit guidelines.
• Experience with Data Products and Data Governance principles.
• Experience in IT system validation and System Risk Assessments including Data Privacy requirements.
• Strong root cause analysis and remediation skills.
• Ability to manage external workforce in Agile (SAFe/Scrum) environment.
• English proficiency with excellent interpersonal and training skills.
• Ability to quickly learn new technologies and compliance frameworks in a regulated global organization.

Platform Security:

• Implement and maintain security, authorization, and compliance standards for SAP platforms (SAP BW 7.5 HANA, SAP BW4HANA, and SAP Datasphere).
• Develop and mature capabilities in cloud compliance and security, particularly within SAP Datasphere.

Regulatory Alignment & Framework Management:

• Continuously monitor relevant regulations (e.g., GDPR, CCPA, HIPAA, SOX) and industry standards (e.g., ISO 27001, SOC 2, NIST) to ensure platform compliance.

Policy Development & Data Governance:

• Drive creation and refinement of internal policies and data governance frameworks.

ICFR & Control Ownership:

• Act as System Owner Deputy and Control Owner for ICFR lifecycle, GxP controls, and other regulations.

Monitoring & Remediation:

• Lead monitoring of SoD conflicts via GRC dashboards and work with SoD Champions to mitigate risks.
• Address non-compliant items flagged in SAP Security Standards documentation.

System Integrity:

• Oversee application error reviews and sign off on monitoring results in tools like ICAt.

Access Governance:

• Perform quarterly reviews of Critical access, GRC FireFighter roles, and HANA DB users, initiating removals to maintain least privilege.

Audit Leadership:

• Lead ICFR IT audit support, define control activities, approve auditor documentation, and act as primary contact during audit cycles.

Strategic Direction:

• Set technological development directions by analyzing and implementing new solutions, tools, and IT standards.

Risk Assessment:

• Annually review and update System Risk Assessment and Data Classification.

Process Optimization:

• Conduct innovation projects to optimize processes and increase efficiency through automation.

Collaboration:

• Partner with system teams and stakeholders to ensure task ownership, bridge data privacy awareness gaps, and onboard/train new team members on ICFR control activities.

Employees are required to be in the office on average two days per week as part of a hybrid work model.