IT Access Control Manager - Cybersecurity

Key Accountabilities

• Lead and manage all aspects of user access control for SAP and Active Directory environments across the organization.
• Design, implement, and maintain role-based access control (RBAC) models aligned with business needs and segregation of duties (SoD) policies.
• Collaborate with IT, audit, HR, and business teams to manage user provisioning, deprovisioning, and access reviews.
• Monitor and ensure compliance with regulatory requirements such as SOX, GDPR, and internal IT security policies.
• Conduct regular audits of user roles and permissions in SAP and Active Directory; remediate access risks and violations.
• Develop and maintain access control documentation, including policies, standards, and procedures.
• Manage and support access management tools and integrations (e.g., SAP GRC, Azure AD, IAM solutions).
• Provide expertise and technical support during system upgrades, migrations, and security incident investigations.
• Train and mentor junior staff in access control best practices and procedures.

Minimum Knowledge & Experience required for the position:

• Bachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field.
• Minimum 5 years of experience managing user access and security in SAP and Microsoft Active Directory environments.
• In-depth technical knowledge of SAP security concepts (SAP GRC, SU01, PFCG, role creation) and Active Directory group policy management.
• Strong understanding of identity and access management (IAM) principles and SoD frameworks.
• Experience with compliance frameworks (e.g., SOX, GDPR, ISO 27001).
• Hands-on experience with tools such as SAP GRC, Azure Active Directory, Microsoft Identity Manager, or similar.
• Excellent analytical, problem-solving, and communication skills.
• Industry certifications such as CISSP, CISM, SAP Certified Technology Associate – System Security, or Microsoft Certified: Identity and Access Administrator Associate are a plus.