IT Risk & Compliance Manager β SAP / HANA Environments
Location: Remote (U.S.) | Employment Type: Full-Time Position Overview We are seeking an experienced IT Security Specialist V (Compliance & Governance) to serve as the senior authority for cybersecurity, audit, and risk control alignment across complex SAP environments including S/4HANA, ECC 6.0 on HANA, and BW on HANA. This role ensures compliance with SOX, OMB A-123, and FISCAM standards while providing governance and oversight for enterprise controls through SAP GRC and other compliance management tools. The successful candidate will bridge the gap between technical, audit, and executive stakeholders to maintain a strong control environment and ensure audit readiness. Key Responsibilities β’ Lead A-123 and FISCAM control alignment across SAP landscapes and supporting systems. β’ Oversee documentation, monitoring, and validation of IT and financial controls within S/4HANA, ECC 6.0 on HANA, and BW on HANA environments. β’ Manage SAP GRC configuration, user access reviews, and risk analysis to maintain compliance with segregation-of-duties and sensitive access policies. β’ Coordinate and support SOX, A-123, and FISCAM audits, including control walkthroughs, evidence collection, and remediation tracking. β’ Develop, review, and approve Plans of Action and Milestones (POA&Ms) and ensure timely remediation of identified issues. β’ Conduct continuous control monitoring, penetration testing coordination, and reporting to ensure control effectiveness. β’ Prepare and deliver monthly compliance, risk, and audit-readiness reports for leadership and external stakeholders. β’ Provide expert guidance to technical, finance, and program teams on governance frameworks, control design, and risk mitigation strategies. β’ Maintain awareness of emerging NIST, OMB, and industry cybersecurity policies and their impact on financial and IT systems. β’ Ensure all security and audit documentation, continuity artifacts, and transition materials are properly maintained and archived. Information Security & Confidentiality All employees are expected to adhere to organizational information-security policies, participate in mandatory security-awareness training, and handle confidential information in accordance with data-protection standards and company protocols. Basic Qualifications β’ Bachelorβs degree in Information Technology, Engineering, Business, or a related field, or equivalent work experience. β’ 10+ years of progressive experience in IT security compliance, audit, or governance, with at least 5 years in a leadership or management capacity. β’ Proven experience supporting SAP HANA-based financial systems (S/4HANA, ECC 6.0 on HANA, BW on HANA) with deep understanding of IT controls and risk management. β’ Demonstrated knowledge of SOX, OMB A-123, FISCAM, and NIST SP 800-53 control frameworks. β’ Hands-on experience with SAP GRC (Access Control, Risk Management, Process Control) or equivalent governance tools. β’ Strong communication, documentation, and collaboration skills for interfacing with auditors, control owners, and executive leadership. Preferred Qualifications β’ Professional certifications such as CISA, CISSP, CISM, CAP, or CGEIT. β’ Experience managing federal or public-sector audits (OIG, GAO, independent assessment). β’ Familiarity with Risk Management Framework (RMF), FedRAMP, or A-130 governance. β’ Background in implementing ITIL v4 or similar service-management frameworks. β’ Prior experience integrating security and audit controls within SAP change-management and DevOps processes. Work Environment β’ Remote/Telework role; minimal on-site presence may be required for key meetings or audit events. β’ Occasional travel (<10%) for audit coordination or stakeholder engagements. β’ Prolonged periods of sitting and working at a computer are expected. Performance Expectations The selected candidate is expected to demonstrate proficiency in all essential job functions, tools, and processes within the first 90 days, acquiring a full understanding of control frameworks, audit workflows, and SAP GRC operations. Apply tot his job