SAP Security and Controls Governance Lead

At Nouryon, our global team of Changemakers takes positive action every day, to reach higher goals collectively and individually. We create innovative and sustainable solutions for our customers to answer society’s needs – today and in the future.

Purpose/Key Objectives of the Job:

The SAP Security & Controls Governance Lead is responsible for enterprise-wide SAP access risk management and controls governance across all SAP environments. This role owns SAP segregation of duties (SOD) governance, role design standards, access risk monitoring, and automated control integrity to ensure compliance with SOX, internal control, and enterprise risk management requirements. This role bridges IT, Finance, Internal Audit, and Business Process Owners to strengthen security design, reduce control risk, and improve system-enabled compliance.

About The Job (Job Responsibilities):

A. SAP Segregation of Duties (SOD) Governance

- Own enterprise SAP SOD policy, standards, and governance framework. - Design and maintain SOD ruleset aligned to financial reporting risks. - Able to support on the cross-system SOD’s and ensuring alignment with SAP functionality (new Tcodes, Fiori apps, CDS views, custom developments). - Oversee role design standards and naming conventions. - Review and approve new role requests and structural role changes. - Lead quarterly access risk review process. - Monitor emergency access (Firefighter) governance. - Oversee mitigation control design and documentation. - Drive remediation of toxic combinations.

B. SAP Security Governance

- Define and enforce role ownership model (GPO alignment). - Implement least-privilege principles. - Maintain global role catalog. - Partner with IAM team on provisioning workflows. - Lead security-related configuration reviews. - Support audit and SOX walkthroughs. - Oversee user access review automation.

C. SAP Controls Governance

- Own governance over:

Automated configurable controls

Key system reports used as SOX controls.

Interface controls.

Workflow approvals.

Change management security impacts.

- Maintain SAP Controls Inventory - Validate design and integrity of automated controls. - Coordinate with ITGC owner for change management alignment. - Lead pre-go-live risk reviews for system implementations. - Establish ongoing monitoring dashboard.

D. Strategic & Cross-Functional

- Act as liaison between IT, Finance, Internal Audit, Global Process Owners. - Support IPO/SOX readiness. - Identify automation opportunities in GRC and SAP.

We believe you bring (Education & Experience):

- 12-15 years SAP security and GRC experience. - Deep expertise in SAP ECC and/or S/4HANA security architecture. - Experience with SAP GRC Access Control (AC). - Experience designing SOD rulesets. - SOX experience in public or IPO-bound company. - Strong understanding of ITGC, automated controls, financial reporting. - Experience in manufacturing environment. - Experience leading global role redesign. - Experience preparing for IPO or remediation program.

Please apply via our online recruitment system. We will not accept applications via e-mail. Once it's with us we will review to see if we have a match between your skills and the role! For more information about our hiring process, visit: nouryon.com/careers/how-we-hire/

We look forward to receiving your application!

We kindly ask our internal candidates to apply with your Nouryon email via Success Factors.

We’re looking for tomorrow’s Changemakers, today.

If you’re looking for your next career move, apply today and join Nouryon’s worldwide team of Changemakers in providing essential solutions that our customers use to manufacture everyday products such as personal care, cleaning, paints and coatings, agriculture and food, pharmaceuticals, and building products. Our employees are driven by the wish to make an impact and actively drive positive change. If that describes you, we will gladly make way for your ambitions. From day one we support you with your personal growth, through challenging positions and comprehensive learning and development opportunities, in a dynamic, international, diverse, and proactive working environment.

Visit our website and follow us on LinkedIn.

#WeAreNouryon #Changemakers