SAP Security – Authorisation Consultant at Royal BAM Group | Hybrid Hired

About the role

SAP Security & Authorisation consultant required to design Fiori roles and ensure compliance at BAM's UK offices. Requires extensive experience with SAP Security and leadership in complex projects.

Responsibilities

Establish a Fiori authorisation model including spaces/pages, catalogs, groups (if used), and launchpad roles
Define SoD control framework and mitigation strategy; embed with Access Control
Align security with identity lifecycle (joiner/mover/leaver), role provisioning, and access request workflows
Build and maintain PFCG roles for GUI and Fiori, including authorization field values, org-level derivations, start authorizations, and menu/content design
Secure Fiori Launchpad content (UI5 apps, OData services, catalogs/tiles/target mappings)
Create and execute security test plans (unit, functional integration, UAT, negative testing, penetrations of roles)
Run authorisation trace & troubleshooting (e.g., STAUTHTRACE, ST01, SU53, SUIM) and fix defects
Prepare cutover access plans (temporary elevated roles, firefighter strategy, emergency access) and hyper care support
Ensure compliance with audit requirements (SOX/ITGC/etc.), produce evidence packs, and support auditor walkthroughs
Document standard operating procedures, role build standards, naming conventions, and governance

Requirements

8+ years SAP Security & Authorizations experience
At least one end-to-end S/4HANA transition (brownfield/greenfield or Central Finance)
Hands-on with: PFCG, SU24/SU25, SU53/SUIM, STAUTHTRACE/ST01, SEGW, SICF, /UI2/, /IWFND/, /IWBEP/*, SPRO security settings
Strong Fiori knowledge: catalogs, spaces/pages, tiles, target mappings, OData/IWSG, content lifecycle, FLP content manager
Good understanding of SAP business processes (FI, MM, SD, HR, etc)
Proven SoD methodology and ruleset tuning
Deep knowledge of authorization objects for key S/4HANA areas (FI/CO, MM, SD, CPM/PS)
Excellent documentation, stakeholder engagement, and ability to challenge and defend a security design diplomatically
Must-have: S/4HANA Fiori security, SU24/SU25, PFCG role design, SoD & GRC AC, STAUCTRACE/SU53/SUIM expertise

Benefits

Attractive salary
Significant benefits package
Contributory pension
BUPA
Life assurance
26 days holiday (plus bank holidays)
Gym subsidy
BAM social club membership
Many more exciting benefits

Similar roles

Browse all Security Engineer jobs

4 hours ago

AN

Program Manager, Global Safety, Intelligence & Security

Anthropic

Program Manager overseeing global safety, intelligence, and security at Anthropic. Developing policies and coordinating cross - functional initiatives.

Hybrid Role

Boston United States Security Engineer

$275,000 - $340,000 per year

4 hours ago

HE

CyberSecurity Sales Specialist – Northeast, Mid Atlantic

Hewlett Packard Enterprise

CyberSecurity Sales Specialist engaging Fortune 250 clients to drive cybersecurity solutions at HPE. Focusing on enterprise sales, strategic expansion, and leading competitive pursuits in the Northeast - Mid Atlantic region.

Hybrid Role

United States Security Engineer

$194,500 - $456,500 per year

4 hours ago

HE

Cybersecurity Sales Specialist – Cloud Accounts

Hewlett Packard Enterprise

Cybersecurity Sales Specialist driving revenue growth for HPE Cybersecurity solutions across mid - to - large enterprise Cloud accounts. Effectively collaborating with cross - functional teams to meet client needs.

Hybrid Role

United States Security Engineer

$169,500 - $378,000 per year

4 hours ago

RL

Workday Security Administrator

RSM US LLP

Workday Security Administrator ensuring secure access across HCM modules. Act as subject - matter expert, strengthen controls, and enable business operations through security design.

Onsite Role

Minneapolis United States Security Engineer

$120,000 - $205,200 per year

5 hours ago

MA

Administrative Intern – Occupational Health & Safety

MAHLE

Administrative Intern at MAHLE supporting operations in thermal and fluid systems. Involves assisting with administrative routines and HSE tools coordination.

Onsite Role

Arujá Brazil Security Engineer

7 hours ago

AS

Security Officer I – Day Shift

Artex Risk Solutions

Security Officer at Arthrex maintaining safety and security for employees and visitors. Responsibilities include emergency response, access control, and adherence to security policies.

Onsite Role

Pendleton United States Security Engineer

7 hours ago

WI

Cyber Security Engineer, L2/L3

Wiit

Cyber Security Engineer responsible for enhancing security posture in a leading Cloud services company. Engaging in incident management and implementing advanced security technologies.

Hybrid Role

Milan Italy Security Engineer

7 hours ago

AS

Security Officer I – Day Shift

Artex Risk Solutions

Security Officer I responsible for managing access and responding to emergencies at Arthrex facilities. Requires vigilance, communication skills, and compliance with security protocols in Ave Maria, FL.

Onsite Role

Ave Maria United States Security Engineer

7 hours ago

VO

Occupational Safety Technician – Junior

VOLL

Técnico de Segurança do Trabalho desenvolvendo ações de segurança ocupacional na VOLL. Garantindo a saúde e segurança no ambiente de trabalho e elaborando programas legais de SST.

Hybrid Role

São Paulo Brazil Security Engineer

8 hours ago

AI

Cyber Security Engineer – m/f/d

Airbus

Cyber Security Engineer at Airbus Defence and Space improving information security and consulting on BSI compliance. Collaborating in the Center of Competence with diverse international teams.

Onsite Role

Immenstaad am Bodensee Germany Security Engineer