Head Governance Risk

Direct message the job poster from Gatronova

Position Summary:

We are seeking an experienced and visionary Head of Governance, Risk, and Compliance (GRC) to lead and strengthen the organization's SAP GRC framework and enterprise risk posture. This role is responsible for overseeing access control governance, segregation of duties (SoD), role design, SAP licensing compliance, user provisioning, and audit coordination. The incumbent will manage a dedicated GRC team, collaborate cross-functionally with business units, and ensure that all SAP access governance activities align with internal controls, data privacy regulations, and strategic business goals.

Key Responsibilities:

a) SAP GRC Governance

• Lead the enterprise-wide SAP GRC Access Control strategy, including ARA, ARM, BRM, and EAM modules.
• Oversee configuration, maintenance, and ongoing support of GRC tools.
• Ensure consistent GRC practices across the SAP ecosystem.

b) Access Risk Management

• Identify and mitigate Segregation of Duties (SoD) and critical access risks.
• Execute SoD risk assessments for new and existing roles.
• Provide remediation plans and support integration of risk management into broader business controls.

c) Role Design & Governance

• Guide the design and maintenance of SAP roles in compliance with internal policies.
• Work with functional/technical teams to ensure compliant and efficient role structures in S/4HANA, BW, etc.

d) Access Provisioning

• Review and approve SAP user access requests via ARM.
• Ensure effective management of automated workflows for provisioning and deprovisioning.

e) Limit of Authority Matrix (LOAM)

• Develop and manage LOAM for all business units.
• Ensure LOAM is reflected in SAP controls and workflows, enabling delegated authority tracking and enforcement.

f) SAP License Monitoring

• Monitor SAP license consumption and ensure adherence to license quotas.
• Lead optimization strategies for license usage.

g) SAP ID Usage

• Regularly analyze user activity and deactivate unused or low-utilization IDs.
• Implement measures to optimize license usage across the business.

h) UI Masking

• Oversee the implementation of UI Masking in SAP to protect sensitive data and enhance compliance with data privacy regulations.

i) Audit Compliance

• Act as the key liaison with internal and external auditors for all SAP access-related audits.
• Provide required evidence and oversee closure of audit findings.

j) User Access Reviews

• Manage periodic user access reviews, emergency access audits, and recertification exercises with full audit trails.

k) Cross-Functional Collaboration

• Partner with Finance, Operations, Manufacturing, IT, and Compliance to ensure business access needs are balanced with security and risk requirements.
• Investigate and resolve SAP access-related security incidents in collaboration with stakeholders.
• Lead and develop a high-performing GRC team.
• Promote a culture of accountability, transparency, and continuous improvement.
• Develop and deliver training programs for end users, role owners, and approvers on GRC tools and access policies.

o) Reporting

• Deliver executive-level dashboards and risk reports to senior leadership and the Chief Internal Auditor.

p) Talent Management

• Support team development through talent acquisition, training, performance management, and succession planning.

Qualifications & Experience:

• Education: Bachelor's or Master's degree in Information Systems, IT Security, Risk Management, or a related field. Relevant certifications are highly preferred.
• Experience:
• Minimum 10 years of progressive experience in IT governance, risk management, compliance, and SAP security/GRC.
• At least 3–5 years in a leadership or managerial capacity with enterprise-wide SAP GRC responsibility.
• Technical Proficiency:
• Strong hands-on expertise in SAP GRC Access Control modules (ARA, ARM, BRM, EAM), S/4HANA, BW/4HANA.
• Solid understanding of LOAM, UI Masking, SAP licensing, and access risk reporting.
• Leadership Skills:
• Proven ability to lead cross-functional teams, manage change, and align IT controls with business priorities.
• Strong decision-making, stakeholder engagement, and incident response capabilities.

• Seniority levelMid-Senior level

• Employment typeFull-time

• Job functionManufacturing, Management, and Consulting
• IndustriesManufacturing, IT Services and IT Consulting, and Human Resources Services

Referrals increase your chances of interviewing at Gatronova by 2x

Get notified about new Head Risk Compliance jobs in Karachi Division, Sindh, Pakistan.

Karachi Division, Sindh, Pakistan 6 hours ago

Karachi Division, Sindh, Pakistan 4 months ago

We're unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.