Job Description :
Sr. SAP Security Analyst – King of Prussia, PA
Can be remote initially due to COVID-19 and need to relocate to client location later.

Job Summary (Purpose):

Primary purpose is to support SAP security related activities for new and existing SAP related initiatives. Gathers security requirements from business, design and implement segregation of duties violation free roles using leading practice SAP role design methodologies. Support various stages of testing and execute security related cutover activities. Assist with mapping roles to users. Document various decision points and provide knowledge transfer to support team. Provide sound SAP security role design options and alternatives to meet complex business process requirements, while ensuring roles are free of segregation of duties violations.

Duties and Responsibilities:

1. SAP Security – assist with implementation and rollout of SAP initiatives:

Application Security - Work directly with various functional team leads to gather and document SAP access requirements.
Design security roles using leading practice methodologies. Document design decisions and perform knowledge transfer.
Implement SOD free roles and provide remediation solutions to remove SOD conflicts, both a role level and user level.
Provide assistance to mapping roles to users. Work with integration team to ensure leading security practices are considered and implemented end to end

2. Controls Audit – maintains general IT controls with deep understanding of controls landscape across ERP, database, OS, and network environment. Responsible for maintaining Sarbanes-Oxley compliant IT controls across the enterprise

SOD Ruleset – Work with various stakeholders to ensure the ruleset is up to date.
Firefighter – Work with various stakeholders to ensure the elevated access management set up is current and the various processes adhered to
Tool administration – Work with various stakeholders to ensure the Compliance tool set up is current and working as per designed
Documentation and Knowledge transfer – Document design decisions and configuration decisions for knowledge transfer purposes

Knowledge, Skills and Abilities:
In General
1) Good business acumen when working with clients ranging from department managers to senior AmeriGas and UGI Corporate executives.
2) Proven leadership skills when managing cross functional teams chartered to deliver complex diverse deliverables
3) Firm grounding in information technologies and a good understanding of technology evolution and direction, especially in SAP
4) Ability to handle multiple tasks, prioritize, and self manage his/her activities.
5) Advanced verbal and written communication skills for communicating complex diverse messages to technical and business audiences
6) Strong interpersonal skills and ability to deal effectively in a cross-functional team environment consisting of both technical and business clients.

1) Extensive understanding of ERP security with emphasis on SAP security
2) Hands on experience of SAP security for latest SAP systems and landscapes


1) Thorough understanding of IT general computer controls
2) Understanding of the Sarbanes-Oxley Act: Section 404
3) Proven experience in preparing for and responding to IT audits

Education and Experience Required:

1) Bachelor’s Degree in Computer Science or Information Systems.
2) Ten plus years of combined IT and security work experience with a broad range of exposure to systems analysis, applications development, database design, and administration.
3) Five years of experience with information security
4) Requires knowledge of security issues, techniques and implications across all existing computer platforms.
5) Three years of hands-on experience with SAP application security.
6) Must have extensive knowledge in SAP authorizations, roles and profiles, networking, databases, systems, and web operations.
7) Three years IT Sarbanes-Oxley experience specific to maintaining Sarbanes-Oxley IT controls.

Working Conditions:

1) Interior/office work environment, limited physical effort is required
2) Limited travel

Disclaimer & Approvals
The above information on this description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications required of employees assigned to this job.


Client : Amerigas/UGI