SAP GRC & IT Risk Manager

About the role
The SAP GRC & IT Risk Manager is accountable for the end-to-end management, performance, and strategic direction of Nexperia’s SAP GRC application (Access Control & Process Control). This role ensures that SAP GRC aligns with business goals, supports compliance and audit requirements, and enables robust risk and control management across the global business and IT organizations. The position serves as a key counterpart to the second line of defense, collaborating closely with Internal Control, Business Process Owners, and IT Management. The role also includes direct team leadership and global coordination.

What you will do

• Define and drive the SAP GRC roadmap in alignment with business and compliance objectives.

• Team Leadership: Manage and support a team member in Malaysia, providing day-to-day direction and development.

• Serve as the primary interface between IT, audit, and business stakeholders for all SAP GRC and IT risk matters.

• SAP GRC Ownership: Own and maintain the SAP GRC application from a technical and functional perspective, ensuring it meets business, compliance, and IT requirements.

• System Management: Oversee system monitoring, upgrades, transports, patching, release management, user & role management, and technical activities in SAP GRC.

• Access Control: Manage SAP GRC Access Control (ACM), including ruleset design, SoD conflict management, Firefighter process oversight, and mitigating controls.

• Process Control: Manage SAP GRC Process Control (PCM), including master data, control assessments, continuous control monitoring (CCM), and system maintenance.

• Audit & Compliance: Support for annual audits, provide evidence and reports, and ensure audit readiness. Perform and review internal controls for IT.

• Risk & Control: Act as the strategic counterpart to the second line of defense, translating business risk and control requirements into SAP GRC solutions.

• Incident Management: Act as the escalation point for major technical issues, coordinating with SAP OSS and other support channels.

• Continuous Improvement: Identify and implement improvements in SAP GRC architecture, processes, and tools.

• Documentation & Training: Maintain comprehensive documentation and provide guidance to IT and business users on SAP GRC processes.

• User Lifecycle Management: Oversee provisioning and de-provisioning processes, ensuring secure and efficient access across SAP systems.

• Administer the end-to-end compliance workflow, including scheduling and launching Control Self-Assessments (CSAs) and Tests of Effectiveness (TOEs).

What you will need

• Bachelor’s or Master’s degree in Information Technology, Business Informatics, or a related field.

• 10+ years of experience in SAP GRC, SAP Security, or IT compliance roles.

• Proven experience in audit, risk, or compliance, ideally with exposure to a Big 4 firm (Deloitte, EY, KPMG, PwC) or similar.

• Deep expertise in SAP GRC Access Control and Process Control (front-end and back-end), including configuration and issue remediation.

• Strong understanding of risk management, internal controls, and audit processes in global organizations.

• Hands-on experience with SAP Basis, user and role management, patching, and release management.

• Experience working in a global enterprise environment and managing teams in a matrix structure.

• Proven ability to translate business requirements into effective technical solutions.

• Excellent stakeholder management, communication, analytical, and problem-solving skills.

• Relevant certifications (e.g., SAP System Security & Authorizations, CISA, CISM) are a plus.

• Excellent command of English (German language skills are a plus)

• Ability to ensure secure, compliant, and efficient SAP GRC operations across the IT landscape.

• Ability to drive audit readiness and internal control effectiveness.

• Acts as the link between IT teams, business process owners, and auditors.

• Ensures all control evidence is properly documented and stored for audit purposes.

• Experience managing and developing direct reports.

Talent acquisition based on Nexperia vacancies is not appreciated. Nexperia job adverts are Nexperia copyright © material and the word Nexperia® is a registered trademark.

D&I Statement

As an equal-opportunity employer, Nexperia values diversity not just because it is the right thing to do but because diverse teams perform better. We are dedicated to being inclusive, and a proof point of this dedication is that we were the main partner of the very first Dutch Paralympic Team NL House during the Paris 2024 Paralympic Games. Our recruitment process is inclusive and accessible to all, and we consider all applicants fairly, as well as providing a safe work environment and reasonable adjustments where requested.

In addition, we offer our colleagues the possibility to join employee resource groups such as the Pride Network Group or global and local Women's groups. Nexperia is committed to increasing women in management positions to 30% by 2030.