E
SAP Roles & Authorisations Workstream Lead (S/4HANA Public Cloud)
Exalto Consulting ltd
Contract
Remote friendly (Leicestershire)
United Kingdom
SAP Roles & Authorisations Workstream Lead (S/4HANA Public Cloud) - Contract
Exalto Consulting is supporting a confidential SAP cloud programme to appoint an experienced SAP Roles & Authorisations specialist to lead the workstream end-to-end.
This role is focused on delivery leadership, design governance, quality assurance, and audit-ready documentation. It is not a BAU security operations post and includes a structured handover at contract end.
What you'll do
Exalto Consulting is supporting a confidential SAP cloud programme to appoint an experienced SAP Roles & Authorisations specialist to lead the workstream end-to-end.
This role is focused on delivery leadership, design governance, quality assurance, and audit-ready documentation. It is not a BAU security operations post and includes a structured handover at contract end.
What you'll do
- Lead the Roles & Authorisations workstream, owning outcomes across the programme
- Provide day-to-day direction to an offshore delivery team responsible for role build, documentation and test evidence
- Assess the current role model and access usage, identify key risks, and recommend rationalisation/standardisation
- Define a target access model across:
- SAP S/4HANA Public Cloud
- SuccessFactors EC / EC-P
- SAP Analytics Cloud (SAC)
- SAP Datasphere
- Ensure designs are persona-based, least-privilege by default, and support controlled approvals and auditability
- Drive the delivery backlog and prioritisation for role builds and access changes
- Support SIT/UAT readiness by ensuring users/roles are provisioned correctly and validated
- Run stakeholder workshops and present design decisions/exceptions through governance forums
- Collaborate with corporate IAM/Active Directory teams (joiner/mover/leaver, groups, SSO concepts) to align SAP roles with wider access controls
- Workstream plan (milestones, dependencies, RAID)
- As-is access assessment and risk findings
- Target role design standards and naming conventions
- Role mapping matrix (current target)
- Role catalogues across the platforms in scope
- Access validation approach and persona-based test scripts
- Evidence packs to support sign-off and audit readiness
- Structured handover into BAU/security operations
- Proven delivery lead experience for SAP Roles & Authorisations on complex programmes
- Strong access model design experience for S/4HANA Public Cloud and connected SAP platforms
- Track record leading offshore-heavy delivery and assuring quality of outputs
- Strong stakeholder management and workshop facilitation skills
- Governance mindset: least privilege, documentation discipline, audit readiness
- Working knowledge of IAM/AD concepts sufficient to collaborate effectively (JML, groups, SSO)
- Experience in regulated environments / public sector
- Exposure to SoD processes/tooling (working with compliance/GRC)
- Experience using SAP Cloud ALM for traceability
- Inside IR35 / PAYE
- Hybrid working (details shared at shortlist stage due to confidentiality)
- Rate: £655 per day (Inside IR35 / PAYE)
- Start: ASAP, subject to BPSS screening
- Duration: until 30/06/2026 (current view)
JBRP1_UKTJ