Requirements:-

• SAP Authorization Concept KnowledgeDeep understanding of **SAP role-based access control (RBAC)
• Proficiency in **PFCG (Profile Generator)** to create and manage roles and how to use CSI RMB tool
• Understanding of **authorization objects, fields, and profiles
• Design and maintenance of **single, derived, and composite roles + GRC Business Roles

• SAP KnowledgeFamiliarity with **common SAP modules** (e.g., FI, MM, SD, HR) for proper role design
• Understanding the business processes behind each module to assign appropriate access.
• General SAP Security Concepts knowledge in SAP ECC/ S4/HANA, EWM, BI/BW, SolMan, SLT, BCS
• Familiarity with HANA DB security (concepts)
• Support Audits (internal audit/financial audit)

• Segregation of Duties (SoD) and ComplianceGRC Access Control (Governance, Risk, and Compliance): Detects, monitors, and mitigates SoD risks and access violations.
• Access Risk Analysis (ARA)
• Emergency Access Management (EAM)
• Access Request Management (ARM)
• Business Role Management (BRM)
• GRC Process Controls
• Managing approval workflows for control assessments, issue remediation, and surveys.
• Configuring workflow-based authorizations (e.g., who can approve test results).
• Ensuring access to Master Data (e.g., organizations, subprocesses, controls) is restricted.
• Protecting survey/questionnaire templates and control test plans from unauthorized changes.
• Continuous Control Monitoring (CCM) Security  
• Technical Security Skills
• SAP Fiori & Web UI Security (if applicable)
• Securing the Fiori apps or web interfaces used in newer versions.
• Using Fiori catalog and group configuration to limit access.
• Connector & System Communication SecurityEnsuring secure connections between Process Control and backend systems (e.g., ECC, S/4HANA).
• Use of RFC destinations with limited and monitored access.
• Transport Management & System LandscapeManaging security in customization transports and ensuring sensitive roles aren’t accidentally moved to production.

• Monitoring & Auditing SkillsChange Log Monitoring
• Ability to audit who changed what, when, and why in the system.
• Setup of change log reports and security audits.
• Security Audit Log : Records critical security-relevant activities.
• Change Documents: Tracks changes to user and role data. 
• Reports on user roles, authorizations, transactions.
• Identify critical authorizations and users with high privileges.
• Trace authorizations during transaction execution.

• Cloud SecurityRole collections and OAuth scopes in SAP BTP (Business Technology Platform).
• IAS/IPS for identity provisioning and authentication.
• SAP Identity Authentication Service (IAS) and Identity Provisioning Service (IPS).
• Integration with corporate identity providers (e.g., Azure AD, Aquera)
• Configuring Single Sign-On (SSO) and Multi-Factor Authentication (MFA).

• SAP Business Technology Platform (BTP) SecurityUnderstanding of Subaccount-level security (spaces, roles, entitlements).
• Managing BTP role collections, application authorizations, and OAuth scopes.
• Using XSUAA (XS Advanced User Account and Authentication) for application-level security.