IS Security Manager I

At Zimmer Biomet, we believe in pushing the boundaries of innovation and driving our mission forward. As a global medical technology leader for nearly 100 years, a patient’s mobility is enhanced by a Zimmer Biomet product or technology every 8 seconds. As a Zimmer Biomet team member, you will share in our commitment to providing mobility and renewed life to people around the world. To support our talent team, we focus on development opportunities, robust employee resource groups (ERGs), a flexible working environment, location specific competitive total rewards, wellness incentives and a culture of recognition and performance awards. We are committed to creating an environment where every team member feels included, respected, empowered and recognised.

What You Can Expect

SAP Security & GRC Access Control IT Manager is responsible for leading SAP Security / GRC Access Control delivery globally, ensuring user authorizations, access governance, sap security risks and related processes are effectively designed, implemented, monitored, and aligned with sap security leading practices, regulatory and business requirements.

He / She collaborates with SAP Security solution architects, Internal Controls, audit teams, and business stakeholders to ensure proper controls and processes are in place for SAP GRC Access Control. The IS Security & Controls Team lead is managing the relationships with vendors that assist Zimmer Biomet with performing SAP security work, coordinating AMS security team deliverables with AMS management. He/She leads a team of SAP Security / GRC subject matter experts and provides mentoring and coaching to the team members.

The role operates at a manager level, with accountability for SAP Security / GRC Access Control delivery ownership, stakeholder influence, and leading SAP Security /GRC Access Control team to drive operational excellence and security risk-based decision-making.

Work Location: Bangalore

Work Mode: Hybrid (3 Days in office)

How Youll Create Impact

• Oversee the design, implementation, and sustainment of the global SAP GRC Access Control 12 & IAG Bridge suite of programs, including user provisioning, segregation of duty management, emergency access, role management, workflow design and configuration
• Oversee the design, implementation, and sustainment of the global SAP role structure, including standard business roles, global process roles, derived roles, and associated SAP security processes
• Take accountability for success of GRC Access Control & IAG Bridge tasks, including ruleset and workflow configuration, new release implementation and automation through planning, design, build, test, and production deployment
• Take accountability for success of SAP security tasks across SAP Applications landscape globally, including planning, design, build, test, and production deployment
• Lead, manage and coach a team of SAP Security / GRC analysts, including managing team performance
• Understand, implement, and uphold leading practices as it relates to SAP security
• Drive continuous improvement and automation of GRC AC processes and tooling
• Assess complex governance requirements as it relates to SAP security, segregation of duties (SOD), role management, and super user access, then propose and implement recommendations
• Interact with Controls team members to help ensure SAP security is adequately addressing financial reporting, operational, and other compliance requirements
• Facilitate technical training for junior security team members on GRC AC and authorization design concepts
• Engage with colleagues across other SAP IT teams to align expectations and commitments, including process teams, testing, training, project management office (PMO), development and technical teams
• Manage relationships with vendors that assist us with performing SAP security or SAP GRC AC work
• Coordinate with AMS security support management
  
  

• Strong experience with SAP security authorization concepts across SAP components and SAP GRC Access Control 12
• Deep knowledge of SAP security design and implementation methodology, SAP business processes, user provisioning processes, security maintenance processes leading practices
• Experience managing IT teams, preferably with SAP
• Good understanding of segregation of duties frameworks
• Excellent written and verbal communication skills
• Strong project management and organizational skills
  
  

• Bachelor’s degree in information technology, Computer Science, Cybersecurity or related field Years of Experience
• 12+ years of progressive experience in SAP GRC Access Control and SAP Security on-prem and on-cloud required
• 4+ years in a lead or manager-level role, owning GRC Access Control and SAP Security operational delivery or teams
• Demonstrated experience working with internal and external auditors
  
  

• Strong experience and knowledge in GRC Access Control and/or IAG Bridge design and configuration required
• Strong experience and knowledge in sap security best-practice and role design on-prem and on-cloud solutions as S4HANA, MDG, BTP solutions, Ariba, SAP ERP, BW, HANA Database
  
  

• Identity & Access Management (IAM) platforms
• Cloud platforms (AWS, Azure) and cloud security concepts
• Application and data security controls
  
  

• SOX ITGC, GMP, NIST CSF
• Privacy regulations (e.g., GDPR )
  
  

• Data analysis and reporting tools (Excel, Power BI, dashboards)
• ITSM platforms (e.g., ServiceNow)
• Documentation and collaboration tools (e.g., SharePoint)
  
  

• 12+ years total experience in SAP Security, GRC Access Control
• Experience supporting global, multi-region organizations
• Experience operating in regulated industries (medical, financial, manufacturing, SaaS)
• SAP Certified Associate - Security Administrator preferred
• SAP Certified Technology Professional - System Security Architect preferred
• CISA, and/or applicable package specific certification