GRC Access Control Manager

Our client, a multinational company of Germany origin, present in over 100 countries and operating in the fragrance, flavor, and cosmetic ingredients industry, is currently looking for a GRC Access Control Manager based in Barcelona.

Requirements

• Proven experience in SAP Access Control (request workflows, SoD analysis, firefighter/emergency access, access reviews), ideally in global enterprise environments.
• Strong understanding of SAP authorization concepts and the practical interaction between role design, provisioning, controls, and business processes (ECC/S/4HANA).
• Demonstrated ability to design and operate scalable access governance processes, aligning security, compliance, and business efficiency goals.
• Strong analytical and problem-solving capabilities, including the ability to translate control requirements into clear workflows, rulesets, and actionable stakeholder guidance.
• Excellent communication and stakeholder management skills in international environments, including facilitation with business owners, IT teams, audit/compliance, and external partners.
• A proactive, structured, and customer-focused mindset - able to lead improvements, drive adoption, and deliver measurable results without formal direct authority.
• Fluency in English (written and spoken). German (and/or French, Spanish) is a strong advantage for collaboration with regional units.
• Typically 5+ years of relevant experience in SAP security/authorizations, GRC access control, IAM governance, or compliance-related access management roles.
• Certifications are a plus, but hands-on delivery and stakeholder impact are key.

Key responsibilities

• Own and continuously enhance the global SAP Access Control operating model, including request workflows, approvals, provisioning controls, emergency access, and periodic review processes.
• Embed GRC-by-design into SAP programs and rollouts (ECC/S/4HANA and beyond), ensuring access governance and control requirements are considered early in project planning and execution.
• Manage and optimize access request processes via GRC, including role-based access, privileged access (Firefighter/EAM), and compliant approval flows aligned with audit expectations and business needs.
• Drive Segregation of Duties (SoD) governance, including rule set maintenance, risk analysis, mitigation workflows, and remediation planning together with process and control owners.
• Establish and run access review and recertification activities (periodic reviews), ensuring strong manager visibility, clear accountability, and measurable completion/quality rates.
• Partner with IAM and SAP Security/Authorization teams to ensure consistent role design principles, clean interfaces between systems, and high-quality identity/authorization data across the tool chain.
• Deliver reporting and transparency for stakeholders (business and IT), including SoD risk posture, firefighter usage, review progress, and key control KPIs.
• Support internal/external audits by providing evidence, control narratives, and continuous improvement actions for GRC-related findings and control enhancements.
• Develop, maintain, and communicate policies, procedures, and user guidance for access governance - ensuring clarity, usability, and adoption across regions and functions.
• Enable and train stakeholders (requestors, approvers, role owners, key users) on GRC processes, decision responsibilities, and best practices to reduce cycle times and improve control quality.
• Act as a proactive problem-solver for access-related incidents and process breakdowns, driving root-cause analysis and sustainable remediation.

Benefits

• Competitive salary & benefits
• Private health & life insurance
• Hybrid work model in Poblenou
• International, innovative team