SAP Security Analyst

Job Summary

Oldcastle Infrastructure Inc. (OII) is looking for a SAP Security Analyst. The analyst will architect, implement, and maintain SAP security access and user access controls for all SAP instances of the company. The role will work closely with SAP functional teams and the system integration partner to design and govern the SAP security framework for a large business process transformation program involving an S4 implementation.

Collaboration with Internal Audit, Risk, and Compliance teams will ensure audit requirements are met.

This role is hybrid and based out of our Sandy Springs, GA office.

• Design, manage and deploy a global SAP security model.
• Maintain and enhance the process for SAP security role maintenance and administration.
• Develop and maintain centralized GRC rule sets, workflows, and approvers for user provisioning/de‑provisioning, authentication/authorization/emergency access, and access recertification.
• Review business blueprint and functional specifications for SAP security role development, authorization, and user acceptance test plans; participate in cut‑over activities during go‑live.
• Design, implement, document, and maintain IT general controls for new and modified business and IT processes.
• Administer and provision security roles for SAP and non‑SAP applications that integrate with SAP.
• Conduct detailed analysis sessions with end‑users and business SMEs.
• Ensure security roles are appropriately assigned and thoroughly tested before deployment.
• Evaluate business risks associated with security role design; implement controls and recommend simplification.
• Identify role owners and automate role and user provisioning processes.
• Perform user access reviews and provide analysis for internal and external auditors.
• Work as part of the project team to coordinate development and determine project scope and limitations.
• Monitor, report, and remediate elevated role provisioning to ensure unauthorized access removal in live production.
• Ensure role provisioning and user access privileges comply with company security policies and SOX regulations.

• 7+ years of experience in application security.
• Deep understanding of SAP authorization concepts and role‑based access control.
• Knowledge of information security frameworks, methodologies, policies, standards, and best practices.
• Experience with identity and access management tools and processes.
• Strong understanding of SOX ITGC controls.
• Knowledge of IT risk management – NIST RMF.
• Ability to assess business role requirements, design authorization roles, and manage supporting authorizations.
• Capacity to address infrastructure‑level security concerns with the technical team.
• Provide guidance to SAP technical and non‑technical staff and Internal Audit stakeholders on SAP security frameworks.
• Demonstrated experience managing customer‑facing, strategic projects and application development projects.
• Strong analytical, problem‑solving, troubleshooting, and resolution skills.
• Collaborative team player with ability to work with individuals at various levels.
• Bachelor’s Degree in Computer Science, Information Technology, or related field.
• Experience with GRC security tools and SAP security administration.
• Experience working with vendor teams.

• Highly competitive base pay.
• Comprehensive medical, dental, and disability benefits.
• Group retirement savings program.
• Health and wellness programs.
• An inclusive culture that values growth, development, and internal promotion.

CRH has a long and proud heritage, comprising a collection of family businesses, regional companies, and large enterprises that together form the CRH family. The organization operates in a decentralized, diversified structure allowing employees to enjoy a small‑company environment with the career opportunities of a large international organization.

Oldcastle Infrastructure, a CRH Company, is an affirmative action and equal opportunity employer. EOE/Vet/Disability. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, status as a protected veteran, or any other characteristic protected under applicable federal, state, or local law.