• Support the implementation of security-compliant S/4HANA solutions by applying "Security by Design" and "Least Privilege" principles to functional and technical designs • Build and maintain SAP Security Roles, ensuring Segregation of Duties (SoD) is enforced and sensitive federal data is protected through robust authorization concepts • Execute processes to detect and mitigate insider threats and vulnerabilities, utilizing continuous monitoring frameworks and risk-reduction workflows • Assist in the administration of SAP GRC (Access Control / Process Control) or similar tools to facilitate automated audit logging and compliance reporting • Apply security requirements across PII-heavy modules (H2R), financial workstreams (B2R/P2R), and the Universal Journal • Contribute technical research and configuration support for Identity and Access Management (IAM), encryption standards, and secure interface integrations • Act as a key contributor during the audit lifecycle by collecting evidence, tracking inquiry statuses, and assisting in the remediation of audit findings • Provide program management assistance, including tracking security workstream milestones, maintaining resource schedules, and updating compliance forecasts • Generate and refine security posture reports and executive-level dashboards regarding risk exposure and SoD violations

• Lead efforts to enable security-compliant S/4HANA solutions, ensuring that functional and technical designs incorporate 'Security by Design' and 'Least Privilege' principles • Oversee the development of SAP Security Roles, ensuring Segregation of Duties (SoD) is maintained and that sensitive federal data is protected via robust authorization concepts • Assess and manage risk-reducing behaviors and processes, implementing continuous monitoring frameworks to detect and mitigate insider threats and external vulnerabilities • Drive the implementation of SAP GRC (Access Control / Process Control) or similar tools to automate audit logging and compliance reporting • Review and integrate security requirements across the Universal Journal, PII-heavy modules (H2R), and high-value financial workstreams (B2R/P2R) • Provide input into final decisions regarding cybersecurity tools, identity and access management (IAM), encryption standards, and secure integration with external interfaces • Manage and ensure compliance with federal mandates, such as NIST 800-53, FISMA, and the DATA Act, while preparing the organization for unmodified audit opinions • Facilitate the audit lifecycle, serving as the central point of contact for audit inquiries, managing the collection of evidence, and driving the remediation of any identified findings • Execute program management support functions for the security workstream, including staffing specialized cyber resources, budgeting for security software, and forecasting compliance needs • Monitor and report on security posture, providing executive-level dashboards on risk exposure, SoD violations, and the status of audit-readiness activities • Mentor and train junior team members, fostering a culture of risk awareness and technical excellence in SAP security configuration and audit techniques

• Design and implement secure and compliant identity solutions for government agencies • Modernize legacy systems and develop strategic roadmaps • Define cloud and on-prem security frameworks and architecture • Work with application owners and developers to integrate ICAM solutions • Create technical standards and integration patterns for ICAM implementation

• Work on the Enterprise Audit Support team in the Information Security organization. • Assist in controls assessment, compliance, planning annual self assessment, utilizing GRC tools, to ensure adherence to NIST 800-171 standards. • Create a consolidated slide deck for upcoming interviews. • Map controls to demonstrations, and update screenshots and demos for the next interview cycle. • Develop scripts from interview transcripts. • Establish an SOP for using AI tools for meeting notes and action items. • Track the storage and usage of recordings with the legal team.