SAP Security & Authorization Engineer

The Opportunity

MassMutual is seeking a senior, hands‑on SAP Security & Authorization Engineer to directly design, build, test, and support SAP security across a large, complex SAP landscape. This role is execution‑focused and requires deep, day‑to‑day work in SAP systems while also serving as the primary technical authority and advisor for SAP security within Finance Technology.

The successful candidate will spend the majority of their time working directly in SAP, resolving complex authorization issues, supporting audits, and partnering closely with project and business teams during SAP S/4 HANA and APEX‑related modernization initiatives, while also mentoring others through hands‑on collaboration.

The Team

S/4HANA & Enterprise Program Support

• Serve as the hands‑on SAP Security lead for S/4HANA programs, including:
  • Role design, build, test and maintain business Fiori roles.
  • Removal of deprecated tiles and update authorizations during upgrades
  • Updates to company‑code‑driven and derived roles
• Actively support unit testing, SIT, UAT, performance, reporting, and training cycles, often involving large user populations.
• Resolve defects raised in various testing cycles by updating the roles.
• Work directly with developers and functional teams to:
  • Assess security impacts
  • Perform pre‑business testing
  • Validate fixes prior to business testing

The Impact

Hands‑On SAP Security Delivery (Primary Focus)

• Personally design, build, test, and maintain SAP security roles and authorizations across SAP systems (S/4HANA, Fiori, HANA DB, SAC, DATASPHERE, PAPM, ECC, BI, XI)
• Perform hands‑on troubleshooting and remediation of complex authorization issues impacting Finance, HR, Procurement, BW, and reporting users.
• Provide direct production support, including urgent access issues, role corrections, and user remediation.
• Perform feasibility assessments for new technologies by doing Proof of Concepts/Technology
• Secure custom programs/tables working with the ABAP development teams.
• Execute monthly SAP Security Note reviews, support pack validation, and hands‑on regression testing.
• Actively support Sandbox, Development, QA, Pre‑Production, and Production environments.

Identity, Access & GRC Integration

• Act as the hands‑on SAP security SME for:
  • IAMSTRONG integrations
  • Manager access reviews and transfer reviews.
  • Segregation of Duties (SoD) and orphaned access remediation
• Personally support and troubleshoot ILM tooling related to onboarding, offboarding, audit controls, and access cleanup.
• Partner directly with IAM, ServiceNow, and security teams to modernize and stabilize access request and fulfillment processes.

Audit, Risk & Compliance

• Personally support SAP audits, including access reviews, evidence collection, and remediation.
• Execute required security corrections directly in SAP to address audit findings.
• Serve as the primary technical contact for Audit, Business, Risk, and Compliance partners on SAP security matters.

Technical Leadership & Knowledge Sharing

• Serve as the go‑to SAP security authority for Finance Technology.
• Mentor and support team members through direct collaboration and hands‑on problem solving.
• Create and maintain practical documentation and FAQs to improve self‑service and reduce repeat issues.
• Help prioritize work while remaining directly accountable for complex or high‑risk security changes.

The Minimum Qualifications

• Bachelor's degree in IT or related field of study
• 8+ years of hands‑on SAP Security & Authorization experience.
• 8+ years demonstrated experience personally building, testing, and troubleshooting SAP roles in ECC
• 2+ years hands on experience S/4HANA, HANA DB, SAC (Security Analytical Cloud), Datasphere, PAPM, ECC, BI, PI systems
• 8+ years proven experience supporting production SAP systems in a large, multi‑instance landscape
• 2+ years experience supporting audit activities and remediation directly within SAP

Preferred Qualifications

• Ability to balance BAU production support with major transformation initiatives.
• Strong communication skills with the ability to clearly explain security impacts to both technical and non‑technical partners
• Experience supporting SAP S/4HANA transformations or large ERP modernization programs
• Experience with building SAP S/4 Fiori roles from catalogs/groups and spaces/pages
• Experience with design and building of HANA database security roles with System, Object and Analytical privileges
• Experience working with Datasphere roles/scoped roles, SAC teams/Roles, role collections in BTP applications like PaPM, Cloud Identity Services.
• Familiarity with IAM, GRC, ILM, and automated access provisioning frameworks.
• Experience supporting analytics and reporting platforms integrated with SAP (BW, SAC, AO, etc.)
• Prior experience in financial services or other regulated industries.

What Success Looks Like in This Role

• SAP security remains stable, compliant, and business‑enabling throughout ongoing S/4HANA and APEX initiatives
• Audit requests are handled efficiently with strong ownership and clear documentation
• Business partners experience responsive, well‑explained, hands‑on support.
• IAM and access management processes continue to improve through practical execution and collaboration
• The SAP Security team benefits from knowledge transfer, consistency, and technical mentorship

What You Can Expect at MassMutual

MassMutual offers the opportunity to do meaningful work within a purpose-driven organization that values long-term impact over short-term outcomes. In this role, you can expect:

• Clear areas of ownership and accountability, with work that connects directly to company and customer outcomes 
• A collaborative environment where perspectives are welcomed  
• Access to learning, development, and internal networks that support continuous growth and skill-building over time 
• Employee-led communities and forums that foster connection, learning, and inclusion across the organization 
• A culture grounded in integrity, responsibility, and stewardship—supported by a company with a strong legacy and a future-focused mindset

#LI-SC1

MassMutual is an equal employment opportunity employer. We welcome all persons to apply.

If you need an accommodation to complete the application process, please contact us and share the specifics of the assistance you need.

California residents: For detailed information about your rights under the California Consumer Privacy Act (CCPA), please visit our California Consumer Privacy Act Disclosures page.