Sap Access Management Lead

Location: Leeds, UK (Hybrid)

ABOUT THE WELLA COMPANY

Together, WE enable individuals to look, feel, and be their true selves. Wella Company is one of the world’s leading beauty companies, comprised of a family of iconic brands such as Wella Professionals, Clairol, OPI, Nioxin and ghd. With 6,000 employees globally, presence in over 100 countries, Wella Company and its brands enable consumers to look, feel, and be their true selves.

THE ROLE

The SAP Access Management Lead is accountable for designing, governing, and operating SAP security and access management across Wella's global SAP ecosystem, including ECC, S/4HANA, and connected platforms. This role ensures that the right people have the right access at the right time, safeguarding company data, IP, and operations while complying with regulatory frameworks (e.g. SOX, GDPR, ISO 27001). The role combines strategic leadership and hands-on governance, owning the target operating model, segregation of duties (SoD) framework, access management processes, and vendor-delivered services. The SAP Access Management Lead partners closely with Cybersecurity, Audit, SAP Basis, and Business Owners to align access policies with enterprise architecture, drive transformation, and embed secure-by-design principles across SAP platforms.

KEY RESPONSIBILITIES

• Governance & Strategy
  • Establish and own the SAP access management target operating model (business + IT)
  • Define and operate global SoD ruleset, partnering with access/risk owners to mitigate risks
  • Own all SAP access management controls, including SOX compliance
  • Develop SAP security and access management strategies, roadmaps, and transformation initiatives
  • Drive continuous service improvements in line with best practice and regulatory changes
• Policy, Standards & Control
  • Own and enforce SAP access management policies, standards, and procedures
  • Ensure quarterly access recertifications, joiner/mover/leaver processes, and mitigating controls are executed
  • Monitor SAP license consumption and drive corrective actions
  • Ensure security controls are embedded in new and upgraded SAP applications
  • Act as point of contact for audits, owning remediation of findings
• Provisioning & Operations
  • Oversee end-to-end provisioning, de-provisioning, and access lifecycle processes
  • Ensure automation, efficiency, and transparency in access workflows
  • Manage BAU vendor services for SAP access management, ensuring SLAs and performance targets are met
  • Oversee access-related incidents and breaches, ensuring swift resolution
• Transformation & Documentation
  • Lead SAP security transformation initiatives in collaboration with Audit and Cybersecurity
  • Build repeatable processes, methods, and tools for access management across Wella
  • Ensure complete and current documentation for all SAP security processes and controls
• Leadership & Collaboration
  • Provide strategic leadership, mentoring, and guidance to SAP access/security teams
  • Collaborate with Cybersecurity, Basis, Enterprise Architecture, and business stakeholders
  • Communicate complex technical concepts to non-technical stakeholders
  • Drive change and ensure alignment across diverse global teams

Key Skills & Competencies

• Deep understanding of SAP roles, authorizations, and access concepts
• Expertise in SoD frameworks, access certification, and GRC tools (SAP GRC, SailPoint ARM)
• Strong grasp of identity governance principles, compliance frameworks, and regulatory requirements (SOX, GDPR, ISO)
• Hands-on knowledge of ECC and S/4HANA core SAP security
• Strong leadership, vendor management, and change delivery skills
• Excellent problem-solving, stakeholder engagement, and communication abilities

ESSENTIAL SKILLS, EXPERIENCE & QUALIFICATIONS

Education

• Bachelor's degree in computer science, Information Systems, or related discipline
• SAP Security or GRC certification preferred

Experience

• 10+ years of professional experience in SAP security and access management
• Proven track record in delivering SAP security in large-scale, global organizations
• Experience implementing access control policies and processes in regulated industries
• Technical knowledge of SAP GRC, SailPoint ARM, and SAP core security (ECC, S/4)
• Strong vendor management and audit engagement experience
• Exposure to infrastructure security and modern identity governance tools

Key Performance Indicators (KPIs)

• Access Risk KPIs: % of users with SoD violations, % mitigated risks, role recertification completion rate
• Operational KPIs: Access provisioning SLA adherence, turnaround time for access requests, incident closure time
• Audit & Compliance KPIs: Audit readiness score, % of roles reviewed quarterly, policy violation trends
• Efficiency KPIs: % of access provisioning automation of access issues escalated reduction in dormant users

EEO OPPORTUNITIES

The Wella Company wants to meet the aims and commitments set out in its equality policy. This includes not discriminating under the Equality Act 2010 and building an accurate picture of the make-up of the workforce in encouraging equality and diversity. We offer equal employment opportunity to qualified individuals without regard to race, religion or belief, color, national origin, age, gender, disability, sexual orientation, gender identity, gender expression, marital or civil partnership, pregnancy and maternity, veteran status, or any other characteristic protected by law. Wella Company with federal and state disability laws and makes reasonable accommodations for applicants and employees with disabilities. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact us at: https://www.wellacompany.com/consumer-affairs

We strongly believe that cultivating a diverse workplace gives a company strength. The combination of unique skills, abilities, experiences and backgrounds creates an environment that produces extraordinary results.