SAP Security & Authorization Engineer

SAP Security & Authorization Engineer MassMutual - 3.7 Springfield, MA Job Details $128,000 - $168,000 a year 16 hours ago Benefits Commuter assistance Caregiver leave Paid holidays Health insurance Dental insurance 401(k) Tuition reimbursement Paid time off 401(k) 10% Match Bereavement leave Qualifications

SAP PI/PO SAP HANA

Information security Bachelor's degree

SAP S/4HANA

Systems & applications support Identity and access management (IAM) solutions Identity & access management Full Job Description Overview A career with us means you'll work alongside exceptional people and be empowered to reach your professional and personal goals. Our employees are at the foundation of what enables MassMutual to deliver on our purpose to help people secure their futures and protect the ones they love. We embrace the idea that we all are stronger and better through our support for one another. We strive to create a culture where employees feel valued and are celebrated for who they are. Job Description The Opportunity MassMutual is seeking a senior, hands‑on SAP Security & Authorization Engineer to directly design, build, test, and support SAP security across a large, complex SAP landscape. This role is execution‑focused and requires deep, day‑to‑day work in SAP systems while also serving as the primary technical authority and advisor for SAP security within Finance Technology. The successful candidate will spend the majority of their time working directly in SAP, resolving complex authorization issues, supporting audits, and partnering closely with project and business teams during SAP S/4 HANA and APEX‑related modernization initiatives, while also mentoring others through hands‑on collaboration. The Team S/4HANA & Enterprise Program Support Serve as the hands‑on SAP Security lead for S/4HANA programs, including: Role design, build, test and maintain business Fiori roles. Removal of deprecated tiles and update authorizations during upgrades Updates to company‑code‑driven and derived roles Actively support unit testing, SIT, UAT, performance, reporting, and training cycles, often involving large user populations. Resolve defects raised in various testing cycles by updating the roles. Work directly with developers and functional teams to: Assess security impacts Perform pre‑business testing Validate fixes prior to business testing The Impact Hands‑On SAP Security Delivery (Primary Focus) Personally design, build, test, and maintain SAP security roles and authorizations across SAP systems (S/4HANA, Fiori, HANA

DB, SAC, DATASPHERE, PAPM, ECC, BI, XI

) Perform hands‑on troubleshooting and remediation of complex authorization issues impacting Finance, HR, Procurement, BW, and reporting users. Provide direct production support, including urgent access issues, role corrections, and user remediation. Perform feasibility assessments for new technologies by doing Proof of Concepts/Technology Secure custom programs/tables working with the ABAP development teams. Execute monthly SAP Security Note reviews, support pack validation, and hands‑on regression testing. Actively support Sandbox, Development, QA, Pre‑Production, and Production environments. Identity, Access & GRC Integration Act as the hands‑on SAP security SME for:

IAMSTRONG

integrations Manager access reviews and transfer reviews. Segregation of Duties (SoD) and orphaned access remediation Personally support and troubleshoot ILM tooling related to onboarding, offboarding, audit controls, and access cleanup. Partner directly with IAM, ServiceNow, and security teams to modernize and stabilize access request and fulfillment processes. Audit, Risk & Compliance Personally support SAP audits, including access reviews, evidence collection, and remediation. Execute required security corrections directly in SAP to address audit findings. Serve as the primary technical contact for Audit, Business, Risk, and Compliance partners on SAP security matters. Technical Leadership & Knowledge Sharing Serve as the go‑to SAP security authority for Finance Technology. Mentor and support team members through direct collaboration and hands‑on problem solving. Create and maintain practical documentation and FAQs to improve self‑service and reduce repeat issues. Help prioritize work while remaining directly accountable for complex or high‑risk security changes. The Minimum Qualifications Bachelor's degree in IT or related field of study 8+ years of hands‑on SAP Security & Authorization experience. 8+ years demonstrated experience personally building, testing, and troubleshooting SAP roles in ECC 2+ years hands on experience

S/4HANA, HANA DB, SAC

(Security Analytical Cloud), Datasphere, PAPM, ECC, BI, PI systems 8+ years proven experience supporting production SAP systems in a large, multi‑instance landscape 2+ years experience supporting audit activities and remediation directly within SAP Preferred Qualifications Ability to balance BAU production support with major transformation initiatives. Strong communication skills with the ability to clearly explain security impacts to both technical and non‑technical partners Experience supporting

SAP S/4HANA

transformations or large ERP modernization programs Experience with building SAP S/4 Fiori roles from catalogs/groups and spaces/pages Experience with design and building of HANA database security roles with System, Object and Analytical privileges Experience working with Datasphere roles/scoped roles, SAC teams/Roles, role collections in BTP applications like PaPM, Cloud Identity Services. Familiarity with IAM, GRC, ILM, and automated access provisioning frameworks. Experience supporting analytics and reporting platforms integrated with SAP (BW, SAC, AO, etc.) Prior experience in financial services or other regulated industries. What Success Looks Like in This Role SAP security remains stable, compliant, and business‑enabling throughout ongoing S/4HANA and APEX initiatives Audit requests are handled efficiently with strong ownership and clear documentation Business partners experience responsive, well‑explained, hands‑on support. IAM and access management processes continue to improve through practical execution and collaboration The SAP Security team benefits from knowledge transfer, consistency, and technical mentorship What You Can Expect at MassMutual MassMutual offers the opportunity to do meaningful work within a purpose-driven organization that values long-term impact over short-term outcomes. In this role, you can expect: Clear areas of ownership and accountability, with work that connects directly to company and customer outcomes A collaborative environment where perspectives are welcomed Access to learning, development, and internal networks that support continuous growth and skill-building over time Employee-led communities and forums that foster connection, learning, and inclusion across the organization A culture grounded in integrity, responsibility, and stewardship—supported by a company with a strong legacy and a future-focused mindset #LI-SC1 MassMutual is an equal employment opportunity employer. We welcome all persons to apply. If you need an accommodation to complete the application process, please contact us and share the specifics of the assistance you need.

California residents:

For detailed information about your rights under the California Consumer Privacy Act (CCPA), please visit our California Consumer Privacy Act Disclosures page. MassMutual will accept applications on an ongoing basis until such time as a candidate has been offered employment. The job description includes the main duties of this position, which may evolve over time. You may be required to perform other duties not listed. It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment.

Salary Range:

$128,000-$168,000 Award-Winning Culture MassMutual is guided by a single purpose: We help people secure their future and protect the ones they love. As a company operated for the benefit of our members and participating policyowners, we are defined by mutuality and our vision to provide financial well-being for all Americans. It's more than our company structure — it's our way of life. We are a company of people protecting people. Our company exists because people are willing to share risk and resources and rely on each other when it counts. We strive to build a thriving community where everyone is valued, included, and feels that they belong. At MassMutual, we Live Mutual. How We Work MassMutual's flexible workplace approach combines the importance of connecting in person and the flexibility of working remotely. Our hybrid model puts collaboration first with employees coming in at least three days per week to our spectacular campus settings and also enjoying the flexibility of remote Fridays, company-wide remote weeks, and a bank of flexible remote weeks to use throughout the year. Benefits for the whole you (and your loved ones) There's more to your life than your job and there's more to your aspirations than a paycheck. We take a holistic view of compensation and benefits that provides the flexibility to create a healthy balance in your life for work, family, and community. We offer the benefits you'd expect, like medical, dental, 401(k), and generous vacation time, but we also offer ones you might not expect, like three paid days for volunteering, a $1,250 annual Well-Being Wallet, and up to 320 hours of caregiver leave. Explore some of our offerings below. Paid Time Off In addition to generous vacation time, paid holidays, and flexible holidays, MassMutual offers 'take care' time to care for yourself or someone you love—whether for physical illness or mental health. Health & Well-Being In addition to top-line medical and dental coverage, personalized mental health solutions, on-site and virtual health coaching, and much more, MassMutual reimburses employees up to $1,250 per year for eligible expenses supporting mental, physical, and financial well-being. Financial Well-Being In addition to competitive salaries and bonuses, educational assistance programs, and much more, MassMutual offers up to a 10% total 401(k) benefit, consisting of a 5% company match and a 5% annual contribution. Taking Care MassMutual offers generous maternity and parental leaves, as well as bereavement leave to mourn the loss of a loved one (and the employee defines 'loved one'). In addition, we offer up to 320 hours of caregiver leave to help employees support loved ones in times of need. Giving Back MassMutual offers three paid days for employees to volunteer with eligible nonprofits of their choice, and the MassMutual Foundation matches employee donation dollars to eligible nonprofit organizations up to $5,000 annually. Commuter Benefits MassMutual offers a Qualified Commuter Program through which eligible employees can pay qualified workplace commuting expenses with before-tax dollars, as well as a commuter wallet option for employees based at Boston and NYC campuses.