About Sandro
PROFESSIONAL SUMMARY:
- SAP Security & GRC lead with 6+ years in global, regulated environments, delivering User Access Management, SoD/Riskcontrols, and Fiori authorization concepts across multi-country landscapes, including contribution to S/4HANA rollout andtransformation programs in Europe.
- Strong delivery mindset: translate business requirements into scalable role models (Business Roles, Master/Derived),drive backlog execution (Jira), and ensure audit-ready outcomes under tight SLAs.
- Experienced coordinating stakeholders across IT, business, and external partners (integrators, support teams) to alignscope, risks, dependencies, testing evidence, and go-live readiness for large SAP rollout/migration initiatives.
- Hands-on with SAP GRC Access Control (ARA/ARM/BRM/EAM), ChaRM transports, and troubleshooting (SU53,STAUTHTRACE, /IWFND), supporting cutover and hypercare activities when required.
- Fluent Spanish (native) and English (C1); available to travel across Europe.
CORE COMPETENCIES:
- SAP program delivery for Security & GRC workstreams: governance, RAID management, stakeholder alignment,milestone tracking
- SAP GRC Access Control: Access Request Management (ARM), Emergency Access (EAM/Firefighter), Access Risk Analysis(ARA/SoD), Business Role Management (BRM)
- SAP User Access Management & Authorizations: single/composite/master/derived roles, SU01/SU10 provisioning, SUIMreporting, SU24 maintenance
- SAP Fiori security: catalogs, groups, spaces/pages, target mappings, OData/SICF activation, hub & embedded setups.
- Change & transport management: ChaRM, SE01; incident/change handling in SLA-driven support models
- Tools: Jira, ServiceNow, HP ALM, BMC Remedy; documentation and traceability for audits (GxP-aligned controls)
- AI & automation: LLM-assisted triage and lightweight RAG pilots over SOPs/policies (security use cases)
Spanish
Native or bilingual
English
Fluent
Catalan
Fluent
Can work on-site
Valencia (up to 50km), Madrid (up to 50km), Barcelona (up to 50km)
Experience
- Boehringer IngelheimSenior System Analyst - (SAP Authorizations and SAP GRC)PHARMACEUTICALS INDUSTRYJune 2023 - Today (3 years)
- Own day-to-day delivery for SAP User Access Management and GRC Access Control, ensuring compliant accessprovisioning, SoD checks, and emergency access controls.
- Translate business and audit requirements into scalable role models (Business Roles, Master/Derived) and maintaingovernance across the role lifecycle (design, build, testing evidence, deployment).
- Coordinate with business, SAP technical teams, and external partners to manage dependencies, resolve authorizationissues, and keep milestones on track in regulated (GxP) contexts.
- Supported S/4HANA rollout go-live readiness for the Security & GRC stream: UAT authorization defect triage, roleadjustments, access risk validation, and hypercare stabilization.
- Drive backlog execution and SLA-based incident/change handling using Jira and ITSM tooling; ensure full traceability andaudit-ready documentation.
- Lead SAP Fiori authorization concept activities (catalogs, groups, spaces/pages, target mappings), including OData/SICF activation and troubleshooting with STAUTHTRACE and /IWFND logs.
- AccentureSAP Senior Security & GRC - Business & Integration Arch Analyst / Sr Arch AnalystPHARMACEUTICALS INDUSTRYNovember 2021 - May 2023 (1 year and 6 months)
- Delivered SAP Security & GRC work packages for enterprise clients, balancing operational support with continuousimprovement initiatives (role redesign, risk ruleset tuning, governance).
- Configured and supported SAP GRC Access Control modules (ARM/MSMP workflows, ARA risk analysis, EAM Firefightercontrols, BRM lifecycle governance).
- Collaborated with functional teams, Basis, and integrators to align authorization design with process design, testingcycles, and go-live readiness.
- Supported transport and change management processes (ChaRM), ensuring consistent deployments acrossenvironments and timely issue resolution.
- Provided reporting (SUIM, t-code usage) to inform access clean-up, least-privilege role design, and risk mitigationplanning.
- CapgeminiSAP Security & GRC ConsultantAGRICULTUREJune 2019 - October 2021 (2 years and 4 months)
- Implemented and maintained SAP authorizations and access governance across ECC landscapes, covering role build, userprovisioning, and troubleshooting (PFCG, SU53, SU24).
- Performed SoD/risk analysis and mitigation tracking in SAP GRC; supported Firefighter setup, assignment, and log reviewcontrols.
- Contributed to project delivery through requirements workshops, documentation, testing support, and closecollaboration with cross-functional teams.
- Handled incidents and changes in ticketing tools with end-to-end traceability (HP ALM, ServiceNow, Remedy).
Recommendations
Be the first to recommend Sandro
Help this freelancer shine by sharing your experience working together.
These freelancer profiles also match your criteria
Agatha Frydrych
Backend Java Software Engineer
4.7
(3)
2
Baptiste Duhen
Fullstack developer
4.6
(4)
5
Amed Hamou
Senior Lead Developer
4
(2)
7
Audrey Champion
Web developer
4.3
(3)
4
Education
- Ingeniería de TelecomunicacionesUniversitat Politécnica de Valencia2020