SAP GRC Senior Analyst

Apply now »

Date: 26-Nov-2021

Location: Bellville, Western Cape, South Africa

Company: Sanlam Group

Who are we?

Sanlam Life and Savings (SLS) is focused on serving our retail and corporate clients in South Africa and further developing our strategic advantages in the South African market. Sanlam Life and Savings consists of three clusters - Sanlam Corporate, Sanlam Retail Mass and Sanlam Retail Affluent. The Sanlam Life and Savings Office provides strategic direction, coordination and support to the three clusters, as well as performing governance oversight that includes assurance provided by second line of defense functions in SLS, to enable us to meet our business objectives.

What will you do?

The Finance Shared Services function is responsible for delivering the following services to Sanlam Life and Savings, as well as other Clusters within Sanlam that make use of SAP S/4 Hana and related finance systems:


  • The execution of shared financial transactions through the Finance Shared Services Centre.
  • Drive operational excellence and efficiency through finance process and technology optimisation.
  • Delivering an efficient financial control and compliance environment for SAP S/4 Hana and related finance systems.
  • Delivering on the consolidated financial reporting requirements for Sanlam Life and Savings.


The SAP GRC Senior Analyst role will be responsible for supporting the Head of SAP GRC in managing and delivering an efficient financial control and compliance environment for SAP S/4 HANA and related finance systems, with a focus on centralisation, standardisation, automation, and optimisation of financial control compliance processes. 


The SAP GRC CoE acts as a second line of defence in support of Business Units’ own financial control and compliance environments. The incumbent will partner with the Head of SAP GRC and Business Unit Heads to promote adherence to agree upon financial control compliance processes.  This role will furthermore be to support for the identification and reporting of non-compliance and recommendations on how this can be addressed.

What will make you successful in this role?


The key performance areas of this role include the following:

GRC Strategy Development:

  • Support the Head of SAP GRC in the development of the GRC strategy for SPF to ensure greater compliance to required standards.
  • Support various strategic initiatives ensuring greater compliance and awareness in support of realising the GRC strategy.


Financial Risk and Controls Support:

  • Act as second line of defence in the design, implementation and management of control processes and documentation by:
    • Supporting management in the identification, design and implementation of financial risk and controls through normal business as usual (BAU) operations and transformation initiatives (change in people/process/technology).
    • Documenting identified financial risks and controls in a risk and control matrix.
    • Defining and maintaining standards used to document financial risks and controls.
    • Assist control owners and control performers in business and IT with walkthroughs of controls
    • Maintaining the SAP Access Control ruleset to reflect the key access controls identified by business.



  • Continue to identify, design and implement optimisation opportunities in the financial control and compliance environment through innovation and automation.


Support SAP GRC Solution:

  • Support the management and delivery of financial controls through SAP Access Control 12 and Process Control 12 applications:
  • Schedule SOD Review workflows to risk owners
  • Maintain User Access review process in SAP Access Control
  • Maintenance of Access Control custom ruleset at conceptual and permission/action level
  • Run and interpret Access Risk Analysis reports and provide assistance to identify remedial actions
  • Document and maintain the risks, controls and control owners in the repository (Process Control)
  • Defining and documenting manual control procedure steps
  • Regular review of access (UAR) and mitigations against the access risk ruleset (periodic) with root cause analysis
  • Following up on escalation workflows for configuration control changes
  • Creation/testing of new automated business rules and assignment to controls
  • Monitor dashboards by GRC CoE on PC and investigate control exceptions
  • Actively monitor control deficiencies and remediation plans providing assistance to control owners
  • Provide Internal Team Training
  • Provide training for control performer and control owners in SAP Process Control


Stakeholder Integration

  • Support the Head of SAP GRC to operate as liaison between Business Unit management (first line of defence) and key stakeholders that include Internal Audit (3rd line of defence) and External Audit (4th line of defence).

Qualification and Experience



  • Bachelor’s degree in risk and compliance management, finance, audit or relevant field from a recognised institution.
  • Professionally accredited from a recognised industry body as a Certified Information Systems Auditor (CISA) or a Certified Internal Auditor (CIA) or Chartered Accountant (CA) is an added advantage.
  • SAP certification is an added advantage.



  • 5 years of functional experience in Finance or Risk Management.
  • 3 years comprehensive experience of internal audit, risk assessments, related methodology and terminology.
  • 3 years in-depth knowledge of Risk and Compliance processes and controls.
  • Functional experience in SAP Access Control, and SAP Process Control will be an added advantage
  • Audit or internal financial controls experience in SAP environment (S/4HANA) is an added advantage
  • Functional and basic technical understanding of SAP Fiori is an added advantage.
  • Functional and basic technical knowledge and understanding of S/4HANA Security is an added advantage.

Knowledge and Skills

Risk Management
Quality, compliance and risk management
Compliance and Risk Management monitoring
SAP Technologies

Personal Attributes

Interpersonal savvy - Contributing dependently
Decision quality - Contributing dependently
Action orientated - Contributing dependently
Optimises work processes - Contributing dependently

Build a successful career with us

We’re all about building strong, lasting relationships with our employees. We know that you have hopes for your future – your career, your personal development and of achieving great things. We pride ourselves in helping  our employees to realise their worth. Through its business clusters – Sanlam Personal Finance, Sanlam Emerging Markets, Sanlam Investments, Sanlam Corporate, Santam, Miway, as well as the Group Office – the group provides many opportunities for growth and development.

Core Competencies

Being resilient - Contributing dependently
Collaborates - Contributing dependently
Cultivates innovation - Contributing dependently
Customer focus - Contributing dependently
Drives results - Contributing dependently

Turnaround time

The shortlisting process will only start once the application due date has been reached. The time taken to complete this process will depend on how far you progress and the availability of managers.

Our commitment to transformation

The Sanlam Group is committed to achieving transformation and embraces diversity.  This commitment is what drives us to achieve a diverse, inclusive and equitable workplace as we believe that these are key components to ensuring a thriving and sustainable business in South Africa.  The Group's Employment Equity plan and targets will be considered as part of the selection process.