Principal SAP Security Lead

Requisition ID # 167478 

Job Category: Information Technology 

Job Level: Manager/Principal

Business Unit: Information Technology

Work Type: Hybrid

Job Location: Oakland

Department Overview

Information Systems Technology Services is a unified organization comprised of various departments which collaborate effectively to deliver high quality technology solutions. The organization is responsible for strategic technology planning, roadmap development, solution design, solution delivery, and solution support. The SAP Security & Controls department provides Identity, Access & Controls Management services and support to all lines of businesses.

Position Summary

The SAP Security Lead will support the Propel Program and develop future ready strategies, linking the Business/Functional Architecture function to the IT Security Design & Architecture function. Leads application security, process, regulatory & compliance controls implementation and ensures requirements are met in an efficient, sustainable and adaptable manner.

PG&E is providing the salary range that can reasonably be expected for this position at the time of the job posting. This salary range is specific to the locality of the job. The actual salary paid to an individual will be based on multiple factors, including, but not limited to, internal equity, specific skills, education, licenses or certifications, experience, market value, and geographic location. The decision will be made on a case-by-case basis related to these factors. This job is also eligible to participate in PG&E’s discretionary incentive compensation programs.  

Pay range is:​ $147,000.00 - $218,900.00

This position is of hybrid work type, and candidates need to be able to come in person to our Oakland headquarters, 3 days a week, typically Tuesday to Thursday. 

Job Responsibilities

• Lead the design, implementation, and governance of SAP security architecture across multiple platforms including SAP S/4HANA, SAP BTP, SuccessFactors, Ariba, Fieldglass, Concur, and other integrated business applications.
• Develop and manage Access and Process Control, Identity Management, Business Roles, Entitlements, and User Administration frameworks to ensure secure and compliant access across the SAP ecosystem.
• Architect and implement role-based access control (RBAC) and attribute-based access control (ABAC) models tailored to business needs and regulatory requirements.
• Integrate SAP security solutions with IAM systems, built on SailPoint technology for centralized identity governance and lifecycle management.
• Collaborate with cross-functional teams to define and enforce security policies, standards, and procedures for SAP and related enterprise applications.
• Conduct risk assessments and security audits to identify vulnerabilities and recommend mitigation strategies.
• Oversee the provisioning and de-provisioning processes, ensuring timely and secure access for internal and external users.
• Lead incident response and troubleshooting for SAP security-related issues, including access anomalies and compliance violations.
• Stay current with SAP security innovations, regulatory changes, and emerging threats to continuously improve the security posture of the organization.
• Coach the SAP security analyst, provide guidance, mentorship.
• Work closely with IT, compliance, and audit teams to ensure alignment on security practices.
• Identify opportunities for process improvements and automation in SAP security operations.
• Lead initiatives to enhance the overall security posture of the SAP landscape.
• Stay current with the latest SAP security technologies, trends, and best practices. 

Qualifications

Minimum:

• BA/BS degree in Computer Science, Engineering, Business or related field or equivalent experience

• 10 years of experience in IT, with a strong foundation in enterprise systems, infrastructure, and application security
• 7 years of hands-on experience in SAP Security Architecture, including administration, role design, and project delivery across SAP S/4HANA, SAP BTP, and SaaS platforms such as SuccessFactors, Ariba, Fieldglass, and Concur
• Leadership experience, including mentoring teams, driving strategic initiatives, and managing cross-functional collaboration
• Demonstrated success in process improvement and technology optimization, particularly in access management, identity governance, and compliance controls
• Deep understanding of enterprise architecture principles, with the ability to align SAP security design with broader IT and business strategies

Desired:

• Knowledge of audit and compliance standards such as SOX, NERC CIP, GDPR, and how they apply to SAP environments.
• Strong communication and stakeholder engagement skills, with the ability to translate technical concepts into business value.
• Exposure to cloud security models and hybrid architectures involving on-premises and cloud-based SAP applications.
• Experience integrating SAP security with identity governance platforms such as SailPoint, including lifecycle management, entitlement modeling.
• Experience in the utility industry, with familiarity in regulatory frameworks, operational risk, and compliance requirements specific to energy or infrastructure sectors.