Role: ERP Security & Controls Manager
Location: Pune (Hybrid)
Life Unlimited. At Smith+Nephew, we design and manufacture technology that takes the limits off living.
Smith & Nephew (S+N) is a large multinational Medical Technology organization with an extensive Enterprise Applications ecosystem to run end-to-end business operations. ERPs form the core of this ecosystem and are tightly integrated with best-in-class systems such as Salesforce, Windchill, Movemedical, Maestro, Ariba, Workday and many more. At S+N, SAP serves as our primary and strategic ERP platform, running 80% of our operations and revenue. We are seeking an ERP Security and Controls Manager to oversee Security design and global SOX ITGC compliance across SAP ECC and Microsoft AX, while supporting and preparing for our strategic transformation to SAP S/4HANA. Therefore, this role is both strategic and pivotal, playing a key part in enabling Smith & Nephew's digital transformation and continued growth over the coming years. The ERP Security, Compliance & Quality Manager is responsible for designing, implementing, and governing Security and Control for SAP and AX. She/He will also represent SAP/AX Competency Centre during internal and external audits and driving the quality assurance across SAP and AX environments.
What will you be doing?
- Provide governance and oversight of SAP (ECC/S/4HANA) and AX security architecture, challenging designs, identifying risks, and ensuring remediation; co-drive design with architecture teams where needed.
- Govern roles, authorizations, and SOD compliance, including oversight of access reviews, sensitive access, and risk remediation; influence role design where required and lead license optimization.
- Own SOX ITGC controls for SAP and AX (primarily access management), with defined involvement in Change and Operations, collaborating with respective teams to ensure ERP compliance.
- Liaise with auditors, support audit cycles, and drive timely remediation of findings. Govern GRC tools and enforce security and compliance policies; monitor risk exposure and ensure remediation actions are implemented.
- Monitor risk exposure, report key metrics, and strengthen control frameworks and processes. Define and maintain SOD rulesets aligned with business processes, including mitigation and compensating controls.
- Drive continuous improvement and process optimization initiatives
- Security Architecture, Design and Build reviews. Participate in SOX/SOD audit activities.
- Ensures consistency of processes and procedures across SAP/AX Competency Centre.
- Focus on continuous improvement, that can help and support the company growth and strategy.
What will you need to be successful?
- Education: Bachelor’s / Master’s degree or equivalent experience in Computer Science, IT or related subject preferred.
- Licenses/ Certifications: (Optional)
- SAP certification: SAP Security Certifications
- ITIL Qualifications
- Experience: At least 10 years of IT experience, with 8+ years in SAP in ERP Security / GRC / Compliance roles.
- This role will be based in Pune and will be 2 days working from office in Hybrid mode. Shift Timing (12:30 PM – 9:30 PM IST) Monday to Friday.
- Significant experience in ERP Security / GRC / Compliance roles, including indirect leadership and management of cross-functional stakeholders in a global environment.
- Experience supporting ERP implementations or transformations (e.g., SAP S/4HANA) and working with globally distributed teams across multiple time zones.
- Experience managing global ERP environments. Proven experience handling audits.
- In-depth knowledge of SOX ITGC (including Access controls such as SOD and Sensitive Access) and broader compliance requirements.
- Overall functional knowledge of SAP and/or AX. Experienced in governing cross-functional solutions and ability to manage audit processes end-to-end.
- Excellent communication and stakeholder management. Analytical thinking and problem-solving mindset.
- High attention to detail and control orientation. Experience in a regulated industry, GXP Validated, and/or medical device company is preferred.
- Strategic mindset with strong business and technical acumen. Sound understanding of regulatory and security frameworks. Experience working with geographically distributed virtual teams.
- Ability to manage relationship with external service providers and external/internal audit teams. Ability to work with globally located, culturally diverse teams (e.g. India, US, UK...)
You. Unlimited.
We believe in crafting the greatest good for society. Our strongest investments are in our people and the patients we serve.
Inclusion + Belonging - Committed to Welcoming, Celebrating and Thriving. Learn more about our Employee Inclusion Groups on our website https://www.smith-nephew.com/
Other reasons why you will love it here!
- Your Future: Major Medical coverage + Policy exclusions and insurance non-medical limit. Educational Assistance.
- Work/Life Balance: Flexible Personal/Vacation Time Off, Privilege Leave, Floater Leave.
- Your Wellbeing: Parents / Parents in Law’s Insurance, Employee Assistance Program, Parental Leave.
- Flexibility: Hybrid Work Model (For most professional roles)
- Training: Hands-On, Team-Customized, Mentorship
- Extra Perks: Free Cab Transport facility for all employees, One Time Meal provided to all employees as per shift. Night Shift Allowances.
#L1 - YS1
Stay connected by joining our Talent Community .
We're more than just a company - we're a community! Follow us on LinkedIn to see how we support and empower our employees and patients every day.
Check us out on Glassdoor for a glimpse behind the scenes and a sneak peek into You. Unlimited. , life, culture, and benefits at S+N.
Explore our website and learn more about our mission, our team, and the opportunities we offer.