Unleash Your Potential at L'Oréal's Beauty Tech!
Who Are We?
For 115 years, L’Oréal, the world’s leading beauty player, has devoted itself to one thing only: fulfilling the beauty aspirations of consumers around the world.
For more than a century, L’Oréal has devoted itself solely to one business: Beauty. Present in 150 countries across five continents and with €42 billion consolidated sales, L'Oréal is the global industry leader. With 37 global beauty brands across four divisions, L’Oréal offers beauty for each covering all beauty categories and catering to all beauty desires. With the acquisition of the Australian brand Aēsop in 2023, the Group continues to expand its portfolio through targeted acquisitions as part of its drive to create the future of beauty.
Today, L’Oréal includes more than 2,000 tech professionals and is constantly growing. Beauty Tech is changing the game and leading the shift towards new consumer realities and a digital disruption. Championing Beauty Tech, we invent the beauty of the future while becoming the company of the future.
Beauty Tech is how we know our consumers intimately, augmenting their beauty journeys with unparalleled diverse and sustainable experiences. Beauty Tech equips the Group with the key assets it needs to conquer this new world, where Tech has become strategic. With this ambition, L’Oréal continues to recruit diverse, innovative, skilled and passionate minds in different tech domains such as Data, Digital, Cloud, Cyber Security, IT Architecture, DevOps, Applications and Infrastructure.
A Day in the Life of SAP Authorizations & Security Lead !
The SAP Authorizations & Security Lead orchestrates the Role-Based Access Control (RBAC) framework in SAP (design, creation, derivation, valorization, implementation and maintenance) across S/4HANA and ECC environments. You act as the guardian of the Segregation of Duties (SoD) framework, leading a team dedicated to role engineering governance. You bridge the gap between global security policies and local execution, ensuring audit‑ready compliance for both legacy ECC and transformation‑stage S/4HANA landscapes.
In this role, You will..
Be responsible for the following:
- Team Leadership: Manage and mentor a team of SAP Authorization specialists, centralizing the role maintenance and ensuring alignment with Global standards, least privilege principle and Segregation of Duties rules.
- RBAC Framework Ownership: Define and maintain the global SAP Role-Based Access Control (RBAC) strategy across the landscape (S/4HANA, ECC, Fiori, BTP), ensuring the "Least Privilege" principle is technically enforced.
- S/4HANA Transformation: Drive the security roadmap for the migration from legacy ECC (Task-based) to S/4HANA (Business Process/App-based) authorizations, specifically managing the complexity of Fiori catalogs, groups, and OData services.
- Custom Code Security: Partner with the Development teams to review custom ABAP code, ensuring that AUTHORITY-CHECK objects are correctly implemented, and that custom transactions do not bypass standard security.
- Complex Troubleshooting: Provide "Level 4" expertise for the most complex authorization issues, architectural changes, or security breaches, performing deep-dive traces (ST01/STAUTHTRACE) and log analysis.
- Identity Integration: Act as the primary functional bridge between the SAP Security domain and the Global IGA (Saviynt) team to ensure seamless end-to-end provisioning and identity lifecycle management.
- ITSM: Deliver and oversee the end‑to‑end IT service lifecycle for SAP authorizations (incidents, changes, service requests), ensuring SLA compliance in coordination with AMS and project teams.
- Stakeholder Management & Global Service Delivery: Oversee day-to-day AMS delivery in India and lead key operational rituals (standups, follow-up meetings) in line with ITIL practices.
- Technical Authority & Operational Excellence: Act as the highest level of expertise (“Level 4”) for complex authorization issues, architectural changes and security incidents across S/4HANA, ECC, Fiori and related SAP technologies.
What are we looking for?
For the skills listed below, we distinguish three proficiency levels:
- Expert level: You can independently design, build and troubleshoot complex solutions in this area. You are the go‑to person for this topic and can guide other developers when needed.
- Strong experience: You have solid hands‑on experience and can work autonomously on most tasks in this area, occasionally consulting an expert for very advanced cases.
- Working knowledge / exposure: You understand the main concepts and can contribute with some guidance. You can maintain and adapt to existing solutions and are willing to deepen your skills on the job.
Transversal Skills
- Strategic vision: Ability to align SAP authorization design and constraints with global business processes and security policies.
- Executive communication: Comfortable presenting complex authorization and SoD topics to Finance, Security, Internal Control and top management in a clear and structured way.
- Leadership & team development: Experience leading and mentoring SAP authorization teams or service lines, giving direction, feedback and support in a GCC / AMS model.
- Multicultural collaboration: Experience working with distributed, multicultural and multilingual teams (India, Europe, Americas), adapting communication and ways of working.
- Stakeholder management: Ability to coordinate effectively with business, IT, AMS, IGA and audit stakeholders, manage expectations, and drive decisions.
- Analytical & risk mindset: Strong focus on risk awareness, control design and compliance, with the ability to prioritize and arbitrate based on risk and business impact.
Technical Skills
Must-Have
- SAP authorizations & security (expert level / strong experience): Expert-level or strong experience in SAP S/4HANA (including Fiori/OData) and ECC authorization concepts (roles, profiles, organizational levels), including design and maintenance of role concepts and RBAC frameworks.
- ECC & S/4HANA role engineering (strong experience): Strong experience with the ECC Profile Generator (PFCG), derived/composite roles, organizational levels and with S/4HANA authorization models, able to design clean and scalable role naming conventions.
- Fiori & S/4HANA security (strong experience): Strong experience with Fiori catalogs, groups, spaces/pages and OData service activations (/IWFND/MAINT_SERVICE), with a clear understanding of the shift from T Code based to app-based access.
- ABAP & custom code security (working knowledge / strong experience): Working knowledge or strong experience in reading and analyzing ABAP code to verify AUTHORITY CHECK usage and identify authorization objects in custom developments; ability to challenge and support development teams on secure coding.
- Identity lifecycle & HR-driven provisioning (strong experience): Strong experience with the Joiner Mover Leaver (JML) process and HR driven provisioning (HCM / SuccessFactors triggers based on position/job code) and how they translate into SAP role assignments.
- Cloud & BTP security (working knowledge / exposure): Working knowledge or exposure to SAP Business Technology Platform (BTP) security (XSUAA, role templates, scopes) in the context of “clean core” and side by side extensions.
- ITSM & AMS governance (strong experience): Strong experience using ITSM tools and processes (incident, change, request, problem) and working with AMS teams to deliver SAP authorization services in line with SLAs.
Nice-to-Have
- SAP training & certification (working knowledge / exposure validated): Completion of SAP authorization/security curriculum such as ADM940/ADM945/ADM950 and/or SAP authorization/security certifications.
- Audit & security certifications (exposure validated): CISA (Certified Information Systems Auditor) or CISM (Certified Information Security Manager) are highly valued for an Authorization Lead, without being mandatory.
- Analytics & automation tools (working knowledge / exposure): Proficiency in Power BI, PowerApps and Power Automate for automating access controls, reports and workflows.
- GRC & IGA tools (working knowledge / exposure): Good understanding of SAP GRC Access Control and IGA tools such as Saviynt, and ability to collaborate closely with GRC and IGA teams.
What’s In It for You?
- Working with cutting edge Technology, empowering employees with new age learning, global exposure, and opportunities to build future-ready careers.
- A flexible and modern workplace, enabling teams to perform at their best through a smart hybrid model that supports balance and autonomy. A 3 Day in Office, 2 Day Work from Home setup.
- Employee support at every life stage, with inclusive and progressive parental policies that help individuals and families thrive.
- Holistic wellbeing offerings - personalized health benefits and strong mental wellness support to ensure employees feel their best.
- Reward and Recognition opportunities, long-term incentives, and opportunities to share in L’Oréal’s collective success.
- L'Oreal is an Equal Opportunity Employer and takes pride in a diverse environment
Good to know: The Recruitment Process
- Interview with HR
- Technical Interview
- Interview with the hiring manager
We would love to find out more about you as a candidate and we do not discriminate in recruitment, hiring, training, promotion, or other employment practices. The beauty we find in our differences gives us the freedom to go beyond. That’s the beauty of L’Oréal.
- You can apply to up to three jobs within a rolling 30-day window.
- Μπορείτε να υποβάλετε αίτηση για έως και τρεις θέσεις μέσα σε ένα κυλιόμενο παράθυρο 30 ημερών. Δεν μπορείτε να αποσύρετε την αίτησή σας μετά την υποβολή της αίτησης, οπότε φροντίστε να επιλέξετε μια θέση που να ταιριάζει με τα όνειρά σας. Επισκεφτείτε τον "Χώρο Αιτήσεων" για να δείτε τις θέσεις στις οποίες έχετε ήδη υποβάλει αίτηση.
- Δεν μπορείτε να υποβάλετε αίτηση σε αυτήν τη θέση επειδή έχετε ήδη υποβάλει αίτηση σε τρεις θέσεις τις τελευταίες 30 ημέρες. Επισκεφτείτε τον "Χώρο Αιτήσεων" για να δείτε τις θέσεις στις οποίες έχετε ήδη υποβάλει αίτηση.
- Please don’t create another account with a different email. If you do so, your account might be merged and your application record will be deleted.