Winterhawk is the fastest growing, award-winning global SAP Security, GRC and Data Privacy consultancy practice.

We are always looking for highly motivated professionals to join our team. Here are some of the values and attributes we seek in our people:

  • Fluent in English (written and spoken), additional languages a huge benefit.
  • Excellent communication and customer-facing skills.
  • Possess a team player mentality, be “in it together”.
  • Inspire trust.

Some of our job postings are continuously running as we are recruiting and expanding into new global locations.

Do our company values match yours?

We post all new positions on LinkedIn.

Follow our LinkedIn company page to see the latest vacancies.

Follow us



Winterhawk does not accept unsolicited CV’s from agencies and therefore no ownership of such candidates will be given.

We retain the right to pursue and hire such speculative candidates without any obligation to any third-party terms and conditions, even when these are submitted with the CV.

We will not pay any agency fees associated with unsolicited third-party applications.


Current Vacancy

Job Title: GRC & Security Architect / Manager

Type: Full Time
Department: Operations
Band: SG6
Location: United Kingdom
Notes: All applicants must be legally authorised to work in the stated location.
Job relocation is not available for this position.
Visa Sponsorship is not available for this position.


We have an opening for an experienced SAP Security & GRC Architect/Manager to join our management team. This is a great opportunity to get involved in a number of exciting new projects.

At Winterhawk, we help our clients to proactively manage their technology risks and use their data to its full potential. Our team implements SAP Security and GRC solutions, providing assurance, advice and ongoing support to clients. Our projects can include delivery of business cases, roadmaps, system remediation work, process re-design, risk management solutions, data analysis, security solutions, compliance management and continuous controls monitoring.

The successful candidate will be adept at creating and nurturing relationships. In that capacity:

  • This role requires SAP Security and SAP GRC process, functional and technical knowledge, with an excellent grasp of business processes, to deliver projects and assurance services to our clients.
  • Exposure to GRC tools and technology from both a functional and technical perspective is essential. The role will be client-facing and will require relationship building across of range of industries.
  • You will be working with regional leads and partners to develop and execute programs which drive the sales pipeline.
  • A key part of this role will be building new partnerships and expanding our partner eco-system.
  • Further responsibilities include providing thought-leadership via social media, blogs/articles, videos, and speaking at events.

Candidate Requirements:

  • Fluent in English (written and spoken)
  • Excellent presentation skills
  • Excellent communication and client-facing skills
  • A team player mentality
  • Strong leadership skills and an ability to inspire

Experience and Skills:

  • Relevant Experience: A minimum of 8 years of experience in SAP Security and GRC related work.
  • Proven experience of successfully architecting, integrating, managing and delivering both SAP Security and SAP GRC services (including implementations, creating business cases and roadmaps, assurance reviews and maturity assessments)
  • An excellent understanding of SAP ERP and GRC technology platforms
  • Ability to align client and sector specific issues to our SAP Security and SAP GRC services
  • Proven delivery experience in enterprise risk management engagements
  • Experience in transformation and business change programmes
  • Process expertise in GRC areas e.g. risk management, compliance and regulation, controls automation, continuous controls monitoring and security
  • Proven working experience with regulatory compliance models and standards
  • Exceptional relationship/stakeholder management skills at all levels
  • Proven experience of successfully delivering technology risk services

SAP Security:

  • Detailed knowledge of SAP Security and Authorisations
  • Expertise in the design, creation and on-going maintenance of SAP User Roles across the SAP landscapes
  • Ability to provide/create security approaches, policies, procedures and documentation
  • Ability to produce audit reports and implement recommendations
  • Ability to work with Organisational Structures
  • Have gained exposure to Internal/External Audits
  • Blueprinting and implementation experience

SAP GRC Access Controls:

  • Experience in project design, configuration and rollout of all modules of SAP Access Controls
  • Detailed knowledge of addressing SAP Access Risks via remediation and mitigation

Experience in any of the following would be a bonus:

  • SAP Process Controls, SAP Audit Management, SAP Risk Management, SAP Business Integrity Screening, SAP Enterprise Threat Detection, SAP Global Trade Services, SAP Identity Management
  • Technologies such as Fiori, SuccessFactors, S4/HANA and/or ARIBA

To apply, please send resume and a covering letter to