HI Coleen,

Thanks for boosting me up,Actually my main concerns is "CONFUSION", I mean i am always confused that should i stick to SAP GRC module.

I am working in this from last 20 months and have all my basics clear, i don't know how vast this module is to make career growth (in terms of money + repo) or should i change the module as i am also interested in other parts of SAP but not having experience in other parts.

Hi Pranjal

I see GRC as two component to it and sticking with it really depends on the career path you are interested in. It is a component that not all companies select (even when a lot do require it).

The first side of GRC is access controls (from GRC forum you are probably already across this). The main two modules used are for Segregation of Duties - SoD- (Access Risk Analysis) and Firefighter (Emergency Access Management). This component goes back to when it was a third party product with VIRSA as the name. On a lot of customer sites you will see those modules. However, Access Request Management is picking up, particularly in larger more complex landscapes, to reduce user administration overheads. In this space, password self service is common.

The difficulty I do find with GRC is it is not part of SAP core offering to new customers and it typically is driven by the IT department for improvement. I believe GRC should business driven of which IT processes is just one. If you think about it, SoD is about business risk

Continuing down the path of Access Controls with Security specialty is a good approach. This is where I am as it helps me understand full end to end system requirements. When roles are built you then need to think though provisioning of access and how to maintain it.

The other part of GRC is the Process Controls and Risk Management. I'm finding this as a growth area and it is more focused to your internal controls and risk frameworks. These modules may not be as common in companies but going down this path is more about the business risk.

It is difficult to comment on career growth and resulting career projection and remuneration as part of this is going to come back down to the sort of work that you do. I believe GRC is important and has a future, however, your future really depends on the opportunities that you seek.

As far as interests in other parts of SAP, what I love about GRC and Security is that you need to learn a little (and sometimes a lot) about all of the system. You don't just learn SU01 and PFCG transactions. Building a role is easy but knowing what the authorisations is and why we restrict is about learning the module and associated business process. Same with GRC, building a rule set is about learning function, risk, And/Or operators, etc. But knowing why it is a risk is business language and module knowledge.

Security and GRC provides diversity and that can never be bad for career future.

If you do not find security or GRC interesting then consider changing. But do remember you will risk going back to the start in a different area of SAP as you will be a beginner again (though you may learn faster as you know SAP concepts).

Regards

Colleen

Thanks Colleen,

This gives me hope to pursue my career in SAP GRC and Security yes you are right and may be after getting the various certifications in the same field could provide me a better opportunities in future.

Yes at this point its tough to change the module as you also said that i need to start it from scratch.

Again thanks for the great help Colleen.

Thanks

Pranjal Garg