Nihir Mehta
ACCESS GRANTED N. MEHTA · SECURITY ENGINEER
01SECURITY ENGINEER - SAP SECURITY & GRC

Nihir
Mehta

I design who gets access to what, inside the SAP systems that run global enterprises — then prove it, transaction by transaction, to the auditors who check my work.

500+
PFCG ROLES
DESIGNED
100+
SoD CONFLICTS
RESOLVED
3+
FULL LIFECYCLE
IMPLEMENTATIONS
20%
FUE LICENCE
COST CUT
open SoD conflict remediated / compliant
SAP S/4HANA·PFCG·SAP FIORI·GRC ACCESS CONTROL 12.0·SAP BTP·FUE LICENSING·RISE WITH SAP·SAML 2.0 / OAUTH 2.0· SAP S/4HANA·PFCG·SAP FIORI·GRC ACCESS CONTROL 12.0·SAP BTP·FUE LICENSING·RISE WITH SAP·SAML 2.0 / OAUTH 2.0·
02PROFILE

Three years in the access layer of SAP.

Consultant, SAP Security & GRC (Security Engineer II) at Deloitte USI, Bengaluru. My work sits at the join of security and audit — inside SAP S/4HANA, across Greenfield and Brownfield implementations alike, building the authorization models that decide, transaction by transaction, what a role is allowed to touch.

PFCG role design, Fiori launchpad authorization, SAP GRC Access Control, BTP identity, and the FUE licensing math that determines what a seat actually costs — three Client Excellence awards along the way, and zero SoD findings ever escalated to a Big 4 auditor.

03EXPERTISE

Six systems. One access model.

S/4HANA Security & Role Design

500+ PFCG roles across FI/CO, MM, SD and PM. SU24/SU25 upgrade steps, STAUTHTRACE and SUIM-driven access debugging across 3+ full-cycle implementations.

SAP Fiori Security

Authorization model for 50+ Fiori apps — OData services, ICF nodes, business catalogs and launchpad tile visibility, cutting incident resolution time by ~40%.

SAP GRC Access Control 12.0

SoD risk analysis and ARA remediation — 100+ conflicts resolved to a 99% compliance rate, plus MSMP workflow routing and BRF+ agent rules.

SAP BTP Security

10+ subaccounts secured with role collections, IAS/IPS identity federation, and SAML 2.0 / OAuth 2.0 SSO trust configuration.

FUE Licensing

Classified 300+ user roles against Advanced, Core and Self-Service Use metrics — a 20% reduction in projected licence cost.

Rise & GROW with SAP

Security configuration for Private and Public Cloud editions across On-Premise-to-Cloud conversions, Imagine through Hypercare.

04EXPERIENCE

Consultant — SAP Security & GRC (Security Engineer II)

2023 — PRESENT
Deloitte USI · Bengaluru, India

Role design & access

  • Designed 500+ PFCG roles across FI/CO, MM, SD and PM for 3+ full-cycle S/4HANA implementations, Greenfield and Brownfield.
  • Resolved 90+ access issues using SU53, STAUTHTRACE, STUSERTRACE, SUIM and SU56.
  • Aligned security with RTR, PTP, OTC, MDM, QTA, ITD and Treasury workstream owners across every build.

Fiori & cloud identity

  • Maintained the Fiori authorization model for 150+ apps — catalogs, groups/Spaces/Pages and launchpad visibility.
  • Secured 10+ BTP subaccounts with role collections and SAML 2.0 / OAuth 2.0 SSO.
  • Cut Fiori incident resolution time by ~40% through systematic trace debugging.

Governance & compliance

  • Implemented SAP GRC ARA — 100+ SoD conflicts remediated at a 99% compliance rate.
  • Zero findings ever escalated to a Big 4 auditor.

Licensing & delivery

  • Governed FUE compliance for Rise/GROW with SAP — 20% projected licence cost reduction.
  • Delivered Rise (Private Cloud) security for 2+ clients and supported GROW (Public Cloud) engagements for select activities.
  • Published 2 technical articles on Fiori security and Rise/FUE licensing; 700+ hours to firm initiatives.
05CREDENTIALS

Certified. Recognized.

  • SAP Certified Application Associate — SAP Access Control 12.0 SAP
  • Professional Cloud Security Engineer GOOGLE CLOUD
  • Associate Cloud Engineer GOOGLE CLOUD
  • Azure Fundamentals (AZ-900) MICROSOFT
2023

Client Excellence Award — Deloitte USI

2024

Client Excellence Award — Deloitte USI

2025

Client Excellence Award — Deloitte USI

Industry Proficiency Badge — Consumer Sector

06BEYOND SAP

Travel, Photography, Marketing and Event Management — some interesting expertise apart from SAP Security.

Know something more about my other skillset and expertise