Hello Sean

ServiceNow provides the Remote Instance Spoke, that already contains different actions you can perform on other instances, but you need to have Integration Hub Subscription.
Have a look at the Record Management spoke action here.
This could allow you to add or remove users to the sys_user_grmember table.

To allow you to select which instance where this user is added or removed you need some kind of input 
One solution you could have is creating a catalog item, where you have 3 variables.  1) Which action you want to perform (Add / Remove), 2) Which user you want to select, 3) Which instance you want to handle. 
You then would pass this to a flow, and within the flow you would perform the required logic using the spoke above, generating and closing catalog tasks automatically. This way you could also track each performed step and having a kind of audit for each request.

If you don't have Integration Hub, I would still use the same logic, but within your flow, you would have to build your own actions based on out of the box REST Apis like 
Table API 
Import Set API

There are other points that you need to think about, for example:
The user has the same unique identifier on all instances ?
Do you have the required access to delete user memberships ?
Do you need to go through an import set instead of directly to a table?
Who can actually request this execution?
How can you track who requested it for audit purposes?

If you want this to run fully automated when a user is added or removed in your instance, you just have to manage the trigger for your flow, and add which instance you want it to use on the input of the flow.

Hope this overview helps. 

Cheers
Diogo