Lead SAP Security Architect – S/4HANA & Cloud

INSPIRE | EXHILARATE | DELIGHT

For over seven decades, Chalhoub Group has been a partner and creator of luxury experiences in the Middle East. In its pursuit to excel as a hybrid luxury retailer, the Group has curated a portfolio of over 10 owned brands and strengthened its distribution and marketing expertise for over 400 international names across luxury fashion, beauty, jewellery, watches, eyewear, and art de vivre categories.

Every step at Chalhoub Group is taken to build a future where luxury dreams become reality — bridging cultures and crafting memorable experiences for our consumers. Be it by constantly reinventing itself, committing to innovation, or embracing new technologies, the Group is shaping the future of luxury retail. It delivers seamless omnichannel experiences across more than 950 stores, online platforms, and mobile apps. Driving this innovation journey is The Greenhouse — the Group’s innovation hub, incubator, and accelerator for startups and emerging businesses, regionally and globally.

Chalhoub Group fosters a people‑at‑heart culture rooted in diversity, equity, and inclusion, and a workplace catalysed by forward thinking and future‑proofing. Today, it brings together over 16,000 talented professionals across eight countries in the Middle East, with a presence in LATAM. Their collective efforts have earned the Group the Great Place to Work® certification in several markets.

Sustainability is at the core of the Group’s strategy, guided by a clear commitment to people, partners, and the planet. Chalhoub Group is proud to be a member of the United Nations Global Compact, a signatory of the Women’s Empowerment Principles, and to have pledged to reach Net Zero by 2040.

The Lead SAP Security Architect for the SAP ERP Transformation Program is responsible for embedding security‑by‑design across the SAP S/4HANA and related ERP systems. The role ensures that all ERP security architecture, controls, and processes align with Group Information Security principles, policies, and standards, and are fully integrated into Group Security Operations capabilities for ongoing monitoring, incident management, and risk mitigation. This individual will collaborate closely with program leadership, business stakeholders, technical delivery teams, and third‑party vendors, acting as the primary security authority within the Transform Program and ensuring that ERP security architecture supports Chalhoub Group’s broader security and risk objectives.

• Develop, implement, and maintain ERP‑specific security architecture, standards, and guidelines aligned with Group Information Security policies and frameworks.
• Establish security architecture blueprints for SAP applications and cloud services, ensuring secure connectivity, encryption, and network design across S/4HANA, BTP, Integration Suite, and Azure environments.
• Define and oversee the secure configuration and hardening of all SAP platforms — including S/4HANA, Fiori, CAR, EWM, Ariba, IAG, Solution Manager, BTP, and Integration Suite — ensuring encryption, authentication, connectivity, and monitoring controls meet Group and cloud security standards.
• Conduct and document Security Impact Assessments, Threat Modeling, and Risk Assessments across SAP S/4HANA, SAP SuccessFactors, SAP Ariba, and all related ERP modules.
• Define and oversee security controls across the SAP landscape: application security, database security, network security, IAM, and secure configurations.
• Ensure all ERP security design and implementation are integrated with Group Security Operations, enabling continuous monitoring, threat detection, incident response, and log management.
• Oversee SAP logging, monitoring, and SIEM integration, ensuring appropriate event visibility, incident response readiness, and alignment with SOC operations.
• Embed secure development and change practices into programme delivery—covering custom developments, transports, and vulnerability management.
• Evaluate and advise on third‑party add‑ons and integrations for the SAP ecosystem, ensuring alignment with Group Information Security requirements and standards.
• Act as the programme’s security authority, partnering with the IAM team, Infrastructure, Basis, Application, and Cloud Security teams to deliver a secure solution and influence decisions in technical governance forums.
• Partner with Program Management, ERP Architects, and business leads to translate regulatory and compliance requirements (e.g., SOX, GDPR) into ERP security controls.
• Collaborate with the IAM team to align role design and Segregation of Duties policy with platform capabilities; ensure solution and integration designs enable IAM controls without owning IAM delivery.
• Operate the SAP Security Notes cadence and platform hardening baselines (OS/DB/SAP), track remediation SLAs, and report posture to the Technical Board.
• Collaborate with internal and external auditors, supporting security audits, assessments, and compliance activities within the ERP environment.
• Act as a conduit between the ERP SAP Transformation Program, the Group Information Security team, and broader governance forums to ensure alignment and transparency.
• Support the development and delivery of security awareness and secure usage training initiatives for ERP program stakeholders

• 10+ years of Information Security experience, including at least 5 years leading security architecture or design within large‑scale enterprise or ERP transformation programmes Deep expertise across the SAP security landscape, including application, platform, and integration layers:
  • SAP S/4HANA Security
    • SAP Fiori Security
    • SAP Identity Access Governance
    • SAP Business Technology Platform (BTP) and connected cloud applications (SuccessFactors, Ariba, SAC, CAR, EWM)
    • SAP Identity and Access Management Proven experience applying security‑by‑design methodologies in complex ERP transformation programs. Strong understanding of regulatory and compliance frameworks (ISO 27001, GDPR, SOX) and their application to ERP security.
• Familiarity with cloud security architectures for SAP deployments (AWS, Azure, GCP). Working knowledge of RBAC, SAML, OAuth 2.0, and SAP SSO integrations sufficient to partner with IAM specialists.
• Experience with SAP monitoring, logging, and security event management tools and integration with SIEM/SOC platforms.
• Ability to work independently in a fast‑paced transformation environment with a strong sense of accountability to Group security outcomes.
• Professional certifications:
  • CISSP (Certified Information Systems Security Professional)
  • CISA or CISM (Information Systems Audit/Manager)
  • TOGAF (Architecture Framework Certification)
  • SABSA (Security Architecture Certification)
  • SAP Certified Technology Associate – System Security Architect

With us, you will turn your aspirations into reality. We will help shape your journey through enriching experiences, learning and development opportunities and exposure to different assignments within your role or through internal mobility. Our Group offers diverse career paths for those who are extraordinary, every day.

We recognise the value that you bring, and we strive to provide a competitive benefits package which includes health care, child education contribution, remote and flexible working policies as well as exclusive employee discounts.

It Takes Diversity Of Thought, Culture, Background, Differing Abilities and Perspectives to truly Inspire, Exhilarate and Delight our customers. At Chalhoub Group, we are committed to inclusion and diversity.

We welcome all applicants to apply and be part of our exciting future. We ensure equal opportunity for all our applicants without regard to gender, age, race, religion, national origin or disability status.